{"meta": {"generated_at": "2026-04-14T21:06:47.065734+00:00", "generator": "ARGUN CTI v2.0", "website": "https://cti.argunsec.com", "total_cves": 2002}, "cves": [{"cve_id": "CVE-2020-9715", "description": "Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution .", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-416", "CWE-416"], "affected_products": [{"vendor": "adobe", "product": "acrobat_dc", "cpe": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*"}, {"vendor": "adobe", "product": "acrobat_dc", "cpe": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*"}, {"vendor": "adobe", "product": "acrobat_dc", "cpe": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*"}, {"vendor": "adobe", "product": "acrobat_dc", "cpe": "cpe:2.3:a:adobe:acrobat_dc:20.001.30002:*:*:*:classic:*:*:*"}, {"vendor": "adobe", "product": "acrobat_reader_dc", "cpe": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*"}, {"vendor": "adobe", "product": "acrobat_reader_dc", "cpe": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*"}, {"vendor": "adobe", "product": "acrobat_reader_dc", "cpe": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*"}, {"vendor": "adobe", "product": "acrobat_reader_dc", "cpe": "cpe:2.3:a:adobe:acrobat_reader_dc:20.001.30002:*:*:*:classic:*:*:*"}], "references": [{"url": "https://blog.exodusintel.com/2021/04/20/analysis-of-a-use-after-free-vulnerability-in-adobe-acrobat-reader-dc/", "source": "psirt@adobe.com", "tags": ["Exploit", "Patch", "Third Party Advisory"]}, {"url": "https://helpx.adobe.com/security/products/acrobat/apsb20-48.html", "source": "psirt@adobe.com", "tags": ["Vendor Advisory"]}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-991/", "source": "psirt@adobe.com", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://blog.exodusintel.com/2021/04/20/analysis-of-a-use-after-free-vulnerability-in-adobe-acrobat-reader-dc/", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Third Party Advisory"]}, {"url": "https://helpx.adobe.com/security/products/acrobat/apsb20-48.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"]}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-991/", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-9715", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["US Government Resource"]}], "published": "2020-08-19T14:15:13.407", "last_modified": "2026-04-14T14:45:00.160", "days_since_publish": 999, "source": "nvd", "in_kev": true, "kev_data": {"vendor": "Adobe", "product": "Acrobat", "vulnerability_name": "Adobe Acrobat Use-After-Free Vulnerability", "date_added": "2026-04-13", "due_date": "2026-04-27", "ransomware_use": "Unknown", "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable."}, "epss_score": 0.77661, "epss_percentile": 0.98992, "social_posts": 0, "social_repos": 0, "has_poc": true, "poc_urls": [{"url": "https://github.com/lsw29475/CVE-2020-9715", "name": "lsw29475/CVE-2020-9715", "stars": 5, "description": null}, {"url": "https://github.com/wonjunchun/CVE-2020-9715", "name": "wonjunchun/CVE-2020-9715", "stars": 0, "description": "Adobe Acrobat Reader UAF vulnerability Exploit code"}], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 56, "ats_level": "MEDIUM", "ats_breakdown": {"severity": 23.4, "exploit_probability": 19.4, "weaponization": 13, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-54236", "description": "Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.", "cvss_score": 9.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "cvss_severity": "CRITICAL", "cwes": ["CWE-20"], "affected_products": [{"vendor": "adobe", "product": "commerce", "cpe": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce", "cpe": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce", "cpe": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce", "cpe": "cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce", "cpe": "cpe:2.3:a:adobe:commerce:2.4.4:p12:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce", "cpe": "cpe:2.3:a:adobe:commerce:2.4.4:p13:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce", "cpe": "cpe:2.3:a:adobe:commerce:2.4.4:p14:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce", "cpe": "cpe:2.3:a:adobe:commerce:2.4.4:p15:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce", "cpe": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce", "cpe": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce", "cpe": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce", "cpe": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce", "cpe": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce", "cpe": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce", "cpe": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce", "cpe": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce", "cpe": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce", "cpe": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce", "cpe": "cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce", "cpe": "cpe:2.3:a:adobe:commerce:2.4.5:p11:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce", "cpe": "cpe:2.3:a:adobe:commerce:2.4.5:p12:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce", "cpe": "cpe:2.3:a:adobe:commerce:2.4.5:p13:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce", "cpe": "cpe:2.3:a:adobe:commerce:2.4.5:p14:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce", "cpe": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce", "cpe": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce", "cpe": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce", "cpe": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce", "cpe": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce", "cpe": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce", "cpe": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce", "cpe": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce", "cpe": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce", "cpe": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce", "cpe": "cpe:2.3:a:adobe:commerce:2.4.6:p10:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce", "cpe": "cpe:2.3:a:adobe:commerce:2.4.6:p11:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce", "cpe": "cpe:2.3:a:adobe:commerce:2.4.6:p12:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce", "cpe": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce", "cpe": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce", "cpe": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce", "cpe": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce", "cpe": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce", "cpe": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce", "cpe": "cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce", "cpe": "cpe:2.3:a:adobe:commerce:2.4.6:p9:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce", "cpe": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce", "cpe": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce", "cpe": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce", "cpe": "cpe:2.3:a:adobe:commerce:2.4.7:beta3:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce", "cpe": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce", "cpe": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce", "cpe": "cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce", "cpe": "cpe:2.3:a:adobe:commerce:2.4.7:p4:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce", "cpe": "cpe:2.3:a:adobe:commerce:2.4.7:p5:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce", "cpe": "cpe:2.3:a:adobe:commerce:2.4.7:p6:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce", "cpe": "cpe:2.3:a:adobe:commerce:2.4.7:p7:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce", "cpe": "cpe:2.3:a:adobe:commerce:2.4.8:-:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce", "cpe": "cpe:2.3:a:adobe:commerce:2.4.8:beta1:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce", "cpe": "cpe:2.3:a:adobe:commerce:2.4.8:beta2:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce", "cpe": "cpe:2.3:a:adobe:commerce:2.4.8:p1:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce", "cpe": "cpe:2.3:a:adobe:commerce:2.4.8:p2:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce", "cpe": "cpe:2.3:a:adobe:commerce:2.4.9:alpha1:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce", "cpe": "cpe:2.3:a:adobe:commerce:2.4.9:alpha2:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce_b2b", "cpe": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce_b2b", "cpe": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p1:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce_b2b", "cpe": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce_b2b", "cpe": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce_b2b", "cpe": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p12:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce_b2b", "cpe": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p13:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce_b2b", "cpe": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p14:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce_b2b", "cpe": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p15:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce_b2b", "cpe": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p2:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce_b2b", "cpe": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p3:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce_b2b", "cpe": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p4:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce_b2b", "cpe": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p5:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce_b2b", "cpe": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p6:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce_b2b", "cpe": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p7:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce_b2b", "cpe": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p8:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce_b2b", "cpe": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p9:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce_b2b", "cpe": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce_b2b", "cpe": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p1:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce_b2b", "cpe": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce_b2b", "cpe": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p11:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce_b2b", "cpe": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p12:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce_b2b", "cpe": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p13:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce_b2b", "cpe": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p14:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce_b2b", "cpe": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p2:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce_b2b", "cpe": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p3:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce_b2b", "cpe": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p4:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce_b2b", "cpe": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p5:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce_b2b", "cpe": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p6:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce_b2b", "cpe": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p7:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce_b2b", "cpe": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p8:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce_b2b", "cpe": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce_b2b", "cpe": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce_b2b", "cpe": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce_b2b", "cpe": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce_b2b", "cpe": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce_b2b", "cpe": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p4:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce_b2b", "cpe": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p5:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce_b2b", "cpe": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p6:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce_b2b", "cpe": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p7:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce_b2b", "cpe": "cpe:2.3:a:adobe:commerce_b2b:1.5.2:-:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce_b2b", "cpe": "cpe:2.3:a:adobe:commerce_b2b:1.5.2:p1:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce_b2b", "cpe": "cpe:2.3:a:adobe:commerce_b2b:1.5.2:p2:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce_b2b", "cpe": "cpe:2.3:a:adobe:commerce_b2b:1.5.3:alpha1:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "commerce_b2b", "cpe": "cpe:2.3:a:adobe:commerce_b2b:1.5.3:alpha2:*:*:*:*:*:*"}, {"vendor": "adobe", "product": "magento", "cpe": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*"}, {"vendor": "adobe", "product": "magento", "cpe": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*"}, {"vendor": "adobe", "product": "magento", "cpe": "cpe:2.3:a:adobe:magento:2.4.5:p10:*:*:open_source:*:*:*"}, {"vendor": "adobe", "product": "magento", "cpe": "cpe:2.3:a:adobe:magento:2.4.5:p11:*:*:open_source:*:*:*"}, {"vendor": "adobe", "product": "magento", "cpe": "cpe:2.3:a:adobe:magento:2.4.5:p12:*:*:open_source:*:*:*"}, {"vendor": "adobe", "product": "magento", "cpe": "cpe:2.3:a:adobe:magento:2.4.5:p13:*:*:open_source:*:*:*"}, {"vendor": "adobe", "product": "magento", "cpe": "cpe:2.3:a:adobe:magento:2.4.5:p14:*:*:open_source:*:*:*"}, {"vendor": "adobe", "product": "magento", "cpe": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*"}, {"vendor": "adobe", "product": "magento", "cpe": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*"}, {"vendor": "adobe", "product": "magento", "cpe": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*"}, {"vendor": "adobe", "product": "magento", "cpe": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*"}, {"vendor": "adobe", "product": "magento", "cpe": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*"}, {"vendor": "adobe", "product": "magento", "cpe": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*"}, {"vendor": "adobe", "product": "magento", "cpe": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*"}, {"vendor": "adobe", "product": "magento", "cpe": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*"}, {"vendor": "adobe", "product": "magento", "cpe": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*"}, {"vendor": "adobe", "product": "magento", "cpe": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*"}, {"vendor": "adobe", "product": "magento", "cpe": "cpe:2.3:a:adobe:magento:2.4.6:p10:*:*:open_source:*:*:*"}, {"vendor": "adobe", "product": "magento", "cpe": "cpe:2.3:a:adobe:magento:2.4.6:p11:*:*:open_source:*:*:*"}, {"vendor": "adobe", "product": "magento", "cpe": "cpe:2.3:a:adobe:magento:2.4.6:p12:*:*:open_source:*:*:*"}, {"vendor": "adobe", "product": "magento", "cpe": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*"}, {"vendor": "adobe", "product": "magento", "cpe": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*"}, {"vendor": "adobe", "product": "magento", "cpe": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*"}, {"vendor": "adobe", "product": "magento", "cpe": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*"}, {"vendor": "adobe", "product": "magento", "cpe": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*"}, {"vendor": "adobe", "product": "magento", "cpe": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*"}, {"vendor": "adobe", "product": "magento", "cpe": "cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*"}, {"vendor": "adobe", "product": "magento", "cpe": "cpe:2.3:a:adobe:magento:2.4.6:p9:*:*:open_source:*:*:*"}, {"vendor": "adobe", "product": "magento", "cpe": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*"}, {"vendor": "adobe", "product": "magento", "cpe": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*"}, {"vendor": "adobe", "product": "magento", "cpe": "cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*"}, {"vendor": "adobe", "product": "magento", "cpe": "cpe:2.3:a:adobe:magento:2.4.7:beta3:*:*:open_source:*:*:*"}, {"vendor": "adobe", "product": "magento", "cpe": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*"}, {"vendor": "adobe", "product": "magento", "cpe": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*"}, {"vendor": "adobe", "product": "magento", "cpe": "cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*"}, {"vendor": "adobe", "product": "magento", "cpe": "cpe:2.3:a:adobe:magento:2.4.7:p4:*:*:open_source:*:*:*"}, {"vendor": "adobe", "product": "magento", "cpe": "cpe:2.3:a:adobe:magento:2.4.7:p5:*:*:open_source:*:*:*"}, {"vendor": "adobe", "product": "magento", "cpe": "cpe:2.3:a:adobe:magento:2.4.7:p6:*:*:open_source:*:*:*"}, {"vendor": "adobe", "product": "magento", "cpe": "cpe:2.3:a:adobe:magento:2.4.7:p7:*:*:open_source:*:*:*"}, {"vendor": "adobe", "product": "magento", "cpe": "cpe:2.3:a:adobe:magento:2.4.8:-:*:*:open_source:*:*:*"}, {"vendor": "adobe", "product": "magento", "cpe": "cpe:2.3:a:adobe:magento:2.4.8:beta1:*:*:open_source:*:*:*"}, {"vendor": "adobe", "product": "magento", "cpe": "cpe:2.3:a:adobe:magento:2.4.8:beta2:*:*:open_source:*:*:*"}, {"vendor": "adobe", "product": "magento", "cpe": "cpe:2.3:a:adobe:magento:2.4.8:p1:*:*:open_source:*:*:*"}, {"vendor": "adobe", "product": "magento", "cpe": "cpe:2.3:a:adobe:magento:2.4.8:p2:*:*:open_source:*:*:*"}, {"vendor": "adobe", "product": "magento", "cpe": "cpe:2.3:a:adobe:magento:2.4.9:alpha1:*:*:open_source:*:*:*"}, {"vendor": "adobe", "product": "magento", "cpe": "cpe:2.3:a:adobe:magento:2.4.9:alpha2:*:*:open_source:*:*:*"}], "references": [{"url": "https://helpx.adobe.com/security/products/magento/apsb25-88.html", "source": "psirt@adobe.com", "tags": ["Vendor Advisory"]}, {"url": "https://experienceleague.adobe.com/en/docs/experience-cloud-kcs/kbarticles/ka-27397", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Vendor Advisory"]}, {"url": "https://nullsecurityx.codes/cve-2025-54236-sessionreaper-unauthenticated-rce-in-magento", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Broken Link", "Exploit", "Third Party Advisory"]}, {"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-54236", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["US Government Resource"]}], "published": "2025-09-09T14:15:46.563", "last_modified": "2026-04-14T19:00:07.940", "days_since_publish": 999, "source": "nvd", "in_kev": true, "kev_data": {"vendor": "Adobe", "product": "Commerce and Magento", "vulnerability_name": "Adobe Commerce and Magento Improper Input Validation Vulnerability", "date_added": "2025-10-24", "due_date": "2025-11-14", "ransomware_use": "Unknown", "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable."}, "epss_score": 0.70101, "epss_percentile": 0.98675, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 53, "ats_level": "MEDIUM", "ats_breakdown": {"severity": 27.3, "exploit_probability": 17.5, "weaponization": 8, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2009-0238", "description": "Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac allow remote attackers to execute arbitrary code via a crafted Excel document that triggers an access attempt on an invalid object, as exploited in the wild in February 2009 by Trojan.Mdropper.AC.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-94", "CWE-94"], "affected_products": [{"vendor": "microsoft", "product": "excel", "cpe": "cpe:2.3:a:microsoft:excel:2004:*:mac:*:*:*:*:*"}, {"vendor": "microsoft", "product": "excel_viewer", "cpe": "cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*"}, {"vendor": "microsoft", "product": "office", "cpe": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*"}, {"vendor": "microsoft", "product": "office_compatibility_pack", "cpe": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp1:*:*:*:*:*:*"}, {"vendor": "microsoft", "product": "office_excel", "cpe": "cpe:2.3:a:microsoft:office_excel:2000:sp3:*:*:*:*:*:*"}, {"vendor": "microsoft", "product": "office_excel", "cpe": "cpe:2.3:a:microsoft:office_excel:2002:sp3:*:*:*:*:*:*"}, {"vendor": "microsoft", "product": "office_excel", "cpe": "cpe:2.3:a:microsoft:office_excel:2003:sp3:*:*:*:*:*:*"}, {"vendor": "microsoft", "product": "office_excel", "cpe": "cpe:2.3:a:microsoft:office_excel:2007:sp1:*:*:*:*:*:*"}, {"vendor": "microsoft", "product": "office_excel_viewer", "cpe": "cpe:2.3:a:microsoft:office_excel_viewer:*:*:*:*:*:*:*:*"}, {"vendor": "microsoft", "product": "office_excel_viewer", "cpe": "cpe:2.3:a:microsoft:office_excel_viewer:2003:gold:*:*:*:*:*:*"}, {"vendor": "microsoft", "product": "office_excel_viewer", "cpe": "cpe:2.3:a:microsoft:office_excel_viewer:2003:sp3:*:*:*:*:*:*"}], "references": [{"url": "http://blogs.zdnet.com/security/?p=2658", "source": "secure@microsoft.com", "tags": []}, {"url": "http://isc.sans.org/diary.html?storyid=5923", "source": "secure@microsoft.com", "tags": []}, {"url": "http://securitytracker.com/id?1021744", "source": "secure@microsoft.com", "tags": []}, {"url": "http://www.microsoft.com/technet/security/advisory/968272.mspx", "source": "secure@microsoft.com", "tags": ["Vendor Advisory"]}, {"url": "http://www.securityfocus.com/bid/33870", "source": "secure@microsoft.com", "tags": []}, {"url": "http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-022310-4202-99", "source": "secure@microsoft.com", "tags": []}, {"url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html", "source": "secure@microsoft.com", "tags": ["US Government Resource"]}, {"url": "http://www.vupen.com/english/advisories/2009/1023", "source": "secure@microsoft.com", "tags": []}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009", "source": "secure@microsoft.com", "tags": []}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48875", "source": "secure@microsoft.com", "tags": []}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5968", "source": "secure@microsoft.com", "tags": []}, {"url": "http://blogs.zdnet.com/security/?p=2658", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "http://isc.sans.org/diary.html?storyid=5923", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "http://securitytracker.com/id?1021744", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "http://www.microsoft.com/technet/security/advisory/968272.mspx", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"]}, {"url": "http://www.securityfocus.com/bid/33870", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-022310-4202-99", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"]}, {"url": "http://www.vupen.com/english/advisories/2009/1023", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48875", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5968", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-0238", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": []}], "published": "2009-02-25T16:30:00.343", "last_modified": "2026-04-14T18:16:39.080", "days_since_publish": 999, "source": "nvd", "in_kev": true, "kev_data": {"vendor": "Microsoft", "product": "Office", "vulnerability_name": "Microsoft Office Remote Code Execution", "date_added": "2026-04-14", "due_date": "2026-04-28", "ransomware_use": "Unknown", "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable."}, "epss_score": 0.57177, "epss_percentile": 0.98148, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 49, "ats_level": "MEDIUM", "ats_breakdown": {"severity": 26.4, "exploit_probability": 14.3, "weaponization": 8, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2023-21529", "description": "Microsoft Exchange Server Remote Code Execution Vulnerability", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-502"], "affected_products": [{"vendor": "microsoft", "product": "exchange_server", "cpe": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*"}, {"vendor": "microsoft", "product": "exchange_server", "cpe": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_23:*:*:*:*:*:*"}, {"vendor": "microsoft", "product": "exchange_server", "cpe": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11:*:*:*:*:*:*"}, {"vendor": "microsoft", "product": "exchange_server", "cpe": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_12:*:*:*:*:*:*"}], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21529", "source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"]}, {"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21529", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"]}, {"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-21529", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["US Government Resource"]}, {"url": "https://www.microsoft.com/en-us/security/blog/2026/04/06/storm-1175-focuses-gaze-on-vulnerable-web-facing-assets-in-high-tempo-medusa-ransomware-operations/", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Technical Description"]}], "published": "2023-02-14T20:15:11.743", "last_modified": "2026-04-14T14:44:35.520", "days_since_publish": 999, "source": "nvd", "in_kev": true, "kev_data": {"vendor": "Microsoft", "product": "Exchange Server", "vulnerability_name": "Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability", "date_added": "2026-04-13", "due_date": "2026-04-27", "ransomware_use": "Unknown", "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable."}, "epss_score": 0.58919, "epss_percentile": 0.98224, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 49, "ats_level": "MEDIUM", "ats_breakdown": {"severity": 26.4, "exploit_probability": 14.7, "weaponization": 8, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2022-3602", "description": "A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to upgrade to a new version as soon as possible. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-787", "CWE-787"], "affected_products": [{"vendor": "openssl", "product": "openssl", "cpe": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*"}, {"vendor": "fedoraproject", "product": "fedora", "cpe": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*"}, {"vendor": "fedoraproject", "product": "fedora", "cpe": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*"}, {"vendor": "netapp", "product": "clustered_data_ontap", "cpe": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*"}, {"vendor": "fedoraproject", "product": "fedora", "cpe": "cpe:2.3:o:fedoraproject:fedora:26:*:*:*:*:*:*:*"}, {"vendor": "fedoraproject", "product": "fedora", "cpe": "cpe:2.3:o:fedoraproject:fedora:27:*:*:*:*:*:*:*"}, {"vendor": "nodejs", "product": "node.js", "cpe": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*"}, {"vendor": "nodejs", "product": "node.js", "cpe": "cpe:2.3:a:nodejs:node.js:18.12.0:*:*:*:lts:*:*:*"}, {"vendor": "nodejs", "product": "node.js", "cpe": "cpe:2.3:a:nodejs:node.js:19.0.0:*:*:*:-:*:*:*"}], "references": [{"url": "http://packetstormsecurity.com/files/169687/OpenSSL-Security-Advisory-20221101.html", "source": "openssl-security@openssl.org", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/11/01/15", "source": "openssl-security@openssl.org", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/11/01/16", "source": "openssl-security@openssl.org", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/11/01/17", "source": "openssl-security@openssl.org", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/11/01/18", "source": "openssl-security@openssl.org", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/11/01/19", "source": "openssl-security@openssl.org", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/11/01/20", "source": "openssl-security@openssl.org", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/11/01/21", "source": "openssl-security@openssl.org", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/11/01/24", "source": "openssl-security@openssl.org", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/11/02/1", "source": "openssl-security@openssl.org", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/11/02/10", "source": "openssl-security@openssl.org", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/11/02/11", "source": "openssl-security@openssl.org", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/11/02/12", "source": "openssl-security@openssl.org", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/11/02/13", "source": "openssl-security@openssl.org", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/11/02/14", "source": "openssl-security@openssl.org", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/11/02/15", "source": "openssl-security@openssl.org", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/11/02/2", "source": "openssl-security@openssl.org", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/11/02/3", "source": "openssl-security@openssl.org", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/11/02/5", "source": "openssl-security@openssl.org", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/11/02/6", "source": "openssl-security@openssl.org", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/11/02/7", "source": "openssl-security@openssl.org", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/11/02/9", "source": "openssl-security@openssl.org", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/11/03/1", "source": "openssl-security@openssl.org", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/11/03/10", "source": "openssl-security@openssl.org", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/11/03/11", "source": "openssl-security@openssl.org", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/11/03/2", "source": "openssl-security@openssl.org", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/11/03/3", "source": "openssl-security@openssl.org", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/11/03/5", "source": "openssl-security@openssl.org", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/11/03/6", "source": "openssl-security@openssl.org", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/11/03/7", "source": "openssl-security@openssl.org", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/11/03/9", "source": "openssl-security@openssl.org", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fe3b639dc19b325846f4f6801f2f4604f56e3de3", "source": "openssl-security@openssl.org", "tags": ["Broken Link", "Third Party Advisory"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S/", "source": "openssl-security@openssl.org", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS/", "source": "openssl-security@openssl.org", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0023", "source": "openssl-security@openssl.org", "tags": ["Third Party Advisory"]}, {"url": "https://security.gentoo.org/glsa/202211-01", "source": "openssl-security@openssl.org", "tags": ["Issue Tracking", "Third Party Advisory"]}, {"url": "https://security.netapp.com/advisory/ntap-20221102-0001/", "source": "openssl-security@openssl.org", "tags": ["Third Party Advisory"]}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-W9sdCc2a", "source": "openssl-security@openssl.org", "tags": ["Third Party Advisory"]}, {"url": "https://www.kb.cert.org/vuls/id/794340", "source": "openssl-security@openssl.org", "tags": ["Third Party Advisory", "US Government Resource"]}, {"url": "https://www.openssl.org/news/secadv/20221101.txt", "source": "openssl-security@openssl.org", "tags": ["Vendor Advisory"]}, {"url": "http://packetstormsecurity.com/files/169687/OpenSSL-Security-Advisory-20221101.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/11/01/15", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/11/01/16", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/11/01/17", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/11/01/18", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/11/01/19", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/11/01/20", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/11/01/21", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/11/01/24", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/11/02/1", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/11/02/10", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/11/02/11", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/11/02/12", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/11/02/13", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/11/02/14", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/11/02/15", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/11/02/2", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/11/02/3", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/11/02/5", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/11/02/6", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/11/02/7", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/11/02/9", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/11/03/1", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/11/03/10", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/11/03/11", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/11/03/2", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/11/03/3", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/11/03/5", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/11/03/6", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/11/03/7", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/11/03/9", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fe3b639dc19b325846f4f6801f2f4604f56e3de3", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S/", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS/", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0023", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://security.gentoo.org/glsa/202211-01", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"]}, {"url": "https://security.netapp.com/advisory/ntap-20221102-0001/", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-W9sdCc2a", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00789.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://www.kb.cert.org/vuls/id/794340", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"]}, {"url": "https://www.openssl.org/news/secadv/20221101.txt", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"]}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-408105.html", "source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e", "tags": []}], "published": "2022-11-01T18:15:10.983", "last_modified": "2026-04-14T10:16:25.487", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.83219, "epss_percentile": 0.99267, "social_posts": 0, "social_repos": 0, "has_poc": true, "poc_urls": [{"url": "https://github.com/NCSC-NL/OpenSSL-2022", "name": "NCSC-NL/OpenSSL-2022", "stars": 527, "description": "Operational information regarding CVE-2022-3602 and CVE-2022-3786, two vulnerabilities in OpenSSL 3"}, {"url": "https://github.com/colmmacc/CVE-2022-3602", "name": "colmmacc/CVE-2022-3602", "stars": 170, "description": null}, {"url": "https://github.com/rbowes-r7/cve-2022-3602-and-cve-2022-3786-openssl-poc", "name": "rbowes-r7/cve-2022-3602-and-cve-2022-3786-openssl-poc", "stars": 17, "description": null}, {"url": "https://github.com/eatscrayon/CVE-2022-3602-poc", "name": "eatscrayon/CVE-2022-3602-poc", "stars": 12, "description": null}], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 48, "ats_level": "MEDIUM", "ats_breakdown": {"severity": 22.5, "exploit_probability": 20.8, "weaponization": 5, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-21643", "description": "An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-89"], "affected_products": [{"vendor": "fortinet", "product": "forticlientems", "cpe": "cpe:2.3:a:fortinet:forticlientems:7.4.4:*:*:*:*:*:*:*"}], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-1142", "source": "psirt@fortinet.com", "tags": ["Vendor Advisory"]}, {"url": "https://github.com/0xBlackash/CVE-2026-21643/blob/main/cve-2026-21643.py", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit"]}, {"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21643", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["US Government Resource"]}], "published": "2026-02-06T09:15:49.330", "last_modified": "2026-04-14T14:21:18.670", "days_since_publish": 999, "source": "nvd", "in_kev": true, "kev_data": {"vendor": "Fortinet", "product": "FortiClient EMS", "vulnerability_name": "Fortinet SQL Injection Vulnerability", "date_added": "2026-04-13", "due_date": "2026-04-16", "ransomware_use": "Unknown", "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable."}, "epss_score": 0.38246, "epss_percentile": 0.97229, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 47, "ats_level": "MEDIUM", "ats_breakdown": {"severity": 29.4, "exploit_probability": 9.6, "weaponization": 8, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2023-36424", "description": "Windows Common Log File System Driver Elevation of Privilege Vulnerability", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-125"], "affected_products": [{"vendor": "microsoft", "product": "windows_10_1507", "cpe": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*"}, {"vendor": "microsoft", "product": "windows_10_1507", "cpe": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*"}, {"vendor": "microsoft", "product": "windows_10_1607", "cpe": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*"}, {"vendor": "microsoft", "product": "windows_10_1607", "cpe": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*"}, {"vendor": "microsoft", "product": "windows_10_1809", "cpe": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*"}, {"vendor": "microsoft", "product": "windows_10_1809", "cpe": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*"}, {"vendor": "microsoft", "product": "windows_10_1809", "cpe": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*"}, {"vendor": "microsoft", "product": "windows_10_21h2", "cpe": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*"}, {"vendor": "microsoft", "product": "windows_10_22h2", "cpe": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*"}, {"vendor": "microsoft", "product": "windows_11_21h2", "cpe": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*"}, {"vendor": "microsoft", "product": "windows_11_22h2", "cpe": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*"}, {"vendor": "microsoft", "product": "windows_11_23h2", "cpe": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*"}, {"vendor": "microsoft", "product": "windows_server_2008", "cpe": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*"}, {"vendor": "microsoft", "product": "windows_server_2008", "cpe": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*"}, {"vendor": "microsoft", "product": "windows_server_2008", "cpe": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*"}, {"vendor": "microsoft", "product": "windows_server_2012", "cpe": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*"}, {"vendor": "microsoft", "product": "windows_server_2012", "cpe": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"}, {"vendor": "microsoft", "product": "windows_server_2016", "cpe": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*"}, {"vendor": "microsoft", "product": "windows_server_2019", "cpe": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*"}, {"vendor": "microsoft", "product": "windows_server_2022", "cpe": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*"}, {"vendor": "microsoft", "product": "windows_server_2022_23h2", "cpe": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36424", "source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"]}, {"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36424", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"]}, {"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-36424", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["US Government Resource"]}], "published": "2023-11-14T18:15:45.990", "last_modified": "2026-04-14T14:44:43.473", "days_since_publish": 999, "source": "nvd", "in_kev": true, "kev_data": {"vendor": "Microsoft", "product": "Windows", "vulnerability_name": "Microsoft Windows Out-of-Bounds Read Vulnerability", "date_added": "2026-04-13", "due_date": "2026-04-27", "ransomware_use": "Unknown", "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable."}, "epss_score": 0.12179, "epss_percentile": 0.93839, "social_posts": 0, "social_repos": 0, "has_poc": true, "poc_urls": [{"url": "https://github.com/zerozenxlabs/CVE-2023-36424", "name": "zerozenxlabs/CVE-2023-36424", "stars": 131, "description": "Windows Kernel Pool (clfs.sys) Corruption Privilege Escalation"}], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 39, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 3.0, "weaponization": 13, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-2857", "description": "Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape. \nThe original vulnerability was being exploited in the wild. \n*This only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability was fixed in Firefox 136.0.4, Firefox ESR 128.8.1, and Firefox ESR 115.21.1.", "cvss_score": 10.0, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-668"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1956398", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://issues.chromium.org/issues/405143032", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.cve.org/CVERecord?id=CVE-2025-2783", "source": "security@mozilla.org", "tags": ["Third Party Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-19/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-03-27T14:15:55.720", "last_modified": "2026-04-13T15:16:56.047", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00123, "epss_percentile": 0.31521, "social_posts": 0, "social_repos": 0, "has_poc": true, "poc_urls": [{"url": "https://github.com/Leviticus-Triage/ChromSploit-Framework", "name": "Leviticus-Triage/ChromSploit-Framework", "stars": 14, "description": "Advanced AI-Powered Exploitation Framework  |  CVE-2025-4664 & CVE-2025-2783 & CVE-2025-2857 & CVE-2025-30397  |  "}], "nuclei_template": null, "mitre_techniques": [], "ats_score": 35, "ats_level": "LOW", "ats_breakdown": {"severity": 30.0, "exploit_probability": 0.0, "weaponization": 5, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-60710", "description": "Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-59"], "affected_products": [{"vendor": "microsoft", "product": "windows_11_24h2", "cpe": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*"}, {"vendor": "microsoft", "product": "windows_11_25h2", "cpe": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:*:*"}, {"vendor": "microsoft", "product": "windows_server_2025", "cpe": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60710", "source": "secure@microsoft.com", "tags": ["Vendor Advisory"]}, {"url": "https://www.vicarius.io/vsociety/posts/cve-2025-60710-detection-script-eop-vulnerability-in-host-process-for-windows-tasks", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://www.vicarius.io/vsociety/posts/cve-2025-60710-mitigation-script-eop-vulnerability-in-host-process-for-windows-tasks", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Third Party Advisory"]}, {"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-60710", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["US Government Resource"]}], "published": "2025-11-11T18:15:39.073", "last_modified": "2026-04-14T14:44:19.867", "days_since_publish": 999, "source": "nvd", "in_kev": true, "kev_data": {"vendor": "Microsoft", "product": "Windows", "vulnerability_name": "Microsoft Windows Link Following Vulnerability", "date_added": "2026-04-13", "due_date": "2026-04-27", "ransomware_use": "Unknown", "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable."}, "epss_score": 0.15507, "epss_percentile": 0.94671, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 35, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 3.9, "weaponization": 8, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34621", "description": "Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "cvss_score": 8.6, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-1321"], "affected_products": [{"vendor": "adobe", "product": "acrobat_dc", "cpe": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*"}, {"vendor": "adobe", "product": "acrobat_reader_dc", "cpe": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*"}, {"vendor": "adobe", "product": "acrobat", "cpe": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*"}, {"vendor": "adobe", "product": "acrobat", "cpe": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*"}], "references": [{"url": "https://helpx.adobe.com/security/products/acrobat/apsb26-43.html", "source": "psirt@adobe.com", "tags": ["Vendor Advisory"]}, {"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-34621", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["US Government Resource"]}], "published": "2026-04-11T07:16:03.633", "last_modified": "2026-04-13T21:23:27.000", "days_since_publish": 999, "source": "nvd", "in_kev": true, "kev_data": {"vendor": "Adobe", "product": "Acrobat and Reader", "vulnerability_name": "Adobe Acrobat and Reader Prototype Pollution Vulnerability", "date_added": "2026-04-13", "due_date": "2026-04-27", "ransomware_use": "Unknown", "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable."}, "epss_score": 0.06081, "epss_percentile": 0.90769, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 35, "ats_level": "LOW", "ats_breakdown": {"severity": 25.8, "exploit_probability": 1.5, "weaponization": 8, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2012-1854", "description": "Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Microsoft Visual Basic for Applications (VBA); and Summit Microsoft Visual Basic for Applications SDK allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka \"Visual Basic for Applications Insecure Library Loading Vulnerability,\" as exploited in the wild in July 2012.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-426"], "affected_products": [{"vendor": "microsoft", "product": "office", "cpe": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*"}, {"vendor": "microsoft", "product": "office", "cpe": "cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*"}, {"vendor": "microsoft", "product": "office", "cpe": "cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*"}, {"vendor": "microsoft", "product": "office", "cpe": "cpe:2.3:a:microsoft:office:2010:*:x86:*:*:*:*:*"}, {"vendor": "microsoft", "product": "office", "cpe": "cpe:2.3:a:microsoft:office:2010:sp1:*:*:*:*:*:*"}, {"vendor": "microsoft", "product": "office", "cpe": "cpe:2.3:a:microsoft:office:2010:sp1:x64:*:*:*:*:*"}, {"vendor": "microsoft", "product": "office", "cpe": "cpe:2.3:a:microsoft:office:2010:sp1:x86:*:*:*:*:*"}, {"vendor": "microsoft", "product": "visual_basic_for_applications", "cpe": "cpe:2.3:a:microsoft:visual_basic_for_applications:*:*:*:*:*:*:*:*"}, {"vendor": "microsoft", "product": "visual_basic_for_applications_sdk", "cpe": "cpe:2.3:a:microsoft:visual_basic_for_applications_sdk:*:*:*:*:*:*:*:*"}], "references": [{"url": "http://www.us-cert.gov/cas/techalerts/TA12-192A.html", "source": "secure@microsoft.com", "tags": ["US Government Resource"]}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-046", "source": "secure@microsoft.com", "tags": []}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14950", "source": "secure@microsoft.com", "tags": []}, {"url": "http://www.us-cert.gov/cas/techalerts/TA12-192A.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"]}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-046", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14950", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://learn.microsoft.com/en-us/security-updates/SecurityBulletins/2012/ms12-046", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": []}, {"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-1854", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": []}], "published": "2012-07-10T21:55:05.587", "last_modified": "2026-04-13T19:00:02.583", "days_since_publish": 999, "source": "nvd", "in_kev": true, "kev_data": {"vendor": "Microsoft", "product": "Visual Basic for Applications (VBA)", "vulnerability_name": "Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability", "date_added": "2026-04-13", "due_date": "2026-04-27", "ransomware_use": "Unknown", "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable."}, "epss_score": 0.1007, "epss_percentile": 0.93089, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 34, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 2.5, "weaponization": 8, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2022-3786", "description": "A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.' character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.\n\n", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-120", "CWE-120"], "affected_products": [{"vendor": "openssl", "product": "openssl", "cpe": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*"}, {"vendor": "fedoraproject", "product": "fedora", "cpe": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*"}, {"vendor": "fedoraproject", "product": "fedora", "cpe": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*"}, {"vendor": "nodejs", "product": "node.js", "cpe": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*"}, {"vendor": "nodejs", "product": "node.js", "cpe": "cpe:2.3:a:nodejs:node.js:18.12.0:*:*:*:lts:*:*:*"}, {"vendor": "nodejs", "product": "node.js", "cpe": "cpe:2.3:a:nodejs:node.js:19.0.0:*:*:*:-:*:*:*"}], "references": [{"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c42165b5706e42f67ef8ef4c351a9a4c5d21639a", "source": "openssl-security@openssl.org", "tags": ["Patch", "Vendor Advisory"]}, {"url": "https://www.openssl.org/news/secadv/20221101.txt", "source": "openssl-security@openssl.org", "tags": ["Vendor Advisory"]}, {"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c42165b5706e42f67ef8ef4c351a9a4c5d21639a", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"]}, {"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00789.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://www.kb.cert.org/vuls/id/794340", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://www.openssl.org/news/secadv/20221101.txt", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"]}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-408105.html", "source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e", "tags": []}], "published": "2022-11-01T18:15:11.047", "last_modified": "2026-04-14T10:16:26.147", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.21428, "epss_percentile": 0.95708, "social_posts": 0, "social_repos": 0, "has_poc": true, "poc_urls": [{"url": "https://github.com/NCSC-NL/OpenSSL-2022", "name": "NCSC-NL/OpenSSL-2022", "stars": 527, "description": "Operational information regarding CVE-2022-3602 and CVE-2022-3786, two vulnerabilities in OpenSSL 3"}, {"url": "https://github.com/rbowes-r7/cve-2022-3602-and-cve-2022-3786-openssl-poc", "name": "rbowes-r7/cve-2022-3602-and-cve-2022-3786-openssl-poc", "stars": 17, "description": null}, {"url": "https://github.com/WhatTheFuzz/openssl-fuzz", "name": "WhatTheFuzz/openssl-fuzz", "stars": 5, "description": "Finding CVE-2022-3786 (openssl) with Mayhem"}, {"url": "https://github.com/cybersecurityworks553/CVE-2022-3602-and-CVE-2022-3786", "name": "cybersecurityworks553/CVE-2022-3602-and-CVE-2022-3786", "stars": 4, "description": null}], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 33, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 5.4, "weaponization": 5, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-0247", "description": "Memory safety bugs present in Firefox 133 and Thunderbird 133. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 134 and Thunderbird 134.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-787"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1835193%2C1910021%2C1919803%2C1931576%2C1931948%2C1932173", "source": "security@mozilla.org", "tags": ["Broken Link", "Issue Tracking"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-01/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-04/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-01-07T16:15:39.357", "last_modified": "2026-04-13T15:16:35.177", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.15058, "epss_percentile": 0.94577, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 33, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 3.8, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-1014", "description": "Certificate length was not properly checked when added to a certificate store. In practice only trusted data was processed. This vulnerability was fixed in Firefox 135, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-295", "CWE-295"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1940804", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-07/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-09/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-10/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-11/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00006.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-02-04T14:15:32.237", "last_modified": "2026-04-13T15:16:50.083", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00212, "epss_percentile": 0.43775, "social_posts": 0, "social_repos": 0, "has_poc": true, "poc_urls": [{"url": "https://github.com/ghostpel-sec/CVE-2025-10147", "name": "ghostpel-sec/CVE-2025-10147", "stars": 0, "description": "Podlove Podcast Publisher <= 4.2.6 - Unauthenticated Arbitrary File Upload"}], "nuclei_template": null, "mitre_techniques": [{"id": "T1557", "name": "Adversary-in-the-Middle", "tactic": "Credential Access"}], "ats_score": 32, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.1, "weaponization": 5, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-6432", "description": "When Multi-Account Containers was enabled, DNS requests could have bypassed a SOCKS proxy when the domain name was invalid or the SOCKS proxy was not responding. This vulnerability was fixed in Firefox 140 and Thunderbird 140.", "cvss_score": 8.6, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-200"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1943804", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-51/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-54/", "source": "security@mozilla.org", "tags": []}], "published": "2025-06-24T13:15:24.220", "last_modified": "2026-04-13T15:17:07.637", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00113, "epss_percentile": 0.29868, "social_posts": 0, "social_repos": 0, "has_poc": true, "poc_urls": [{"url": "https://github.com/mcorybillington/CVE-2025-64328_FreePBX-framework-Command-Injection", "name": "mcorybillington/CVE-2025-64328_FreePBX-framework-Command-Injection", "stars": 1, "description": "CVE-2025-64328 FreePBX Authenticated Command Injection in the framework module."}], "nuclei_template": null, "mitre_techniques": [{"id": "T1005", "name": "Data from Local System", "tactic": "Collection"}], "ats_score": 31, "ats_level": "LOW", "ats_breakdown": {"severity": 25.8, "exploit_probability": 0.0, "weaponization": 5, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-1009", "description": "An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-416", "CWE-416"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1936613", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-07/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-08/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-09/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-10/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-11/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00005.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00006.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-02-04T14:15:31.653", "last_modified": "2026-04-13T15:16:47.983", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00799, "epss_percentile": 0.74039, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.2, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-1016", "description": "Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-787", "CWE-787"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1936601%2C1936844%2C1937694%2C1938469%2C1939583%2C1940994", "source": "security@mozilla.org", "tags": ["Broken Link"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-07/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-08/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-09/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-10/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-11/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00006.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-02-04T14:15:32.467", "last_modified": "2026-04-13T15:16:50.443", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00313, "epss_percentile": 0.5446, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-1017", "description": "Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 135, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-787", "CWE-787"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1926256%2C1935984%2C1935471", "source": "security@mozilla.org", "tags": ["Broken Link"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-07/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-09/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-10/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-11/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00006.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-02-04T14:15:32.600", "last_modified": "2026-04-13T15:16:50.647", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00308, "epss_percentile": 0.54014, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-1020", "description": "Memory safety bugs present in Firefox 134 and Thunderbird 134. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 135 and Thunderbird 135.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-787", "CWE-787"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1939063%2C1942169", "source": "security@mozilla.org", "tags": ["Broken Link"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-07/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-11/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-02-04T14:15:32.953", "last_modified": "2026-04-13T15:16:51.213", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00588, "epss_percentile": 0.69121, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-1942", "description": "When String.toUpperCase() caused a string to get longer it was possible for uninitialized memory to be incorporated into the result string. This vulnerability was fixed in Firefox 136 and Thunderbird 136.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-908"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1947139", "source": "security@mozilla.org", "tags": ["Issue Tracking"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-14/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-17/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-03-04T14:15:39.167", "last_modified": "2026-04-13T15:16:53.940", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00467, "epss_percentile": 0.64428, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-4918", "description": "An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability was fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 138.0.2.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-125", "CWE-787"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1966612", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-36/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-37/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-38/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-40/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-41/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00024.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00046.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://www.vicarius.io/vsociety/posts/cve-2025-4918-detect-firefox-out-of-bounds-write", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://www.vicarius.io/vsociety/posts/cve-2025-4918-mitigate-firefox-out-of-bounds-write", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"]}], "published": "2025-05-17T22:15:19.563", "last_modified": "2026-04-13T15:17:01.407", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00612, "epss_percentile": 0.6982, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.2, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-49709", "description": "Certain canvas operations could have lead to memory corruption. This vulnerability was fixed in Firefox 139.0.4.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-787"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1966083", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-47/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-06-11T12:15:26.977", "last_modified": "2026-04-13T15:16:58.937", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00409, "epss_percentile": 0.61279, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-49710", "description": "An integer overflow was present in `OrderedHashTable` used by the JavaScript engine. This vulnerability was fixed in Firefox 139.0.4.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-190"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1970095", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-47/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-06-11T12:15:27.083", "last_modified": "2026-04-13T15:16:59.113", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00409, "epss_percentile": 0.61279, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-6424", "description": "A use-after-free in FontFaceSet resulted in a potentially exploitable crash. This vulnerability was fixed in Firefox 140, Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird 140, and Thunderbird 128.12.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-416"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1966423", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-51/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-52/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-53/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-54/", "source": "security@mozilla.org", "tags": []}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-55/", "source": "security@mozilla.org", "tags": []}, {"url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00029.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00002.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-06-24T13:15:23.273", "last_modified": "2026-04-13T15:17:06.127", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00305, "epss_percentile": 0.53791, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-6965", "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-197"], "affected_products": [{"vendor": "sqlite", "product": "sqlite", "cpe": "cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", "source": "cve-coordination@google.com", "tags": ["Patch"]}, {"url": "http://seclists.org/fulldisclosure/2025/Sep/49", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "http://seclists.org/fulldisclosure/2025/Sep/53", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "http://seclists.org/fulldisclosure/2025/Sep/56", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "http://seclists.org/fulldisclosure/2025/Sep/57", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "http://seclists.org/fulldisclosure/2025/Sep/58", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "http://www.openwall.com/lists/oss-security/2025/09/06/1", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-225816.html", "source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e", "tags": []}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-485750.html", "source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e", "tags": []}], "published": "2025-07-15T14:15:31.080", "last_modified": "2026-04-14T10:16:29.853", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.01182, "epss_percentile": 0.78772, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.3, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-0881", "description": "Sandbox escape in the Messaging System component. This vulnerability was fixed in Firefox 147 and Thunderbird 147.", "cvss_score": 10.0, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-284", "CWE-693"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2005845", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-01-13T14:16:38.657", "last_modified": "2026-04-13T15:17:16.890", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00029, "epss_percentile": 0.08096, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 30.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-26221", "description": "Hyland OnBase contains an unauthenticated .NET Remoting exposure in the OnBase Workflow Timer Service (Hyland.Core.Workflow.NTService.exe). An attacker who can reach the service can send crafted .NET Remoting requests to default HTTP channel endpoints on TCP/8900 (e.g., TimerServiceAPI.rem and TimerServiceEvents.rem for Workflow) to trigger unsafe object unmarshalling, enabling arbitrary file read/write. By writing attacker-controlled content into web-accessible locations or chaining with other OnBase features, this can lead to remote code execution. The same primitive can be abused by supplying a UNC path to coerce outbound NTLM authentication (SMB coercion) to an attacker-controlled host.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-502"], "affected_products": [], "references": [{"url": "https://community.hyland.com/resources/bulletins-and-notices/223223-security-update-onbase-workflow-timer-service-bulletin-ob2025-03", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.hyland.com/en/solutions/products/onbase", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/hyland-onbase-timer-services-unauthenticated-net-remoting-rce", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-02-13T16:16:11.683", "last_modified": "2026-04-14T00:16:05.073", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00586, "epss_percentile": 0.69082, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2760", "description": "Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.", "cvss_score": 10.0, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-1384"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2011062", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-14/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-02-24T14:16:24.257", "last_modified": "2026-04-13T15:17:20.940", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00078, "epss_percentile": 0.23082, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 30.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2761", "description": "Sandbox escape in the Graphics: WebRender component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.", "cvss_score": 10.0, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-693"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2011063", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-14/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-02-24T14:16:24.370", "last_modified": "2026-04-13T15:17:21.127", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00139, "epss_percentile": 0.33978, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 30.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2768", "description": "Sandbox escape in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.", "cvss_score": 10.0, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-284", "CWE-693"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014101", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-02-24T14:16:25.183", "last_modified": "2026-04-13T15:17:23.047", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00097, "epss_percentile": 0.2675, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 30.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2776", "description": "Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.", "cvss_score": 10.0, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-119"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2015266", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-14/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-02-24T14:16:26.023", "last_modified": "2026-04-13T15:17:24.590", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00078, "epss_percentile": 0.23082, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 30.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2778", "description": "Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.", "cvss_score": 10.0, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-119"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016358", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-14/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-02-24T14:16:26.230", "last_modified": "2026-04-13T15:17:25.000", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00078, "epss_percentile": 0.23082, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 30.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2293", "description": "A NestJS application using @nestjs/platform-fastify can allow bypass of authentication/authorization middleware when Fastify path-normalization options are enabled.\n\n\n\nThis issue affects nest.Js: 11.1.13.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-863"], "affected_products": [{"vendor": "nestjs", "product": "nest", "cpe": "cpe:2.3:a:nestjs:nest:11.1.13:*:*:*:*:node.js:*:*"}], "references": [{"url": "https://fluidattacks.com/advisories/neton", "source": "help@fluidattacks.com", "tags": ["Third Party Advisory", "Exploit"]}, {"url": "https://github.com/nestjs/nest/", "source": "help@fluidattacks.com", "tags": ["Product"]}, {"url": "https://github.com/nestjs/nest/releases/tag/v11.1.14", "source": "help@fluidattacks.com", "tags": ["Release Notes"]}], "published": "2026-02-27T17:16:33.357", "last_modified": "2026-04-14T00:30:36.907", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00408, "epss_percentile": 0.61164, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2019-25471", "description": "FileThingie 2.5.7 contains an arbitrary file upload vulnerability that allows attackers to upload malicious files by sending ZIP archives through the ft2.php endpoint. Attackers can upload ZIP files containing PHP shells, use the unzip functionality to extract them into accessible directories, and execute arbitrary commands through the extracted PHP files.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-22"], "affected_products": [{"vendor": "leefish", "product": "file_thingie", "cpe": "cpe:2.3:a:leefish:file_thingie:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/leefish/filethingie/archive/master.zip", "source": "disclosure@vulncheck.com", "tags": ["Product"]}, {"url": "https://www.exploit-db.com/exploits/47349", "source": "disclosure@vulncheck.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"]}, {"url": "https://www.vulncheck.com/advisories/filethingie-arbitrary-file-upload-via-ft2-php", "source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"]}], "published": "2026-03-11T19:16:00.803", "last_modified": "2026-04-13T14:25:16.107", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00621, "epss_percentile": 0.70075, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1083", "name": "File and Directory Discovery", "tactic": "Discovery"}], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.2, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2017-20224", "description": "Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious content by exploiting enabled WebDAV HTTP methods. Attackers can use PUT, DELETE, MKCOL, MOVE, COPY, and PROPPATCH methods to upload executable code, delete files, or manipulate server content for remote code execution or denial of service.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-434"], "affected_products": [{"vendor": "telesquare", "product": "sdt-cs3b1_firmware", "cpe": "cpe:2.3:o:telesquare:sdt-cs3b1_firmware:1.2.0:*:*:*:*:*:*:*"}], "references": [{"url": "https://cxsecurity.com/issue/WLB-2017120301", "source": "disclosure@vulncheck.com", "tags": ["Exploit", "Issue Tracking"]}, {"url": "https://www.vulncheck.com/advisories/telesquare-skt-lte-router-sdt-cs3b1-webdav-arbitrary-file-upload", "source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"]}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5446.php", "source": "disclosure@vulncheck.com", "tags": ["Exploit", "Third Party Advisory"]}], "published": "2026-03-16T14:17:52.560", "last_modified": "2026-04-14T16:52:32.510", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00344, "epss_percentile": 0.57043, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1105", "name": "Ingress Tool Transfer", "tactic": "Command and Control"}], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32169", "description": "Server-side request forgery (ssrf) in Azure Cloud Shell allows an unauthorized attacker to elevate privileges over a network.", "cvss_score": 10.0, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-918"], "affected_products": [{"vendor": "microsoft", "product": "azure_cloud_shell", "cpe": "cpe:2.3:a:microsoft:azure_cloud_shell:-:*:*:*:*:*:*:*"}], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32169", "source": "secure@microsoft.com", "tags": ["Vendor Advisory"]}], "published": "2026-03-19T21:17:10.233", "last_modified": "2026-04-14T17:14:41.383", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00084, "epss_percentile": 0.24484, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1090", "name": "Proxy", "tactic": "Command and Control"}], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 30.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-22898", "description": "A missing authentication for critical function vulnerability has been reported to affect QVR Pro. The remote attackers can then exploit the vulnerability to gain access to the system.\n\nWe have already fixed the vulnerability in the following version:\nQVR Pro 2.7.4.14 and later", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-306"], "affected_products": [{"vendor": "qnap", "product": "qvr_pro", "cpe": "cpe:2.3:a:qnap:qvr_pro:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://www.qnap.com/en/security-advisory/qsa-26-07", "source": "security@qnapsecurity.com.tw", "tags": ["Vendor Advisory"]}], "published": "2026-03-20T17:16:44.307", "last_modified": "2026-04-14T14:33:30.040", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0035, "epss_percentile": 0.575, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4688", "description": "Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.", "cvss_score": 10.0, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-416", "CWE-416"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016373", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "source": "security@mozilla.org", "tags": []}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "source": "security@mozilla.org", "tags": []}], "published": "2026-03-24T13:16:04.640", "last_modified": "2026-04-13T15:17:37.207", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0002, "epss_percentile": 0.05335, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 30.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4689", "description": "Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.", "cvss_score": 10.0, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-190", "CWE-754", "CWE-120", "CWE-190"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016374", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-21/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-03-24T13:16:04.737", "last_modified": "2026-04-13T15:17:37.393", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00027, "epss_percentile": 0.07532, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 30.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4692", "description": "Sandbox escape in the Responsive Design Mode component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.", "cvss_score": 10.0, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": [], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2017643", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-21/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-03-24T13:16:05.040", "last_modified": "2026-04-13T15:17:38.053", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00025, "epss_percentile": 0.06967, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 30.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4725", "description": "Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149 and Thunderbird 149.", "cvss_score": 10.0, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-416", "CWE-416"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2017108", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "source": "security@mozilla.org", "tags": []}], "published": "2026-03-24T13:16:08.377", "last_modified": "2026-04-13T15:17:44.903", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00012, "epss_percentile": 0.01759, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 30.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32186", "description": "Server-side request forgery (ssrf) in Microsoft Bing allows an unauthorized attacker to elevate privileges over a network.", "cvss_score": 10.0, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-918"], "affected_products": [{"vendor": "microsoft", "product": "bing", "cpe": "cpe:2.3:a:microsoft:bing:-:*:*:*:*:*:*:*"}], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32186", "source": "secure@microsoft.com", "tags": ["Vendor Advisory"]}], "published": "2026-04-03T18:16:24.993", "last_modified": "2026-04-13T18:32:38.160", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00093, "epss_percentile": 0.26056, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1090", "name": "Proxy", "tactic": "Command and Control"}], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 30.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34612", "description": "Kestra is an open-source, event-driven orchestration platform. Prior to version 1.3.7, Kestra (default docker-compose deployment) contains a SQL Injection vulnerability that leads to Remote Code Execution (RCE) in the following endpoint \"GET /api/v1/main/flows/search\". Once a user is authenticated, simply visiting a crafted link is enough to trigger the vulnerability. The injected payload is executed by PostgreSQL using COPY ... TO PROGRAM ..., which in turn runs arbitrary OS commands on the host. This issue has been patched in version 1.3.7.", "cvss_score": 9.9, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-89"], "affected_products": [{"vendor": "kestra", "product": "kestra", "cpe": "cpe:2.3:a:kestra:kestra:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/kestra-io/kestra/commit/3926762795df8ad3e03924b370c51832ed3a21d3", "source": "security-advisories@github.com", "tags": ["Patch"]}, {"url": "https://github.com/kestra-io/kestra/releases/tag/v1.3.7", "source": "security-advisories@github.com", "tags": ["Product", "Release Notes"]}, {"url": "https://github.com/kestra-io/kestra/security/advisories/GHSA-365w-2m69-mp9x", "source": "security-advisories@github.com", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}, {"url": "https://github.com/kestra-io/kestra/security/advisories/GHSA-365w-2m69-mp9x", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}], "published": "2026-04-03T23:17:04.587", "last_modified": "2026-04-13T17:36:59.393", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00165, "epss_percentile": 0.37591, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 29.7, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34938", "description": "PraisonAI is a multi-agent teams system. Prior to version 1.5.90, execute_code() in praisonai-agents runs attacker-controlled Python inside a three-layer sandbox that can be fully bypassed by passing a str subclass with an overridden startswith() method to the _safe_getattr wrapper, achieving arbitrary OS command execution on the host. This issue has been patched in version 1.5.90.", "cvss_score": 10.0, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-693"], "affected_products": [{"vendor": "praison", "product": "praisonaiagents", "cpe": "cpe:2.3:a:praison:praisonaiagents:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-6vh2-h83c-9294", "source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"]}], "published": "2026-04-03T23:17:06.170", "last_modified": "2026-04-14T18:07:19.827", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00131, "epss_percentile": 0.32623, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 30.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2016-20052", "description": "Snews CMS 1.7 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files including PHP executables to the snews_files directory. Attackers can upload malicious PHP files through the multipart form-data upload endpoint and execute them by accessing the uploaded file path to achieve remote code execution.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-434"], "affected_products": [{"vendor": "snewscms", "product": "snews", "cpe": "cpe:2.3:a:snewscms:snews:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://www.exploit-db.com/exploits/40706", "source": "disclosure@vulncheck.com", "tags": ["Exploit", "VDB Entry"]}, {"url": "https://www.vulncheck.com/advisories/snews-cms-unrestricted-file-upload-via-snews-files", "source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"]}], "published": "2026-04-04T14:16:17.520", "last_modified": "2026-04-14T19:05:45.853", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00264, "epss_percentile": 0.49927, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1105", "name": "Ingress Tool Transfer", "tactic": "Command and Control"}], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35171", "description": "Kedro is a toolbox for production-ready data science. Prior to 1.3.0, Kedro allows the logging configuration file path to be set via the KEDRO_LOGGING_CONFIG environment variable and loads it without validation. The logging configuration schema supports the special () key, which enables arbitrary callable instantiation. An attacker can exploit this to execute arbitrary system commands during application startup. This is a critical remote code execution (RCE) vulnerability caused by unsafe use of logging.config.dictConfig() with user-controlled input. This vulnerability is fixed in 1.3.0.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-94", "CWE-502"], "affected_products": [{"vendor": "linuxfoundation", "product": "kedro", "cpe": "cpe:2.3:a:linuxfoundation:kedro:*:*:*:*:*:python:*:*"}], "references": [{"url": "https://github.com/kedro-org/kedro/security/advisories/GHSA-9cqf-439c-j96r", "source": "security-advisories@github.com", "tags": ["Vendor Advisory"]}], "published": "2026-04-06T18:16:43.373", "last_modified": "2026-04-14T15:36:21.790", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00396, "epss_percentile": 0.60462, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35022", "description": "Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in authentication helper execution where helper configuration values are executed using shell=true without input validation. Attackers who can influence authentication settings can inject shell metacharacters through parameters like apiKeyHelper, awsAuthRefresh, awsCredentialExport, and gcpAuthRefresh to execute arbitrary commands with the privileges of the user or automation environment, enabling credential theft and environment variable exfiltration.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-78"], "affected_products": [], "references": [{"url": "https://phoenix.security/critical-ci-cd-nightmare-3-command-injection-flaws-in-claude-code-cli-allow-credential-exfiltration/", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/anthropic-claude-code-agent-sdk-os-command-injection-via-authentication-helper", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-06T20:16:25.260", "last_modified": "2026-04-13T20:16:34.777", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00318, "epss_percentile": 0.5481, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5850", "description": "A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument pptpPassThru leads to os command injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-77", "CWE-78"], "affected_products": [], "references": [{"url": "https://github.com/Litengzheng/vuldb_new/blob/main/A7100RU/vul_156/README.md", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/791266", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356376", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356376/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.totolink.net/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-09T06:16:23.600", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00892, "epss_percentile": 0.75567, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.2, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5851", "description": "A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument enable results in os command injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-77", "CWE-78"], "affected_products": [], "references": [{"url": "https://github.com/Litengzheng/vuldb_new/blob/main/A7100RU/vul_157/README.md", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/791271", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356377", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356377/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.totolink.net/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-09T06:16:23.807", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00892, "epss_percentile": 0.75567, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.2, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5852", "description": "A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument igmpVer causes os command injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-77", "CWE-78"], "affected_products": [], "references": [{"url": "https://github.com/Litengzheng/vuldb_new/blob/main/A7100RU/vul_158/README.md", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/791272", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356378", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356378/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.totolink.net/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-09T07:16:04.130", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00892, "epss_percentile": 0.75567, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.2, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5853", "description": "A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability is the function setIpv6LanCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument addrPrefixLen leads to os command injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-77", "CWE-78"], "affected_products": [], "references": [{"url": "https://github.com/Litengzheng/vuldb_new/blob/main/A7100RU/vul_159/README.md", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/791274", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356379", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356379/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.totolink.net/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-09T07:16:05.273", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00892, "epss_percentile": 0.75567, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.2, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5854", "description": "A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument merge results in os command injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-77", "CWE-78"], "affected_products": [], "references": [{"url": "https://github.com/Litengzheng/vuldb_new/blob/main/A7100RU/vul_160/README.md", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/791276", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356380", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356380/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.totolink.net/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-09T07:16:05.477", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0023, "epss_percentile": 0.45832, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-62718", "description": "Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checking NO_PROXY rules. Requests to loopback addresses like localhost. (with a trailing dot) or [::1] (IPv6 literal) skip NO_PROXY matching and go through the configured proxy. This goes against what developers expect and lets attackers force requests through a proxy, even if NO_PROXY is set up to protect loopback or internal services. This issue leads to the possibility of proxy bypass and SSRF vulnerabilities allowing attackers to reach sensitive loopback or internal services despite the configured protections. This vulnerability is fixed in 1.15.0 and 0.31.0.", "cvss_score": 9.9, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L", "cvss_severity": "CRITICAL", "cwes": ["CWE-441", "CWE-918"], "affected_products": [{"vendor": "axios", "product": "axios", "cpe": "cpe:2.3:a:axios:axios:*:*:*:*:*:node.js:*:*"}], "references": [{"url": "https://datatracker.ietf.org/doc/html/rfc1034#section-3.1", "source": "security-advisories@github.com", "tags": ["Technical Description"]}, {"url": "https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2", "source": "security-advisories@github.com", "tags": ["Technical Description"]}, {"url": "https://github.com/axios/axios/commit/03cdfc99e8db32a390e12128208b6778492cee9c", "source": "security-advisories@github.com", "tags": ["Patch"]}, {"url": "https://github.com/axios/axios/commit/fb3befb6daac6cad26b2e54094d0f2d9e47f24df", "source": "security-advisories@github.com", "tags": ["Patch"]}, {"url": "https://github.com/axios/axios/pull/10661", "source": "security-advisories@github.com", "tags": ["Issue Tracking", "Patch"]}, {"url": "https://github.com/axios/axios/pull/10688", "source": "security-advisories@github.com", "tags": ["Issue Tracking"]}, {"url": "https://github.com/axios/axios/releases/tag/v0.31.0", "source": "security-advisories@github.com", "tags": ["Release Notes"]}, {"url": "https://github.com/axios/axios/releases/tag/v1.15.0", "source": "security-advisories@github.com", "tags": ["Product", "Release Notes"]}, {"url": "https://github.com/axios/axios/security/advisories/GHSA-3p68-rc4w-qgx5", "source": "security-advisories@github.com", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}, {"url": "https://github.com/axios/axios/security/advisories/GHSA-3p68-rc4w-qgx5", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}], "published": "2026-04-09T15:16:08.650", "last_modified": "2026-04-14T20:14:05.350", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00015, "epss_percentile": 0.0326, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1090", "name": "Proxy", "tactic": "Command and Control"}], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 29.7, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40089", "description": "Sonicverse is a Self-hosted Docker Compose stack for live radio streaming. The Sonicverse Radio Audio Streaming Stack dashboard contains a Server-Side Request Forgery (SSRF) vulnerability in its API client (apps/dashboard/lib/api.ts). Installations created using the provided install.sh script (including the one‑liner bash <(curl -fsSL https://sonicverse.short.gy/install-audiostack)) are affected. In these deployments, the dashboard accepts user-controlled URLs and passes them directly to a server-side HTTP client without sufficient validation. An authenticated operator can abuse this to make arbitrary HTTP requests from the dashboard backend to internal or external systems. This vulnerability is fixed with commit cb1ddbacafcb441549fe87d3eeabdb6a085325e4.", "cvss_score": 9.9, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L", "cvss_severity": "CRITICAL", "cwes": ["CWE-918"], "affected_products": [], "references": [{"url": "https://github.com/sonicverse-eu/audiostreaming-stack/security/advisories/GHSA-8vvj-7f7r-7v48", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-09T20:16:27.743", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00038, "epss_percentile": 0.11254, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1090", "name": "Proxy", "tactic": "Command and Control"}], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 29.7, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5975", "description": "A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setDmzCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument wanIdx leads to os command injection. The attack may be performed from remote. The exploit is publicly available and might be used.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-77", "CWE-78"], "affected_products": [], "references": [{"url": "https://github.com/Litengzheng/vuldb_new/blob/main/A7100RU/vul_161/README.md", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/791821", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356529", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356529/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.totolink.net/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-09T20:16:29.547", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00892, "epss_percentile": 0.75567, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.2, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5976", "description": "A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setStorageCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument sambaEnabled results in os command injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-77", "CWE-78"], "affected_products": [], "references": [{"url": "https://github.com/Litengzheng/vuldb_new/blob/main/A7100RU/vul_162/README.md", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/791822", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356530", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356530/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.totolink.net/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-09T20:16:29.763", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00892, "epss_percentile": 0.75567, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.2, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5977", "description": "A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument wifiOff can lead to os command injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-77", "CWE-78"], "affected_products": [], "references": [{"url": "https://github.com/Litengzheng/vuldb_new/blob/main/A7100RU/vul_163/README.md", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/791823", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356531", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356531/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.totolink.net/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-09T21:16:13.487", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00892, "epss_percentile": 0.75567, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.2, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5978", "description": "A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument mode leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-77", "CWE-78"], "affected_products": [], "references": [{"url": "https://github.com/Litengzheng/vuldb_new/blob/main/A7100RU/vul_164/README.md", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/791825", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356532", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356532/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.totolink.net/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-09T21:16:13.727", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00892, "epss_percentile": 0.75567, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.2, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5993", "description": "A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This vulnerability affects the function setWiFiGuestCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument wifiOff leads to os command injection. The attack can be executed remotely. The exploit is publicly available and might be used.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-77", "CWE-78"], "affected_products": [], "references": [{"url": "https://github.com/Litengzheng/vuldb_new/blob/main/A7100RU/vul_165/README.md", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/792041", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356547", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356547/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.totolink.net/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-10T01:16:41.743", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00892, "epss_percentile": 0.75567, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.2, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5994", "description": "A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This issue affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument telnet_enabled results in os command injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-77", "CWE-78"], "affected_products": [], "references": [{"url": "https://github.com/Litengzheng/vuldb_new/blob/main/A7100RU/vul_166/README.md", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/792042", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356548", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356548/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.totolink.net/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-10T01:16:42.280", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00892, "epss_percentile": 0.75567, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.2, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5995", "description": "A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function setMiniuiHomeInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument lan_info can lead to os command injection. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-77", "CWE-78"], "affected_products": [], "references": [{"url": "https://github.com/Litengzheng/vuldb_new/blob/main/A7100RU/vul_167/README.md", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/792043", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356549", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356549/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.totolink.net/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-10T01:16:42.490", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00892, "epss_percentile": 0.75567, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.2, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5996", "description": "A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setAdvancedInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument tty_server leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-77", "CWE-78"], "affected_products": [], "references": [{"url": "https://github.com/Litengzheng/vuldb_new/blob/main/A7100RU/vul_168/README.md", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/792044", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356550", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356550/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.totolink.net/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-10T02:16:04.043", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00892, "epss_percentile": 0.75567, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.2, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5997", "description": "A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setLoginPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument admpass results in os command injection. It is possible to launch the attack remotely. The exploit is now public and may be used.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-77", "CWE-78"], "affected_products": [], "references": [{"url": "https://github.com/Litengzheng/vuldb_new/blob/main/A7100RU/vul_169/README.md", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/792045", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356551", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356551/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.totolink.net/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-10T02:16:04.247", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00892, "epss_percentile": 0.75567, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.2, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6025", "description": "A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument enable leads to os command injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-77", "CWE-78"], "affected_products": [], "references": [{"url": "https://github.com/Litengzheng/vuldb_new/blob/main/A7100RU/vul_170/README.md", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/792046", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356601", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356601/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.totolink.net/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-10T06:16:07.203", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00892, "epss_percentile": 0.75567, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.2, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6026", "description": "A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This vulnerability affects the function setPortalConfWeChat of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument enable results in os command injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-77", "CWE-78"], "affected_products": [], "references": [{"url": "https://github.com/Litengzheng/vuldb_new/blob/main/A7100RU/vul_171/README.md", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/792047", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356602", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356602/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.totolink.net/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-10T07:16:21.350", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00892, "epss_percentile": 0.75567, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.2, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6027", "description": "A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. This issue affects the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument enable can lead to os command injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-77", "CWE-78"], "affected_products": [], "references": [{"url": "https://github.com/Litengzheng/vuldb_new/blob/main/A7100RU/vul_172/README.md", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/792048", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356603", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356603/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.totolink.net/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-10T07:16:21.583", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00892, "epss_percentile": 0.75567, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.2, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6028", "description": "A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function setPptpServerCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument enable leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-77", "CWE-78"], "affected_products": [], "references": [{"url": "https://github.com/Litengzheng/vuldb_new/blob/main/A7100RU/vul_173/README.md", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/792049", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356604", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356604/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.totolink.net/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-10T07:16:21.790", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00892, "epss_percentile": 0.75567, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.2, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6029", "description": "A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setVpnAccountCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument User results in os command injection. The attack may be launched remotely. The exploit is now public and may be used.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-77", "CWE-78"], "affected_products": [], "references": [{"url": "https://github.com/Litengzheng/vuldb_new/blob/main/A7100RU/vul_174/README.md", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/792050", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356605", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356605/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.totolink.net/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-10T07:16:22.000", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00892, "epss_percentile": 0.75567, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.2, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5412", "description": "In Juju versions prior to 2.9.57 and 3.6.21, an authorization issue exists in the Controller facade. An authenticated user can call the CloudSpec API method to extract the cloud credentials used to bootstrap the controller. This allows a low-privileged user to access sensitive credentials. This issue is resolved in Juju versions 2.9.57 and 3.6.21.", "cvss_score": 9.9, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-285"], "affected_products": [], "references": [{"url": "https://github.com/juju/juju/pull/22205", "source": "security@ubuntu.com", "tags": []}, {"url": "https://github.com/juju/juju/pull/22206", "source": "security@ubuntu.com", "tags": []}, {"url": "https://github.com/juju/juju/security/advisories/GHSA-w5fq-8965-c969", "source": "security@ubuntu.com", "tags": []}], "published": "2026-04-10T13:16:45.780", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00037, "epss_percentile": 0.10882, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 29.7, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40175", "description": "Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.3.1, the Axios library is vulnerable to a specific \"Gadget\" attack chain that allows Prototype Pollution in any third-party dependency to be escalated into Remote Code Execution (RCE) or Full Cloud Compromise (via AWS IMDSv2 bypass). This vulnerability is fixed in 1.15.0 and 0.3.1.", "cvss_score": 10.0, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-113", "CWE-444", "CWE-918"], "affected_products": [], "references": [{"url": "https://github.com/axios/axios/commit/03cdfc99e8db32a390e12128208b6778492cee9c", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/axios/axios/commit/363185461b90b1b78845dc8a99a1f103d9b122a1", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/axios/axios/pull/10660", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/axios/axios/pull/10688", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/axios/axios/releases/tag/v0.31.0", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/axios/axios/releases/tag/v1.15.0", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/axios/axios/security/advisories/GHSA-fvcv-3m26-pcqx", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/axios/axios/pull/10660#issuecomment-4224168081", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2026-04-10T20:16:22.800", "last_modified": "2026-04-14T16:16:47.637", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00239, "epss_percentile": 0.46966, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1090", "name": "Proxy", "tactic": "Command and Control"}], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 30.0, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4149", "description": "Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sonos Era 300. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of the DataOffset field within SMB responses. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the kernel. Was ZDI-CAN-28345.", "cvss_score": 10.0, "cvss_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-119"], "affected_products": [], "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-26-192/", "source": "zdi-disclosures@trendmicro.com", "tags": []}], "published": "2026-04-11T01:16:16.430", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.01272, "epss_percentile": 0.79522, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 30.0, "exploit_probability": 0.3, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5058", "description": "aws-mcp-server Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of the allowed commands list. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the MCP server. Was ZDI-CAN-27968.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-78"], "affected_products": [], "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-26-246/", "source": "zdi-disclosures@trendmicro.com", "tags": []}], "published": "2026-04-11T01:16:18.157", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.01013, "epss_percentile": 0.77138, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.3, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5059", "description": "aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of the allowed commands list. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the MCP server. Was ZDI-CAN-27969.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-78"], "affected_products": [], "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-26-245/", "source": "zdi-disclosures@trendmicro.com", "tags": []}], "published": "2026-04-11T01:16:18.293", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.01013, "epss_percentile": 0.77138, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.3, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6112", "description": "A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument maxRtrAdvInterval causes os command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-77", "CWE-78"], "affected_products": [], "references": [{"url": "https://github.com/Litengzheng/vuldb_new/blob/main/A7100RU/vul_177/README.md", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/792245", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356972", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356972/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.totolink.net/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-12T04:16:47.133", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00892, "epss_percentile": 0.75567, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.2, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6113", "description": "A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability is the function setTtyServiceCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument ttyEnable leads to os command injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-77", "CWE-78"], "affected_products": [], "references": [{"url": "https://github.com/Litengzheng/vuldb_new/blob/main/A7100RU/vul_178/README.md", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/792246", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356973", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356973/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.totolink.net/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-12T04:16:49.037", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00892, "epss_percentile": 0.75567, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.2, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6114", "description": "A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setNetworkCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument proto results in os command injection. The attack may be initiated remotely. The exploit is now public and may be used.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-77", "CWE-78"], "affected_products": [], "references": [{"url": "https://github.com/Litengzheng/vuldb_new/blob/main/A7100RU/vul_179/README.md", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/792247", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356974", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356974/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.totolink.net/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-12T04:16:49.267", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00892, "epss_percentile": 0.75567, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.2, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6115", "description": "A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setAppCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument enable can lead to os command injection. The attack may be launched remotely. The exploit has been published and may be used.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-77", "CWE-78"], "affected_products": [], "references": [{"url": "https://github.com/Litengzheng/vuldb_new/blob/main/A7100RU/vul_180/README.md", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/792248", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356975", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356975/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.totolink.net/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-12T05:16:00.807", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00892, "epss_percentile": 0.75567, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.2, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6116", "description": "A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This vulnerability affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument ip leads to os command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-77", "CWE-78"], "affected_products": [], "references": [{"url": "https://github.com/Litengzheng/vuldb_new/blob/main/A7100RU/vul_181/README.md", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/792249", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356976", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356976/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.totolink.net/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-12T05:16:01.060", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00892, "epss_percentile": 0.75567, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.2, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6131", "description": "A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument command results in os command injection. The attack may be launched remotely. The exploit has been made public and could be used.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-77", "CWE-78"], "affected_products": [], "references": [{"url": "https://github.com/Litengzheng/vuldb_new/blob/main/A7100RU/vul_182/README.md", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/792251", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356995", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356995/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.totolink.net/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-12T23:16:25.700", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00892, "epss_percentile": 0.75567, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.2, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6132", "description": "A vulnerability was determined in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setLedCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument enable causes os command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-77", "CWE-78"], "affected_products": [], "references": [{"url": "https://github.com/Litengzheng/vuldb_new/blob/main/A7100RU/vul_183/README.md", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/792252", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356996", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356996/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.totolink.net/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-12T23:16:25.917", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00892, "epss_percentile": 0.75567, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.2, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6138", "description": "A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setAccessDeviceCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument mac causes os command injection. The attack can be initiated remotely. The exploit has been published and may be used.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-77", "CWE-78"], "affected_products": [], "references": [{"url": "https://github.com/Litengzheng/vuldb_new/blob/main/A7100RU/vul_191/README.md", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/792980", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357002", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357002/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.totolink.net/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-13T00:16:21.493", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00892, "epss_percentile": 0.75567, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.2, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6139", "description": "A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function UploadOpenVpnCert of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument FileName leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-77", "CWE-78"], "affected_products": [], "references": [{"url": "https://github.com/Litengzheng/vuldb_new/blob/main/A7100RU/vul_192/README.md", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/792982", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357003", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357003/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.totolink.net/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-13T01:16:35.500", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00892, "epss_percentile": 0.75567, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.2, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6140", "description": "A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument FileName results in os command injection. The attack may be initiated remotely. The exploit has been made public and could be used.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-77", "CWE-78"], "affected_products": [], "references": [{"url": "https://github.com/Litengzheng/vuldb_new/blob/main/A7100RU/vul_193/README.md", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/792987", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357004", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357004/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.totolink.net/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-13T01:16:35.697", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00892, "epss_percentile": 0.75567, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.2, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6154", "description": "A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument wizard results in os command injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-77", "CWE-78"], "affected_products": [], "references": [{"url": "https://github.com/Litengzheng/vuldb_new/blob/main/A7100RU/vul_194/README.md", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/792990", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357034", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357034/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.totolink.net/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-13T04:16:14.993", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00892, "epss_percentile": 0.75567, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.2, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6155", "description": "A weakness has been identified in Totolink A7100RU 7.4cu.2313. The impacted element is the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument pppoeServiceName can lead to os command injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-77", "CWE-78"], "affected_products": [], "references": [{"url": "https://github.com/Litengzheng/vuldb_new/blob/main/A7100RU/vul_196/README.md", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/793679", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357035", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357035/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.totolink.net/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-13T04:16:15.237", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00892, "epss_percentile": 0.75567, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.2, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6156", "description": "A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setIpQosRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument Comment leads to os command injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-77", "CWE-78"], "affected_products": [], "references": [{"url": "https://github.com/Litengzheng/vuldb_new/blob/main/A7100RU/vul_197/README.md", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/793681", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357036", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357036/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.totolink.net/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-13T04:16:15.450", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00892, "epss_percentile": 0.75567, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.2, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6195", "description": "A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument admpass leads to os command injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-77", "CWE-78"], "affected_products": [], "references": [{"url": "https://github.com/Litengzheng/vuldb_new/blob/main/A7100RU/vul_198/README.md", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/797460", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357117", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357117/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.totolink.net/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-13T18:16:32.353", "last_modified": "2026-04-13T18:16:32.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00892, "epss_percentile": 0.75567, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.2, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27681", "description": "Due to insufficient authorization checks in SAP Business Planning and Consolidation and SAP Business Warehouse, an authenticated user can execute crafted SQL statements to read, modify, and delete database data. This leads to a high impact on the confidentiality, integrity, and availability of the system.", "cvss_score": 9.9, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-89"], "affected_products": [], "references": [{"url": "https://me.sap.com/notes/3719353", "source": "cna@sap.com", "tags": []}, {"url": "https://url.sap/sapsecuritypatchday", "source": "cna@sap.com", "tags": []}], "published": "2026-04-14T00:16:06.560", "last_modified": "2026-04-14T00:16:06.560", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00047, "epss_percentile": 0.14458, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 29.7, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6264", "description": "A critical vulnerability in the Talend JobServer and Talend Runtime allows unauthenticated remote code execution via the JMX monitoring port. The attack vector is the JMX monitoring port of the Talend JobServer. The vulnerability can be mitigated for the Talend JobServer by requiring TLS client authentication for the monitoring port; however, the patch must be applied for full mitigation. For Talend ESB Runtime, the vulnerability can be mitigated by disabling the JobServer JMX monitoring port, which is disabled by default from the R2024-07-RT patch.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": [], "affected_products": [], "references": [{"url": "https://community.qlik.com/t5/Official-Support-Articles/Critical-Security-fix-for-the-Qlik-Talend-JobServer-and-Talend/tac-p/2541974", "source": "4ac701fe-44e9-4bcd-9585-dd6449257611", "tags": []}], "published": "2026-04-14T03:16:09.050", "last_modified": "2026-04-14T03:16:09.050", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00237, "epss_percentile": 0.46766, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-38526", "description": "An authenticated arbitrary file upload vulnerability in the /admin/tinymce/upload endpoint of Webkul Krayin CRM v2.2.x allows attackers to execute arbitrary code via uploading a crafted PHP file.", "cvss_score": 9.9, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-434"], "affected_products": [], "references": [{"url": "https://github.com/TREXNEGRO/Security-Advisories/tree/main/CVE-2026-38526", "source": "cve@mitre.org", "tags": []}, {"url": "https://github.com/krayin/laravel-crm", "source": "cve@mitre.org", "tags": []}, {"url": "https://github.com/TREXNEGRO/Security-Advisories/blob/main/CVE-2026-38526/poc.md", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": []}], "published": "2026-04-14T16:16:43.127", "last_modified": "2026-04-14T18:17:37.397", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1105", "name": "Ingress Tool Transfer", "tactic": "Command and Control"}], "ats_score": 30, "ats_level": "LOW", "ats_breakdown": {"severity": 29.7, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2022-0778", "description": "The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-835"], "affected_products": [{"vendor": "openssl", "product": "openssl", "cpe": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*"}, {"vendor": "openssl", "product": "openssl", "cpe": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*"}, {"vendor": "openssl", "product": "openssl", "cpe": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*"}, {"vendor": "debian", "product": "debian_linux", "cpe": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"}, {"vendor": "debian", "product": "debian_linux", "cpe": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"}, {"vendor": "debian", "product": "debian_linux", "cpe": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*"}, {"vendor": "netapp", "product": "cloud_volumes_ontap_mediator", "cpe": "cpe:2.3:a:netapp:cloud_volumes_ontap_mediator:-:*:*:*:*:*:*:*"}, {"vendor": "netapp", "product": "clustered_data_ontap", "cpe": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*"}, {"vendor": "netapp", "product": "clustered_data_ontap_antivirus_connector", "cpe": "cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*"}, {"vendor": "netapp", "product": "santricity_smi-s_provider", "cpe": "cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*"}, {"vendor": "netapp", "product": "storagegrid", "cpe": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*"}, {"vendor": "netapp", "product": "a250_firmware", "cpe": "cpe:2.3:o:netapp:a250_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "netapp", "product": "500f_firmware", "cpe": "cpe:2.3:o:netapp:500f_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "fedoraproject", "product": "fedora", "cpe": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*"}, {"vendor": "fedoraproject", "product": "fedora", "cpe": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*"}, {"vendor": "tenable", "product": "nessus", "cpe": "cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*"}, {"vendor": "tenable", "product": "nessus", "cpe": "cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*"}, {"vendor": "mariadb", "product": "mariadb", "cpe": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*"}, {"vendor": "mariadb", "product": "mariadb", "cpe": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*"}, {"vendor": "mariadb", "product": "mariadb", "cpe": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*"}, {"vendor": "mariadb", "product": "mariadb", "cpe": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*"}, {"vendor": "mariadb", "product": "mariadb", "cpe": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*"}, {"vendor": "mariadb", "product": "mariadb", "cpe": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*"}, {"vendor": "nodejs", "product": "node.js", "cpe": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*"}, {"vendor": "nodejs", "product": "node.js", "cpe": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*"}, {"vendor": "nodejs", "product": "node.js", "cpe": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*"}, {"vendor": "nodejs", "product": "node.js", "cpe": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*"}, {"vendor": "nodejs", "product": "node.js", "cpe": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*"}, {"vendor": "nodejs", "product": "node.js", "cpe": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*"}, {"vendor": "nodejs", "product": "node.js", "cpe": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*"}], "references": [{"url": "http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN_mod_sqrt-Infinite-Loop.html", "source": "openssl-security@openssl.org", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "http://seclists.org/fulldisclosure/2022/May/33", "source": "openssl-security@openssl.org", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "http://seclists.org/fulldisclosure/2022/May/35", "source": "openssl-security@openssl.org", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "http://seclists.org/fulldisclosure/2022/May/38", "source": "openssl-security@openssl.org", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf", "source": "openssl-security@openssl.org", "tags": ["Third Party Advisory"]}, {"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3118eb64934499d93db3230748a452351d1d9a65", "source": "openssl-security@openssl.org", "tags": []}, {"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=380085481c64de749a6dd25cdf0bcf4360b30f83", "source": "openssl-security@openssl.org", "tags": []}, {"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a466912611aa6cbdf550cd10601390e587451246", "source": "openssl-security@openssl.org", "tags": []}, {"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html", "source": "openssl-security@openssl.org", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html", "source": "openssl-security@openssl.org", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/", "source": "openssl-security@openssl.org", "tags": []}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/", "source": "openssl-security@openssl.org", "tags": []}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG/", "source": "openssl-security@openssl.org", "tags": []}, {"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002", "source": "openssl-security@openssl.org", "tags": ["Third Party Advisory"]}, {"url": "https://security.gentoo.org/glsa/202210-02", "source": "openssl-security@openssl.org", "tags": ["Third Party Advisory"]}, {"url": "https://security.netapp.com/advisory/ntap-20220321-0002/", "source": "openssl-security@openssl.org", "tags": ["Third Party Advisory"]}, {"url": "https://security.netapp.com/advisory/ntap-20220429-0005/", "source": "openssl-security@openssl.org", "tags": ["Third Party Advisory"]}, {"url": "https://security.netapp.com/advisory/ntap-20240621-0006/", "source": "openssl-security@openssl.org", "tags": []}, {"url": "https://support.apple.com/kb/HT213255", "source": "openssl-security@openssl.org", "tags": ["Third Party Advisory"]}, {"url": "https://support.apple.com/kb/HT213256", "source": "openssl-security@openssl.org", "tags": ["Third Party Advisory"]}, {"url": "https://support.apple.com/kb/HT213257", "source": "openssl-security@openssl.org", "tags": ["Third Party Advisory"]}, {"url": "https://www.debian.org/security/2022/dsa-5103", "source": "openssl-security@openssl.org", "tags": ["Third Party Advisory"]}, {"url": "https://www.openssl.org/news/secadv/20220315.txt", "source": "openssl-security@openssl.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "source": "openssl-security@openssl.org", "tags": ["Third Party Advisory"]}, {"url": "https://www.oracle.com/security-alerts/cpujul2022.html", "source": "openssl-security@openssl.org", "tags": ["Third Party Advisory"]}, {"url": "https://www.tenable.com/security/tns-2022-06", "source": "openssl-security@openssl.org", "tags": ["Third Party Advisory"]}, {"url": "https://www.tenable.com/security/tns-2022-07", "source": "openssl-security@openssl.org", "tags": ["Third Party Advisory"]}, {"url": "https://www.tenable.com/security/tns-2022-08", "source": "openssl-security@openssl.org", "tags": ["Third Party Advisory"]}, {"url": "https://www.tenable.com/security/tns-2022-09", "source": "openssl-security@openssl.org", "tags": ["Third Party Advisory"]}, {"url": "http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN_mod_sqrt-Infinite-Loop.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "http://seclists.org/fulldisclosure/2022/May/33", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "http://seclists.org/fulldisclosure/2022/May/35", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "http://seclists.org/fulldisclosure/2022/May/38", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3118eb64934499d93db3230748a452351d1d9a65", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=380085481c64de749a6dd25cdf0bcf4360b30f83", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a466912611aa6cbdf550cd10601390e587451246", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG/", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://security.gentoo.org/glsa/202210-02", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://security.netapp.com/advisory/ntap-20220321-0002/", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://security.netapp.com/advisory/ntap-20220429-0005/", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://security.netapp.com/advisory/ntap-20240621-0006/", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://support.apple.com/kb/HT213255", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://support.apple.com/kb/HT213256", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://support.apple.com/kb/HT213257", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://www.debian.org/security/2022/dsa-5103", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://www.openssl.org/news/secadv/20220315.txt", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"]}, {"url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://www.oracle.com/security-alerts/cpujul2022.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://www.tenable.com/security/tns-2022-06", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://www.tenable.com/security/tns-2022-07", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://www.tenable.com/security/tns-2022-08", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://www.tenable.com/security/tns-2022-09", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-019200.html", "source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e", "tags": []}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-028723.html", "source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e", "tags": []}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-108696.html", "source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e", "tags": []}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-398330.html", "source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e", "tags": []}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-712929.html", "source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e", "tags": []}], "published": "2022-03-15T17:15:08.513", "last_modified": "2026-04-14T10:16:21.510", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.07128, "epss_percentile": 0.91552, "social_posts": 0, "social_repos": 0, "has_poc": true, "poc_urls": [{"url": "https://github.com/drago-96/CVE-2022-0778", "name": "drago-96/CVE-2022-0778", "stars": 184, "description": "Proof of concept for CVE-2022-0778, which triggers an infinite loop in parsing X.509 certificates due to a bug in BN_mod_sqrt"}, {"url": "https://github.com/jkakavas/CVE-2022-0778-POC", "name": "jkakavas/CVE-2022-0778-POC", "stars": 11, "description": null}, {"url": "https://github.com/yywing/cve-2022-0778", "name": "yywing/cve-2022-0778", "stars": 10, "description": null}, {"url": "https://github.com/0xUhaw/CVE-2022-0778", "name": "0xUhaw/CVE-2022-0778", "stars": 2, "description": "Proof of concept for CVE-2022-0778 in P12 and PEM format"}, {"url": "https://github.com/jeongjunsoo/CVE-2022-0778", "name": "jeongjunsoo/CVE-2022-0778", "stars": 0, "description": null}], "nuclei_template": null, "mitre_techniques": [], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 1.8, "weaponization": 5, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-3034", "description": "Memory safety bugs present in Firefox 136 and Thunderbird 136. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 137 and Thunderbird 137.", "cvss_score": 8.1, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-787"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1894100%2C1934086%2C1950360", "source": "security@mozilla.org", "tags": ["Broken Link", "Issue Tracking"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-20/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-23/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-04-01T13:15:41.790", "last_modified": "2026-04-13T15:16:57.333", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00322, "epss_percentile": 0.55259, "social_posts": 0, "social_repos": 0, "has_poc": true, "poc_urls": [{"url": "https://github.com/natasaka/CVE-2025-30349", "name": "natasaka/CVE-2025-30349", "stars": 1, "description": "Horde IMP (through 6.2.27) vulnerability – obfuscation via HTML encoding – XSS payload"}], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 24.3, "exploit_probability": 0.1, "weaponization": 5, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-5268", "description": "Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 139, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11.", "cvss_score": 8.1, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-119"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1950136%2C1958121%2C1960499%2C1962634", "source": "security@mozilla.org", "tags": ["Broken Link"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-42/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-44/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-45/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-46/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00043.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00046.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-05-27T13:15:22.610", "last_modified": "2026-04-13T15:17:04.673", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00436, "epss_percentile": 0.63, "social_posts": 0, "social_repos": 0, "has_poc": true, "poc_urls": [{"url": "https://github.com/joelczk/CVE-2025-52688", "name": "joelczk/CVE-2025-52688", "stars": 2, "description": null}, {"url": "https://github.com/UltimateHG/CVE-2025-52689-PoC", "name": "UltimateHG/CVE-2025-52689-PoC", "stars": 0, "description": null}], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 24.3, "exploit_probability": 0.1, "weaponization": 5, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-5269", "description": "Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox ESR 128.11 and Thunderbird 128.11.", "cvss_score": 8.1, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-787"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1924108", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-44/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-46/", "source": "security@mozilla.org", "tags": []}, {"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00043.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00046.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-05-27T13:15:22.717", "last_modified": "2026-04-13T15:17:04.917", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00428, "epss_percentile": 0.62452, "social_posts": 0, "social_repos": 0, "has_poc": true, "poc_urls": [{"url": "https://github.com/rxerium/CVE-2025-52691", "name": "rxerium/CVE-2025-52691", "stars": 19, "description": "Detection for CVE-2025-52691"}, {"url": "https://github.com/watchtowrlabs/watchTowr-vs-SmarterMail-CVE-2025-52691", "name": "watchtowrlabs/watchTowr-vs-SmarterMail-CVE-2025-52691", "stars": 18, "description": null}, {"url": "https://github.com/DeathShotXD/CVE-2025-52691-APT-PoC", "name": "DeathShotXD/CVE-2025-52691-APT-PoC", "stars": 3, "description": "An enhanced proof-of-concept exploit for CVE-2025-52691 (SmarterMail Arbitrary File Upload RCE) with APT-level features like stealth obfuscation, persistence, exfiltration, and interactive mode. For educational and authorized testing only. Credits to the original PoC by yt2w/CVE-2025-52691."}, {"url": "https://github.com/yt2w/CVE-2025-52691", "name": "yt2w/CVE-2025-52691", "stars": 3, "description": null}, {"url": "https://github.com/Winz18/CVE-2025-52694-POC", "name": "Winz18/CVE-2025-52694-POC", "stars": 3, "description": "CVE-2025-52694 Critical SQL Injection in Advantech IoTSuite/SaaS-Composer"}], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 24.3, "exploit_probability": 0.1, "weaponization": 5, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-6433", "description": "If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was able to provide a WebAuthn challenge that the user would be prompted to complete.  This is in violation of the WebAuthN spec which requires \"a secure transport established without errors\". This vulnerability was fixed in Firefox 140 and Thunderbird 140.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-295"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1954033", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-51/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-54/", "source": "security@mozilla.org", "tags": []}], "published": "2025-06-24T13:15:24.327", "last_modified": "2026-04-13T15:17:07.807", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00063, "epss_percentile": 0.19515, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1557", "name": "Adversary-in-the-Middle", "tactic": "Credential Access"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-8028", "description": "On arm64, a WASM `br_table` instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-1332"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1971581", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-56/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-57/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-58/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-59/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-61/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-62/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-63/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00016.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-07-22T21:15:49.953", "last_modified": "2026-04-13T15:17:08.743", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00178, "epss_percentile": 0.39425, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-8031", "description": "The `username:password` part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-276"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1971719", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-56/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-58/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-59/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-61/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-62/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-63/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00016.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-07-22T21:15:50.257", "last_modified": "2026-04-13T15:17:09.433", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00132, "epss_percentile": 0.32749, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-8038", "description": "Thunderbird ignored paths when checking the validity of navigations in a frame. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-345"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1808979", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-56/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-59/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-61/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-63/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-07-22T21:15:50.960", "last_modified": "2026-04-13T15:17:11.023", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00054, "epss_percentile": 0.16692, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-8043", "description": "Focus incorrectly truncated URLs towards the beginning instead of around the origin. This vulnerability was fixed in Firefox 141.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-451"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1970209", "source": "security@mozilla.org", "tags": ["Exploit", "Issue Tracking"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-56/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-07-22T21:15:51.263", "last_modified": "2026-04-13T15:17:12.743", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00149, "epss_percentile": 0.3542, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-8044", "description": "Memory safety bugs present in Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 141 and Thunderbird 141.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-119"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1933572%2C1971116", "source": "security@mozilla.org", "tags": ["Broken Link"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-56/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-61/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-07-22T21:15:51.363", "last_modified": "2026-04-13T15:17:12.973", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00097, "epss_percentile": 0.26815, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-54143", "description": "Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent page. This vulnerability was fixed in Firefox for iOS 141.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-693"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:iphone_os:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1912671", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-60/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-08-19T21:15:27.557", "last_modified": "2026-04-13T15:17:01.840", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00069, "epss_percentile": 0.21261, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-55031", "description": "Malicious pages could use Firefox for iOS to pass FIDO: links to the OS and trigger the hybrid passkey transport. An attacker within Bluetooth range could have used this to trick the user into using their passkey to log the attacker's computer into the target account. This vulnerability was fixed in Firefox for iOS 142 and Focus for iOS 142.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-601"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:iphone_os:*:*"}, {"vendor": "mozilla", "product": "firefox_focus", "cpe": "cpe:2.3:a:mozilla:firefox_focus:*:*:*:*:*:iphone_os:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1979499", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1979804", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-68/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-69/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-08-19T21:15:28.340", "last_modified": "2026-04-13T15:17:02.840", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00088, "epss_percentile": 0.25034, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-8042", "description": "Firefox for Android allowed a sandboxed iframe without the `allow-downloads` attribute to start downloads. This vulnerability was fixed in Firefox 141.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-732"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1791322", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-56/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-08-19T21:15:29.383", "last_modified": "2026-04-13T15:17:12.573", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00067, "epss_percentile": 0.20742, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-9179", "description": "An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process. This vulnerability was fixed in Firefox 142, Firefox ESR 115.27, Firefox ESR 128.14, Firefox ESR 140.2, Thunderbird 142, Thunderbird 128.14, and Thunderbird 140.2.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-119"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1979527", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-64/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-65/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-66/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-67/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-70/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-71/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-72/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00016.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00018.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-08-19T21:15:30.247", "last_modified": "2026-04-13T15:17:13.367", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00117, "epss_percentile": 0.30583, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-9187", "description": "Memory safety bugs present in Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 142 and Thunderbird 142.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-119"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1825621%2C1970079%2C1976736%2C1979072", "source": "security@mozilla.org", "tags": ["Broken Link"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-64/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-70/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-08-19T21:15:31.303", "last_modified": "2026-04-13T15:17:15.060", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00066, "epss_percentile": 0.20288, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-11708", "description": "Use-after-free in MediaTrackGraphImpl::GetInstance(). This vulnerability was fixed in Firefox 144, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-416"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1988931", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-81/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-83/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-84/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-85/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00015.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00031.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-10-14T13:15:36.970", "last_modified": "2026-04-13T15:16:39.173", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00082, "epss_percentile": 0.24108, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-11709", "description": "A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-787"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1989127", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-81/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-82/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-83/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-84/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-85/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00015.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00031.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-10-14T13:15:37.093", "last_modified": "2026-04-13T15:16:39.383", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00097, "epss_percentile": 0.26686, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-11710", "description": "A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised process. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-200"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1989899", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-81/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-82/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-83/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-84/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-85/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00015.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00031.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-10-14T13:15:37.203", "last_modified": "2026-04-13T15:16:39.603", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00097, "epss_percentile": 0.26686, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1005", "name": "Data from Local System", "tactic": "Collection"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-11719", "description": "Starting in Thunderbird 143, the use of the native messaging API by web extensions on Windows could lead to crashes caused by use-after-free memory corruption. This vulnerability was fixed in Firefox 144 and Thunderbird 144.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-416", "CWE-416"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1991950", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-81/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-84/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-10-14T13:15:38.287", "last_modified": "2026-04-13T15:16:41.257", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00061, "epss_percentile": 0.18945, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-11721", "description": "Memory safety bug present in Firefox 143 and Thunderbird 143. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 144 and Thunderbird 144.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-119", "CWE-119"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1986816", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-81/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-84/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-10-14T13:15:38.520", "last_modified": "2026-04-13T15:16:41.590", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00061, "epss_percentile": 0.18945, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-12380", "description": "Starting with Firefox 142, it was possible for a compromised child process to trigger a use-after-free in the GPU or browser process using WebGPU-related IPC calls. This may have been usable to escape the child process sandbox. This vulnerability was fixed in Firefox 144.0.2.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-416"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1993113", "source": "security@mozilla.org", "tags": ["Permissions Required", "Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-86/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-10-28T14:15:57.860", "last_modified": "2026-04-13T15:16:41.757", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00056, "epss_percentile": 0.17503, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-13021", "description": "Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and Thunderbird 145.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-703"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1986431", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-87/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-90/", "source": "security@mozilla.org", "tags": []}], "published": "2025-11-11T16:15:39.193", "last_modified": "2026-04-13T15:16:43.530", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00051, "epss_percentile": 0.1598, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-13022", "description": "Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and Thunderbird 145.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-703"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1988488", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-87/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-90/", "source": "security@mozilla.org", "tags": []}], "published": "2025-11-11T16:15:39.287", "last_modified": "2026-04-13T15:16:43.687", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00051, "epss_percentile": 0.1598, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-13023", "description": "Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and Thunderbird 145.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-703"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1992032", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-87/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-90/", "source": "security@mozilla.org", "tags": []}], "published": "2025-11-11T16:15:39.403", "last_modified": "2026-04-13T15:16:43.857", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00051, "epss_percentile": 0.1598, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-13024", "description": "JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 145 and Thunderbird 145.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-733"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1992902", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-87/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-90/", "source": "security@mozilla.org", "tags": []}], "published": "2025-11-11T16:15:39.510", "last_modified": "2026-04-13T15:16:44.140", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00051, "epss_percentile": 0.1598, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-13026", "description": "Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and Thunderbird 145.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-703"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1994441", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-87/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-90/", "source": "security@mozilla.org", "tags": []}], "published": "2025-11-11T16:15:39.713", "last_modified": "2026-04-13T15:16:44.463", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00051, "epss_percentile": 0.1598, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-14321", "description": "Use-after-free in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-416", "CWE-416"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1992760", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-92/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-94/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-95/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-96/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-12-09T16:17:39.410", "last_modified": "2026-04-13T15:16:44.820", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00086, "epss_percentile": 0.24811, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-14324", "description": "JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-94"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1996840", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-92/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-93/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-94/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-95/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-96/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-12-09T16:17:39.890", "last_modified": "2026-04-13T15:16:45.403", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00096, "epss_percentile": 0.26599, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-14326", "description": "Use-after-free in the Audio/Video: GMP component. This vulnerability was fixed in Firefox 146 and Thunderbird 146.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-416", "CWE-416"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1840666", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-92/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-95/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-12-09T16:17:40.120", "last_modified": "2026-04-13T15:16:45.783", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00077, "epss_percentile": 0.22902, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-14330", "description": "JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-119", "CWE-686", "CWE-843"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1997503", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-92/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-94/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-95/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-96/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-12-09T16:17:40.670", "last_modified": "2026-04-13T15:16:46.490", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0009, "epss_percentile": 0.25394, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-14860", "description": "Use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 146.0.1.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-416"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2000597", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-98/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-12-18T15:15:53.057", "last_modified": "2026-04-13T15:16:47.413", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00067, "epss_percentile": 0.20764, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-0879", "description": "Sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-119"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2004602", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-02/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-03/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-05/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-01-13T14:16:38.463", "last_modified": "2026-04-13T15:17:16.533", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00026, "epss_percentile": 0.07219, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-0884", "description": "Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-416"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2003588", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-03/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-05/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-01-13T14:16:38.950", "last_modified": "2026-04-13T15:17:17.393", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00026, "epss_percentile": 0.07089, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-0892", "description": "Memory safety bugs present in Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 147 and Thunderbird 147.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-119"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1986912%2C1996718%2C1999633%2C2001081%2C2004443", "source": "security@mozilla.org", "tags": ["Broken Link"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-01-13T14:16:39.723", "last_modified": "2026-04-13T15:17:18.797", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00023, "epss_percentile": 0.06045, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-67484", "description": "Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiFormatXml.Php.\n\nThis issue affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-20"], "affected_products": [{"vendor": "mediawiki", "product": "mediawiki", "cpe": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*"}, {"vendor": "mediawiki", "product": "mediawiki", "cpe": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*"}, {"vendor": "mediawiki", "product": "mediawiki", "cpe": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*"}, {"vendor": "mediawiki", "product": "mediawiki", "cpe": "cpe:2.3:a:mediawiki:mediawiki:1.45.0:*:*:*:*:*:*:*"}], "references": [{"url": "https://phabricator.wikimedia.org/T401995", "source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc", "tags": ["Permissions Required"]}], "published": "2026-02-03T02:16:09.593", "last_modified": "2026-04-14T13:26:32.290", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0004, "epss_percentile": 0.11896, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-24465", "description": "Stack-based buffer overflow vulnerability exists in ELECOM wireless LAN access point devices. A crafted packet may lead to arbitrary code execution.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-121"], "affected_products": [{"vendor": "elecom", "product": "wab-s300iw-pd_firmware", "cpe": "cpe:2.3:o:elecom:wab-s300iw-pd_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "elecom", "product": "wab-s733iw-pd_firmware", "cpe": "cpe:2.3:o:elecom:wab-s733iw-pd_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "elecom", "product": "wrc-x1500gsa-b_firmware", "cpe": "cpe:2.3:o:elecom:wrc-x1500gsa-b_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "elecom", "product": "wrc-x1500gs-b_firmware", "cpe": "cpe:2.3:o:elecom:wrc-x1500gs-b_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "elecom", "product": "wab-s300iw2-pd_firmware", "cpe": "cpe:2.3:o:elecom:wab-s300iw2-pd_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "elecom", "product": "wab-s300iw-ac_firmware", "cpe": "cpe:2.3:o:elecom:wab-s300iw-ac_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "elecom", "product": "wab-s733iw2-pd_firmware", "cpe": "cpe:2.3:o:elecom:wab-s733iw2-pd_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "elecom", "product": "wab-s733iw-ac_firmware", "cpe": "cpe:2.3:o:elecom:wab-s733iw-ac_firmware:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://jvn.jp/en/jp/JVN94012927/", "source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory"]}, {"url": "https://www.elecom.co.jp/news/security/20260203-01/", "source": "vultures@jpcert.or.jp", "tags": ["Vendor Advisory"]}, {"url": "https://www.elecom.co.jp/news/security/20260203-02/", "source": "vultures@jpcert.or.jp", "tags": ["Vendor Advisory"]}], "published": "2026-02-03T07:16:13.127", "last_modified": "2026-04-14T12:59:18.737", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00029, "epss_percentile": 0.08052, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2634", "description": "Malicious scripts could cause desynchronization between the address bar and web content before a response is received in Firefox iOS, allowing attacker-controlled pages to be presented under spoofed domains. This vulnerability was fixed in Firefox for iOS 147.4.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-451"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:iphone_os:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1975529", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-12/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-02-24T14:16:23.810", "last_modified": "2026-04-13T15:17:20.170", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00063, "epss_percentile": 0.19343, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2757", "description": "Incorrect boundary conditions in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-1384"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2001637", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-14/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-02-24T14:16:23.927", "last_modified": "2026-04-13T15:17:20.360", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00066, "epss_percentile": 0.20384, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2758", "description": "Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-416", "CWE-416"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2009608", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-14/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-02-24T14:16:24.037", "last_modified": "2026-04-13T15:17:20.577", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00066, "epss_percentile": 0.20384, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2759", "description": "Incorrect boundary conditions in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-1384"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2010933", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-14/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-02-24T14:16:24.147", "last_modified": "2026-04-13T15:17:20.757", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00066, "epss_percentile": 0.20384, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2762", "description": "Integer overflow in the JavaScript: Standard Library component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-190", "CWE-190"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2011649", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-02-24T14:16:24.480", "last_modified": "2026-04-13T15:17:21.310", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00065, "epss_percentile": 0.2006, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2763", "description": "Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-416", "CWE-416"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2012018", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-14/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-02-24T14:16:24.620", "last_modified": "2026-04-13T15:17:21.500", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00023, "epss_percentile": 0.06239, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2764", "description": "JIT miscompilation, use-after-free in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-416", "CWE-416"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2012608", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-14/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-02-24T14:16:24.737", "last_modified": "2026-04-13T15:17:21.690", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00024, "epss_percentile": 0.06451, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2765", "description": "Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-416", "CWE-416"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2013562", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-02-24T14:16:24.860", "last_modified": "2026-04-13T15:17:21.870", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00023, "epss_percentile": 0.06124, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2766", "description": "Use-after-free in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-416", "CWE-416"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2013583", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-02-24T14:16:24.973", "last_modified": "2026-04-13T15:17:22.677", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00023, "epss_percentile": 0.06124, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2767", "description": "Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-416", "CWE-416"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2013741", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-02-24T14:16:25.080", "last_modified": "2026-04-13T15:17:22.853", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00049, "epss_percentile": 0.1494, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2770", "description": "Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-416", "CWE-416"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014585", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-14/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-02-24T14:16:25.397", "last_modified": "2026-04-13T15:17:23.423", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0005, "epss_percentile": 0.15258, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2771", "description": "Undefined behavior in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-125"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014593", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-14/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-02-24T14:16:25.497", "last_modified": "2026-04-13T15:17:23.603", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00066, "epss_percentile": 0.20384, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2772", "description": "Use-after-free in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-416", "CWE-416"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014827", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-14/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-02-24T14:16:25.603", "last_modified": "2026-04-13T15:17:23.797", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0005, "epss_percentile": 0.15258, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2773", "description": "Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-119"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014832", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-14/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-02-24T14:16:25.703", "last_modified": "2026-04-13T15:17:23.983", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00028, "epss_percentile": 0.07823, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2774", "description": "Integer overflow in the Audio/Video component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-190", "CWE-190"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014883", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-14/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-02-24T14:16:25.810", "last_modified": "2026-04-13T15:17:24.183", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0005, "epss_percentile": 0.15258, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2775", "description": "Mitigation bypass in the DOM: HTML Parser component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-288"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2015199", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-14/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-02-24T14:16:25.917", "last_modified": "2026-04-13T15:17:24.390", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00027, "epss_percentile": 0.07551, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2777", "description": "Privilege escalation in the Messaging System component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-269"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2015305", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-14/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-02-24T14:16:26.123", "last_modified": "2026-04-13T15:17:24.797", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00064, "epss_percentile": 0.19831, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2779", "description": "Incorrect boundary conditions in the Networking: JAR component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-119"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1164141", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-02-24T14:16:26.330", "last_modified": "2026-04-13T15:17:25.303", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00065, "epss_percentile": 0.2006, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2780", "description": "Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-269"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2007829", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-02-24T14:16:26.437", "last_modified": "2026-04-13T15:17:25.533", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00017, "epss_percentile": 0.03974, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2781", "description": "Integer overflow in the Libraries component in NSS. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-190", "CWE-190"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2009552", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2026/03/msg00012.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2026-02-24T14:16:26.533", "last_modified": "2026-04-13T15:17:25.730", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0005, "epss_percentile": 0.15258, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2782", "description": "Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-269"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2010743", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-02-24T14:16:26.640", "last_modified": "2026-04-13T15:17:25.930", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00051, "epss_percentile": 0.15706, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2784", "description": "Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-288"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2012984", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-02-24T14:16:26.847", "last_modified": "2026-04-13T15:17:26.317", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00063, "epss_percentile": 0.19439, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2785", "description": "Invalid pointer in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-824", "CWE-824"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2013549", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-02-24T14:16:26.950", "last_modified": "2026-04-13T15:17:26.507", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00049, "epss_percentile": 0.1494, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2786", "description": "Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-416"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2013612", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-02-24T14:16:27.053", "last_modified": "2026-04-13T15:17:26.700", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00049, "epss_percentile": 0.1494, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2787", "description": "Use-after-free in the DOM: Window and Location component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-416", "CWE-416"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014560", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-14/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-02-24T14:16:27.157", "last_modified": "2026-04-13T15:17:26.887", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0005, "epss_percentile": 0.15258, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2788", "description": "Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-119"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014824", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-14/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-02-24T14:16:27.260", "last_modified": "2026-04-13T15:17:27.087", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00023, "epss_percentile": 0.06239, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2789", "description": "Use-after-free in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-416", "CWE-416"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2015179", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-14/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-02-24T14:16:27.370", "last_modified": "2026-04-13T15:17:27.283", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0005, "epss_percentile": 0.15258, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2790", "description": "Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-346"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2008426", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-02-24T14:16:27.473", "last_modified": "2026-04-13T15:17:27.487", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00022, "epss_percentile": 0.05881, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2791", "description": "Mitigation bypass in the Networking: Cache component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-288"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2015220", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-02-24T14:16:27.580", "last_modified": "2026-04-13T15:17:27.687", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00027, "epss_percentile": 0.07405, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2792", "description": "Memory safety bugs present in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-787", "CWE-787"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=2008912%2C2010050%2C2010275%2C2012331", "source": "security@mozilla.org", "tags": ["Broken Link"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-02-24T14:16:27.680", "last_modified": "2026-04-13T15:17:27.900", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0007, "epss_percentile": 0.21285, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2793", "description": "Memory safety bugs present in Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-787", "CWE-787"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=2015196%2C2016423%2C2016498", "source": "security@mozilla.org", "tags": ["Broken Link"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-14/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-02-24T14:16:27.787", "last_modified": "2026-04-13T15:17:28.113", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00071, "epss_percentile": 0.21643, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2795", "description": "Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-416", "CWE-416"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2010940", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-02-24T14:16:28.000", "last_modified": "2026-04-13T15:17:28.800", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00046, "epss_percentile": 0.13996, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2796", "description": "JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-843", "CWE-843"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2013165", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-02-24T14:16:28.100", "last_modified": "2026-04-13T15:17:28.997", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00087, "epss_percentile": 0.24915, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2797", "description": "Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-416", "CWE-416"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2013561", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-02-24T14:16:28.200", "last_modified": "2026-04-13T15:17:29.217", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00046, "epss_percentile": 0.13996, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2799", "description": "Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-416", "CWE-416"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014551", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-02-24T14:16:28.400", "last_modified": "2026-04-13T15:17:30.013", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00046, "epss_percentile": 0.13996, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2800", "description": "Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability was fixed in Firefox 148 and Thunderbird 148.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-290"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1988145", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-02-24T14:16:28.503", "last_modified": "2026-04-13T15:17:30.570", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00059, "epss_percentile": 0.1846, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2805", "description": "Invalid pointer in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-824"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014549", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-02-24T14:16:29.010", "last_modified": "2026-04-13T15:17:31.857", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00022, "epss_percentile": 0.05786, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2807", "description": "Memory safety bugs present in Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 148 and Thunderbird 148.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-787", "CWE-787"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1756056%2C1999402%2C2004872%2C2006037%2C2012855", "source": "security@mozilla.org", "tags": ["Broken Link"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-02-24T14:16:29.220", "last_modified": "2026-04-13T15:17:32.213", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00061, "epss_percentile": 0.18981, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-28292", "description": "`simple-git`, an interface for running git commands in any node.js application, has an issue in versions 3.15.0 through 3.32.2 that allows an attacker to bypass two prior CVE fixes (CVE-2022-25860 and CVE-2022-25912) and achieve full remote code execution on the host machine. Version 3.23.0 contains an updated fix for the vulnerability.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-78", "CWE-178"], "affected_products": [{"vendor": "simple-git_project", "product": "simple-git", "cpe": "cpe:2.3:a:simple-git_project:simple-git:*:*:*:*:*:node.js:*:*"}], "references": [{"url": "https://github.com/steveukx/git-js/commit/f7042088aa2dac59e3c49a84d7a2f4b26048a257", "source": "security-advisories@github.com", "tags": ["Patch"]}, {"url": "https://github.com/steveukx/git-js/security/advisories/GHSA-r275-fr43-pm7q", "source": "security-advisories@github.com", "tags": []}, {"url": "https://www.codeant.ai/security-research/security-research-simple-git-remote-code-execution-cve-2026-28292", "source": "security-advisories@github.com", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://www.codeant.ai/security-research/simple-git-remote-code-execution-cve-2026-28292", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": []}], "published": "2026-03-10T19:17:20.840", "last_modified": "2026-04-14T16:16:38.047", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00092, "epss_percentile": 0.25763, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2017-20223", "description": "Telesquare SKT LTE Router SDT-CS3B1 firmware version 1.2.0 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization and access resources by manipulating user-supplied input parameters. Attackers can directly reference objects in the system to retrieve sensitive information and access functionalities without proper access controls.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-639"], "affected_products": [{"vendor": "telesquare", "product": "sdt-cs3b1_firmware", "cpe": "cpe:2.3:o:telesquare:sdt-cs3b1_firmware:1.2.0:*:*:*:*:*:*:*"}], "references": [{"url": "https://cxsecurity.com/issue/WLB-2017120297", "source": "disclosure@vulncheck.com", "tags": ["Issue Tracking"]}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/136993", "source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"]}, {"url": "https://packetstormsecurity.com/files/145551", "source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"]}, {"url": "https://www.exploit-db.com/exploits/43402/", "source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://www.vulncheck.com/advisories/telesquare-skt-lte-router-sdt-cs3b1-insecure-direct-object-reference", "source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"]}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5445.php", "source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"]}], "published": "2026-03-16T14:17:52.347", "last_modified": "2026-04-14T16:57:27.823", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0007, "epss_percentile": 0.21285, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32191", "description": "Improper neutralization of special elements used in an os command ('os command injection') in Microsoft Bing Images allows an unauthorized attacker to execute code over a network.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-78"], "affected_products": [{"vendor": "microsoft", "product": "bing_images", "cpe": "cpe:2.3:a:microsoft:bing_images:-:*:*:*:*:*:*:*"}], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32191", "source": "secure@microsoft.com", "tags": ["Vendor Advisory"]}], "published": "2026-03-19T21:17:10.400", "last_modified": "2026-04-14T16:35:56.453", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00097, "epss_percentile": 0.26731, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32194", "description": "Improper neutralization of special elements used in a command ('command injection') in Microsoft Bing Images allows an unauthorized attacker to execute code over a network.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-77"], "affected_products": [{"vendor": "microsoft", "product": "bing_images", "cpe": "cpe:2.3:a:microsoft:bing_images:-:*:*:*:*:*:*:*"}], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32194", "source": "secure@microsoft.com", "tags": ["Vendor Advisory"]}], "published": "2026-03-19T22:16:41.130", "last_modified": "2026-04-14T16:35:28.323", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00097, "epss_percentile": 0.26731, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2024-44722", "description": "SysAK v2.0 and before is vulnerable to command execution via aaa;cat /etc/passwd.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-94"], "affected_products": [{"vendor": "anolis", "product": "sysak", "cpe": "cpe:2.3:a:anolis:sysak:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://gist.github.com/0x00dream2/9984c109101c0b1e352f8ee9ad5e40fe#file-cve-2024-44722", "source": "cve@mitre.org", "tags": ["Third Party Advisory"]}, {"url": "https://gitee.com/anolis/sysak", "source": "cve@mitre.org", "tags": ["Product"]}], "published": "2026-03-20T14:16:13.373", "last_modified": "2026-04-14T20:48:22.810", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00085, "epss_percentile": 0.24599, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4691", "description": "Use-after-free in the CSS Parsing and Computation component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-416", "CWE-416"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2017512", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-21/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "source": "security@mozilla.org", "tags": []}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "source": "security@mozilla.org", "tags": []}], "published": "2026-03-24T13:16:04.937", "last_modified": "2026-04-13T15:17:37.860", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00035, "epss_percentile": 0.10065, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4696", "description": "Use-after-free in the Layout: Text and Fonts component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-416", "CWE-416"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2020190", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-21/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "source": "security@mozilla.org", "tags": []}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "source": "security@mozilla.org", "tags": []}], "published": "2026-03-24T13:16:05.590", "last_modified": "2026-04-13T15:17:38.810", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00027, "epss_percentile": 0.07431, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4698", "description": "JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-843", "CWE-843"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2020906", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-21/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "source": "security@mozilla.org", "tags": []}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "source": "security@mozilla.org", "tags": []}], "published": "2026-03-24T13:16:05.783", "last_modified": "2026-04-13T15:17:39.170", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00027, "epss_percentile": 0.07431, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4700", "description": "Mitigation bypass in the Networking: HTTP component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-288"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2003766", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "source": "security@mozilla.org", "tags": []}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "source": "security@mozilla.org", "tags": []}], "published": "2026-03-24T13:16:06.003", "last_modified": "2026-04-13T15:17:39.530", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00022, "epss_percentile": 0.05885, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4701", "description": "Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-416", "CWE-416"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2009303", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "source": "security@mozilla.org", "tags": []}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "source": "security@mozilla.org", "tags": []}], "published": "2026-03-24T13:16:06.103", "last_modified": "2026-04-13T15:17:39.750", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00023, "epss_percentile": 0.06051, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4702", "description": "JIT miscompilation in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-843", "CWE-843"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2013560", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "source": "security@mozilla.org", "tags": []}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "source": "security@mozilla.org", "tags": []}], "published": "2026-03-24T13:16:06.207", "last_modified": "2026-04-13T15:17:39.957", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00023, "epss_percentile": 0.06051, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4705", "description": "Undefined behavior in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-758"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014873", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "source": "security@mozilla.org", "tags": []}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "source": "security@mozilla.org", "tags": []}], "published": "2026-03-24T13:16:06.403", "last_modified": "2026-04-13T15:17:40.393", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00021, "epss_percentile": 0.05552, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4710", "description": "Incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-119"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016370", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-03-24T13:16:06.910", "last_modified": "2026-04-13T15:17:42.167", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00023, "epss_percentile": 0.06051, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4711", "description": "Use-after-free in the Widget: Cocoa component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-416", "CWE-416"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2017002", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "source": "security@mozilla.org", "tags": []}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "source": "security@mozilla.org", "tags": []}], "published": "2026-03-24T13:16:07.010", "last_modified": "2026-04-13T15:17:42.370", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00023, "epss_percentile": 0.06051, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4717", "description": "Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": [], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2021695", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "source": "security@mozilla.org", "tags": []}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "source": "security@mozilla.org", "tags": []}], "published": "2026-03-24T13:16:07.600", "last_modified": "2026-04-13T15:17:43.440", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00023, "epss_percentile": 0.06051, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4720", "description": "Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-120"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=2004652%2C2019372%2C2021922%2C2022567%2C2022733", "source": "security@mozilla.org", "tags": ["Broken Link"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-03-24T13:16:07.893", "last_modified": "2026-04-13T15:17:44.017", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00023, "epss_percentile": 0.06051, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4721", "description": "Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-120"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=2013762%2C2015291%2C2016591%2C2016661%2C2016664%2C2017303%2C2017894%2C2018090%2C2018196%2C2018379%2C2019112%2C2022090%2C2022243%2C2022351%2C2022478%2C2022676", "source": "security@mozilla.org", "tags": ["Broken Link"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-21/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-03-24T13:16:07.990", "last_modified": "2026-04-13T15:17:44.200", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00023, "epss_percentile": 0.06159, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4723", "description": "Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 149 and Thunderbird 149.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-416", "CWE-416"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2013573", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "source": "security@mozilla.org", "tags": []}], "published": "2026-03-24T13:16:08.190", "last_modified": "2026-04-13T15:17:44.557", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0002, "epss_percentile": 0.05283, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4729", "description": "Memory safety bugs present in Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149 and Thunderbird 149.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-120"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1944033%2C1997282%2C2009213%2C2011412%2C2021925%2C2022034", "source": "security@mozilla.org", "tags": ["Broken Link"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-03-24T13:16:08.830", "last_modified": "2026-04-13T15:17:45.597", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0002, "epss_percentile": 0.05283, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33729", "description": "OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. In versions prior to 1.13.1, under specific conditions, models using conditions with caching enabled can result in two different check requests producing the same cache key. This can result in OpenFGA reusing an earlier cached result for a different request. Users are affected if the model has relations which rely on condition evaluation andncaching is enabled. OpenFGA v1.13.1 contains a patch.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-20", "CWE-345", "CWE-1289"], "affected_products": [{"vendor": "openfga", "product": "openfga", "cpe": "cpe:2.3:a:openfga:openfga:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/openfga/openfga/commit/049b50ccd2cc7e163bd897f3d17a7b859ad146f8", "source": "security-advisories@github.com", "tags": ["Patch"]}, {"url": "https://github.com/openfga/openfga/releases/tag/v1.13.1", "source": "security-advisories@github.com", "tags": ["Release Notes"]}, {"url": "https://github.com/openfga/openfga/security/advisories/GHSA-h6c8-cww8-35hf", "source": "security-advisories@github.com", "tags": ["Vendor Advisory"]}], "published": "2026-03-27T01:16:20.367", "last_modified": "2026-04-14T01:04:41.103", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00016, "epss_percentile": 0.03357, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35053", "description": "OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, the Worker service's ManualAPI exposes workflow execution endpoints (GET /workflow/manual/run/:workflowId and POST /workflow/manual/run/:workflowId) without any authentication middleware. An attacker who can obtain or guess a workflow ID can trigger arbitrary workflow execution with attacker-controlled input data, enabling JavaScript code execution, notification abuse, and data manipulation. This issue has been patched in version 10.0.42.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-306"], "affected_products": [{"vendor": "hackerbay", "product": "oneuptime", "cpe": "cpe:2.3:a:hackerbay:oneuptime:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/OneUptime/oneuptime/releases/tag/10.0.42", "source": "security-advisories@github.com", "tags": ["Product", "Release Notes"]}, {"url": "https://github.com/OneUptime/oneuptime/security/advisories/GHSA-6c3w-7xg4-4cf7", "source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"]}], "published": "2026-04-02T20:16:29.117", "last_modified": "2026-04-13T18:46:50.110", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00115, "epss_percentile": 0.30087, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34934", "description": "PraisonAI is a multi-agent teams system. Prior to version 4.5.90, the get_all_user_threads function constructs raw SQL queries using f-strings with unescaped thread IDs fetched from the database. An attacker stores a malicious thread ID via update_thread. When the application loads the thread list, the injected payload executes and grants full database access. This issue has been patched in version 4.5.90.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-89"], "affected_products": [{"vendor": "praison", "product": "praisonai", "cpe": "cpe:2.3:a:praison:praisonai:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-9cq8-3v94-434g", "source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"]}], "published": "2026-04-03T23:17:05.533", "last_modified": "2026-04-14T18:15:14.820", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00063, "epss_percentile": 0.19398, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34935", "description": "PraisonAI is a multi-agent teams system. From version 4.5.15 to before version 4.5.69, the --mcp CLI argument is passed directly to shlex.split() and forwarded through the call chain to anyio.open_process() with no validation, allowlist check, or sanitization at any hop, allowing arbitrary OS command execution as the process user. This issue has been patched in version 4.5.69.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-78"], "affected_products": [{"vendor": "praison", "product": "praisonai", "cpe": "cpe:2.3:a:praison:praisonai:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/MervinPraison/PraisonAI/commit/47bff65413beaa3c21bf633c1fae4e684348368c", "source": "security-advisories@github.com", "tags": ["Patch"]}, {"url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-9gm9-c8mq-vq7m", "source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"]}], "published": "2026-04-03T23:17:05.693", "last_modified": "2026-04-14T18:14:51.930", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0011, "epss_percentile": 0.2927, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5731", "description": "Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149.0.2, Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird 149.0.2, and Thunderbird 140.9.1.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-119"], "affected_products": [], "references": [{"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=2021894%2C2022225%2C2022252%2C2022294%2C2023007%2C2023130%2C2023191%2C2023364%2C2023829%2C2024074%2C2024417%2C2024433%2C2024436%2C2024437%2C2024453%2C2024461%2C2024462%2C2024472%2C2024474%2C2024477%2C2025364%2C2025401%2C2025402%2C2025472%2C2026287%2C2026299%2C2026305%2C2026426", "source": "security@mozilla.org", "tags": []}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-25/", "source": "security@mozilla.org", "tags": []}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-26/", "source": "security@mozilla.org", "tags": []}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-27/", "source": "security@mozilla.org", "tags": []}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-28/", "source": "security@mozilla.org", "tags": []}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-29/", "source": "security@mozilla.org", "tags": []}], "published": "2026-04-07T13:16:47.347", "last_modified": "2026-04-13T15:17:46.240", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00072, "epss_percentile": 0.21832, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5734", "description": "Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149.0.2, Firefox ESR 140.9.1, Thunderbird 149.0.2, and Thunderbird 140.9.1.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-787", "CWE-120"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=2022369%2C2023026%2C2023545%2C2023555%2C2023958%2C2025422%2C2025468%2C2025492%2C2025505", "source": "security@mozilla.org", "tags": ["Broken Link", "Issue Tracking"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-25/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-27/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-28/", "source": "security@mozilla.org", "tags": []}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-29/", "source": "security@mozilla.org", "tags": []}], "published": "2026-04-07T13:16:47.667", "last_modified": "2026-04-13T15:17:46.820", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00059, "epss_percentile": 0.18514, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5735", "description": "Memory safety bugs present in Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149.0.2 and Thunderbird 149.0.2.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-787"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=2025475%2C2025477", "source": "security@mozilla.org", "tags": ["Broken Link", "Issue Tracking"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-25/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-28/", "source": "security@mozilla.org", "tags": []}], "published": "2026-04-07T13:16:47.763", "last_modified": "2026-04-13T15:17:47.010", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00052, "epss_percentile": 0.16248, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-52909", "description": "An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1280, 1330, 1380, 1480, 1580, W920, W930, and W1000. Incorrect Handling of the NL80211 vendor command leads to a buffer overflow via a certain ioctl message, issue 2 of 2.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-120"], "affected_products": [{"vendor": "samsung", "product": "exynos_1280_firmware", "cpe": "cpe:2.3:o:samsung:exynos_1280_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "exynos_1330_firmware", "cpe": "cpe:2.3:o:samsung:exynos_1330_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "exynos_1380_firmware", "cpe": "cpe:2.3:o:samsung:exynos_1380_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "exynos_1480_firmware", "cpe": "cpe:2.3:o:samsung:exynos_1480_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "exynos_1580_firmware", "cpe": "cpe:2.3:o:samsung:exynos_1580_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "exynos_850_firmware", "cpe": "cpe:2.3:o:samsung:exynos_850_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "exynos_980_firmware", "cpe": "cpe:2.3:o:samsung:exynos_980_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "exynos_w930_firmware", "cpe": "cpe:2.3:o:samsung:exynos_w930_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "exynos_w920_firmware", "cpe": "cpe:2.3:o:samsung:exynos_w920_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "exynos_w1000_firmware", "cpe": "cpe:2.3:o:samsung:exynos_w1000_firmware:-:*:*:*:*:*:*:*"}], "references": [{"url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/", "source": "cve@mitre.org", "tags": ["Vendor Advisory"]}, {"url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-52909/", "source": "cve@mitre.org", "tags": ["Vendor Advisory"]}], "published": "2026-04-07T15:17:32.490", "last_modified": "2026-04-13T16:17:47.063", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00053, "epss_percentile": 0.16359, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-62818", "description": "An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. An out-of-bounds write occurs due to a mismatch between the TP-UDHI and UDL values when processing an SMS TP-UD packet.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-787"], "affected_products": [{"vendor": "samsung", "product": "exynos_990_firmware", "cpe": "cpe:2.3:o:samsung:exynos_990_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "exynos_980_firmware", "cpe": "cpe:2.3:o:samsung:exynos_980_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "exynos_850_firmware", "cpe": "cpe:2.3:o:samsung:exynos_850_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "exynos_1080_firmware", "cpe": "cpe:2.3:o:samsung:exynos_1080_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "exynos_1280_firmware", "cpe": "cpe:2.3:o:samsung:exynos_1280_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "exynos_1330_firmware", "cpe": "cpe:2.3:o:samsung:exynos_1330_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "exynos_1380_firmware", "cpe": "cpe:2.3:o:samsung:exynos_1380_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "exynos_1480_firmware", "cpe": "cpe:2.3:o:samsung:exynos_1480_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "exynos_1580_firmware", "cpe": "cpe:2.3:o:samsung:exynos_1580_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "exynos_9110_firmware", "cpe": "cpe:2.3:o:samsung:exynos_9110_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "exynos_2100_firmware", "cpe": "cpe:2.3:o:samsung:exynos_2100_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "exynos_2200_firmware", "cpe": "cpe:2.3:o:samsung:exynos_2200_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "exynos_2400_firmware", "cpe": "cpe:2.3:o:samsung:exynos_2400_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "exynos_2500_firmware", "cpe": "cpe:2.3:o:samsung:exynos_2500_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "exynos_w930_firmware", "cpe": "cpe:2.3:o:samsung:exynos_w930_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "exynos_w920_firmware", "cpe": "cpe:2.3:o:samsung:exynos_w920_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "exynos_w1000_firmware", "cpe": "cpe:2.3:o:samsung:exynos_w1000_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "exynos_modem_5400_firmware", "cpe": "cpe:2.3:o:samsung:exynos_modem_5400_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "exynos_modem_5300_firmware", "cpe": "cpe:2.3:o:samsung:exynos_modem_5300_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "exynos_modem_5123_firmware", "cpe": "cpe:2.3:o:samsung:exynos_modem_5123_firmware:-:*:*:*:*:*:*:*"}], "references": [{"url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/", "source": "cve@mitre.org", "tags": ["Vendor Advisory"]}, {"url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-62818/", "source": "cve@mitre.org", "tags": ["Vendor Advisory"]}], "published": "2026-04-07T15:17:34.060", "last_modified": "2026-04-13T15:31:39.197", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00052, "epss_percentile": 0.16059, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-30079", "description": "In OpenAirInterface V2.2.0 AMF, Out of sequence messages causes incorrect state transition during UE registration procedure. This allows authentication to be bypassed completely. If a SecurityModeComplete message is sent after InitialUERegistration, a registration reject is received followed by a registration accept! This leads the UE to be registered without proper authentication.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-288"], "affected_products": [{"vendor": "openairinterface", "product": "oai-cn5g-amf", "cpe": "cpe:2.3:a:openairinterface:oai-cn5g-amf:2.2.0:*:*:*:*:*:*:*"}], "references": [{"url": "https://gitlab.eurecom.fr/oai/cn5g/oai-cn5g-amf/-/issues/77", "source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}], "published": "2026-04-07T15:17:38.267", "last_modified": "2026-04-14T15:45:37.633", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00066, "epss_percentile": 0.2041, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35458", "description": "Gotenberg is an API for converting document formats. In 8.29.1 and earlier, Gotenberg uses dlclark/regexp2 to compile user-supplied scope patterns without setting a proper timeout. Users with access to features using this logic can hang workers indefinitely.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-1333"], "affected_products": [{"vendor": "thecodingmachine", "product": "gotenberg", "cpe": "cpe:2.3:a:thecodingmachine:gotenberg:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/gotenberg/gotenberg/security/advisories/GHSA-fmwg-qcqh-m992", "source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"]}], "published": "2026-04-07T15:17:43.733", "last_modified": "2026-04-14T20:27:23.103", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00056, "epss_percentile": 0.1751, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4277", "description": "An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30.\nAdd permissions on inline model instances were not validated on submission of\r\nforged `POST` data in `GenericInlineModelAdmin`.\nEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\nDjango would like to thank N05ec@LZU-DSLab for reporting this issue.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-862"], "affected_products": [{"vendor": "djangoproject", "product": "django", "cpe": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*"}, {"vendor": "djangoproject", "product": "django", "cpe": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*"}, {"vendor": "djangoproject", "product": "django", "cpe": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://docs.djangoproject.com/en/dev/releases/security/", "source": "6a34fbeb-21d4-45e7-8e0a-62b95bc12c92", "tags": ["Patch", "Vendor Advisory"]}, {"url": "https://groups.google.com/g/django-announce", "source": "6a34fbeb-21d4-45e7-8e0a-62b95bc12c92", "tags": ["Release Notes"]}, {"url": "https://www.djangoproject.com/weblog/2026/apr/07/security-releases/", "source": "6a34fbeb-21d4-45e7-8e0a-62b95bc12c92", "tags": ["Patch", "Vendor Advisory"]}], "published": "2026-04-07T15:17:46.500", "last_modified": "2026-04-13T17:37:29.620", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00056, "epss_percentile": 0.17421, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33815", "description": "Memory-safety vulnerability in github.com/jackc/pgx/v5.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": [], "affected_products": [{"vendor": "pgx_project", "product": "pgx", "cpe": "cpe:2.3:a:pgx_project:pgx:*:*:*:*:*:go:*:*"}], "references": [{"url": "https://pkg.go.dev/vuln/GO-2026-4771", "source": "security@golang.org", "tags": ["Third Party Advisory"]}], "published": "2026-04-07T16:16:24.813", "last_modified": "2026-04-14T19:58:43.900", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00056, "epss_percentile": 0.1751, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33816", "description": "Memory-safety vulnerability in github.com/jackc/pgx/v5.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": [], "affected_products": [{"vendor": "pgx_project", "product": "pgx", "cpe": "cpe:2.3:a:pgx_project:pgx:*:*:*:*:*:go:*:*"}], "references": [{"url": "https://pkg.go.dev/vuln/GO-2026-4772", "source": "security@golang.org", "tags": ["Third Party Advisory"]}], "published": "2026-04-07T16:16:24.920", "last_modified": "2026-04-14T20:01:07.160", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00056, "epss_percentile": 0.1751, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35490", "description": "changedetection.io is a free open source web page change detection tool. Prior to 0.54.8, the @login_optionally_required decorator is placed before (outer to) @blueprint.route() instead of after it. In Flask, @route() must be the outermost decorator because it registers the function it receives. When the order is reversed, @route() registers the original undecorated function, and the auth wrapper is never in the call chain. This silently disables authentication on these routes. This vulnerability is fixed in 0.54.8.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-863"], "affected_products": [{"vendor": "webtechnologies", "product": "changedetection", "cpe": "cpe:2.3:a:webtechnologies:changedetection:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-jmrh-xmgh-x9j4", "source": "security-advisories@github.com", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}, {"url": "https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-jmrh-xmgh-x9j4", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}], "published": "2026-04-07T16:16:27.317", "last_modified": "2026-04-14T20:27:38.793", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00019, "epss_percentile": 0.05121, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35614", "description": "Frappe is a full-stack web application framework. Prior to 16.14.0 and 15.104.0, Frappe has a SQL injection in bulk_update. This vulnerability is fixed in 16.14.0 and 15.104.0.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-89"], "affected_products": [{"vendor": "frappe", "product": "frappe", "cpe": "cpe:2.3:a:frappe:frappe:*:*:*:*:*:*:*:*"}, {"vendor": "frappe", "product": "frappe", "cpe": "cpe:2.3:a:frappe:frappe:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/frappe/frappe/security/advisories/GHSA-583g-fg76-fhfr", "source": "security-advisories@github.com", "tags": ["Vendor Advisory"]}], "published": "2026-04-07T17:16:35.753", "last_modified": "2026-04-13T12:57:24.910", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00038, "epss_percentile": 0.1128, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-31272", "description": "MRCMS 3.1.2 contains an access control vulnerability. The save() method in src/main/java/org/marker/mushroom/controller/UserController.java lacks proper authorization validation, enabling direct addition of super administrator accounts without authentication.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-284"], "affected_products": [{"vendor": "mrcms", "product": "mrcms", "cpe": "cpe:2.3:a:mrcms:mrcms:3.1.2:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/clockw1se0v0/Vul/blob/main/MRCMS/Unauthorized.md", "source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"]}], "published": "2026-04-07T18:16:41.143", "last_modified": "2026-04-14T19:32:49.733", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0006, "epss_percentile": 0.18708, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27143", "description": "Arithmetic over induction variables in loops were not correctly checked for underflow or overflow. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": [], "affected_products": [], "references": [{"url": "https://go.dev/cl/763765", "source": "security@golang.org", "tags": []}, {"url": "https://go.dev/issue/78333", "source": "security@golang.org", "tags": []}, {"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "source": "security@golang.org", "tags": []}, {"url": "https://pkg.go.dev/vuln/GO-2026-4868", "source": "security@golang.org", "tags": []}], "published": "2026-04-08T02:16:03.017", "last_modified": "2026-04-13T19:16:38.737", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00024, "epss_percentile": 0.0661, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39620", "description": "Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Appointment appointment allows Upload a Web Shell to a Web Server.This issue affects Appointment: from n/a through <= 3.5.5.", "cvss_score": 9.6, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-352"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Theme/appointment/vulnerability/wordpress-appointment-theme-3-5-5-cross-site-request-forgery-csrf-to-arbitrary-file-upload-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:32.110", "last_modified": "2026-04-14T15:16:35.553", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00011, "epss_percentile": 0.01302, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 28.8, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39640", "description": "Cross-Site Request Forgery (CSRF) vulnerability in mndpsingh287 Theme Editor theme-editor allows Code Injection.This issue affects Theme Editor: from n/a through <= 3.2.", "cvss_score": 9.6, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-352"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/theme-editor/vulnerability/wordpress-theme-editor-plugin-3-2-cross-site-request-forgery-csrf-to-remote-code-execution-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:34.803", "last_modified": "2026-04-14T15:16:36.830", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00011, "epss_percentile": 0.01302, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 28.8, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-31040", "description": "A vulnerability was identified in stata-mcp prior to v1.13.0 where insufficient validation of user-supplied Stata do-file content can lead to command execution.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-94"], "affected_products": [{"vendor": "statamcp", "product": "stata-mcp", "cpe": "cpe:2.3:a:statamcp:stata-mcp:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/SepineTam/stata-mcp/commit/52413ce", "source": "cve@mitre.org", "tags": ["Patch"]}, {"url": "https://github.com/SepineTam/stata-mcp/issues/20", "source": "cve@mitre.org", "tags": ["Vendor Advisory", "Issue Tracking"]}, {"url": "https://github.com/SepineTam/stata-mcp/pull/21", "source": "cve@mitre.org", "tags": ["Issue Tracking"]}, {"url": "https://github.com/SepineTam/stata-mcp/releases/tag/v1.13.0", "source": "cve@mitre.org", "tags": ["Release Notes"]}, {"url": "https://github.com/SepineTam/stata-mcp/issues/20", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Vendor Advisory", "Issue Tracking"]}], "published": "2026-04-08T16:16:22.977", "last_modified": "2026-04-14T19:31:55.037", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00128, "epss_percentile": 0.32213, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33229", "description": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.4.8 and 17.10.1, an improperly protected scripting API allows any user with script right to bypass the sandboxing of the Velocity scripting API and execute, e.g., arbitrary Python scripts, allowing full access to the XWiki instance and thereby compromising the confidentiality, integrity and availability of the whole instance. Note that script right already constitutes a high level of access that we don't recommend giving to untrusted users. This vulnerability is fixed in 17.4.8 and 17.10.1.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-862"], "affected_products": [{"vendor": "xwiki", "product": "xwiki", "cpe": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*"}, {"vendor": "xwiki", "product": "xwiki", "cpe": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/xwiki/xwiki-platform/commit/9fe84da66184c05953df9466cf3a4acd15a46e63", "source": "security-advisories@github.com", "tags": ["Patch"]}, {"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h259-74h5-4rh9", "source": "security-advisories@github.com", "tags": ["Patch", "Vendor Advisory"]}, {"url": "https://jira.xwiki.org/browse/XWIKI-23698", "source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"]}, {"url": "https://jira.xwiki.org/browse/XWIKI-23702", "source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"]}], "published": "2026-04-08T16:16:23.430", "last_modified": "2026-04-14T20:08:07.927", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00147, "epss_percentile": 0.35094, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-52221", "description": "Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the formSetCfm function via the funcname, funcpara1, and funcpara2 parameters.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-787", "CWE-120"], "affected_products": [{"vendor": "tenda", "product": "ac6_firmware", "cpe": "cpe:2.3:o:tenda:ac6_firmware:15.03.05.16_multi:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/faqiadegege/IoTVuln/blob/main/tendaAc6_formSetCfm_funcname_overflow/detail.md", "source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://github.com/xiaotea/iot-vulnerability-collection/blob/main/README.md", "source": "cve@mitre.org", "tags": ["Third Party Advisory"]}], "published": "2026-04-08T18:24:51.257", "last_modified": "2026-04-13T11:36:50.943", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00053, "epss_percentile": 0.16551, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5874", "description": "Use after free in PrivateAI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)", "cvss_score": 9.6, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-416", "CWE-416"], "affected_products": [{"vendor": "google", "product": "chrome", "cpe": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html", "source": "chrome-cve-admin@google.com", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://issues.chromium.org/issues/485397279", "source": "chrome-cve-admin@google.com", "tags": ["Permissions Required"]}], "published": "2026-04-08T22:16:27.003", "last_modified": "2026-04-13T17:57:38.287", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00118, "epss_percentile": 0.30601, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 28.8, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5902", "description": "Race in Media in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to corrupt media stream metadata via a crafted HTML page. (Chromium security severity: Low)", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-362", "CWE-362"], "affected_products": [{"vendor": "google", "product": "chrome", "cpe": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html", "source": "chrome-cve-admin@google.com", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://issues.chromium.org/issues/483109205", "source": "chrome-cve-admin@google.com", "tags": ["Issue Tracking", "Permissions Required"]}], "published": "2026-04-08T22:16:30.080", "last_modified": "2026-04-13T21:14:13.800", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00096, "epss_percentile": 0.26623, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-1830", "description": "The Quick Playground plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.1. This is due to insufficient authorization checks on REST API endpoints that expose a sync code and allow arbitrary file uploads. This makes it possible for unauthenticated attackers to retrieve the sync code, upload PHP files with path traversal, and achieve remote code execution on the server.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://plugins.trac.wordpress.org/browser/quick-playground/trunk/api.php#L39", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/quick-playground/trunk/expro-api.php#L419", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3500839%40quick-playground&new=3500839%40quick-playground&sfp_email=&sfph_mail=", "source": "security@wordfence.com", "tags": []}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/308cd28a-a477-4bc6-a392-ad5a9eca1cb5?source=cve", "source": "security@wordfence.com", "tags": []}], "published": "2026-04-09T05:16:03.420", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00178, "epss_percentile": 0.39408, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5442", "description": "A heap buffer overflow vulnerability exists in the DICOM image decoder. Dimension fields are encoded using Value Representation (VR) Unsigned Long (UL), instead of the expected VR Unsigned Short (US), which allows extremely large dimensions to be processed. This causes an integer overflow during frame size calculation and results in out-of-bounds memory access during image decoding.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-787"], "affected_products": [{"vendor": "orthanc-server", "product": "orthanc", "cpe": "cpe:2.3:a:orthanc-server:orthanc:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://kb.cert.org/vuls/id/536588", "source": "cret@cert.org", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://www.machinespirits.de/", "source": "cret@cert.org", "tags": ["Not Applicable"]}, {"url": "https://www.orthanc-server.com/", "source": "cret@cert.org", "tags": ["Product"]}], "published": "2026-04-09T15:16:16.543", "last_modified": "2026-04-14T20:19:46.320", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00017, "epss_percentile": 0.03894, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5443", "description": "A heap buffer overflow vulnerability exists during the decoding of `PALETTE COLOR` DICOM images. Pixel length validation uses 32-bit multiplication for width and height calculations. If these values overflow, the validation check incorrectly succeeds, allowing the decoder to read and write to memory beyond allocated buffers.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-787"], "affected_products": [{"vendor": "orthanc-server", "product": "orthanc", "cpe": "cpe:2.3:a:orthanc-server:orthanc:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://kb.cert.org/vuls/id/536588", "source": "cret@cert.org", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://www.machinespirits.de/", "source": "cret@cert.org", "tags": ["Not Applicable"]}, {"url": "https://www.orthanc-server.com/", "source": "cret@cert.org", "tags": ["Product"]}], "published": "2026-04-09T15:16:16.653", "last_modified": "2026-04-14T20:19:55.763", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00017, "epss_percentile": 0.03894, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-31170", "description": "An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stun-pass parameter to /cgi-bin/cstecgi.cgi.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-77"], "affected_products": [], "references": [{"url": "https://github.com/Svigo-o/TOTOLINK-Vul/tree/main/totolink-a3300r-stun-pass-cmd-injection", "source": "cve@mitre.org", "tags": []}, {"url": "https://github.com/Svigo-o/TOTOLINK-Vul/tree/main/totolink-a3300r-stun-pass-cmd-injection", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": []}], "published": "2026-04-09T19:16:23.580", "last_modified": "2026-04-14T17:16:49.687", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00013, "epss_percentile": 0.02195, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-13926", "description": "An attacker could use data obtained by sniffing the network traffic to \nforge packets in order to make arbitrary requests to Contemporary \nControls BASC 20T.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-807", "CWE-807"], "affected_products": [], "references": [{"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-099-01.json", "source": "ics-cert@hq.dhs.gov", "tags": []}, {"url": "https://www.ccontrols.com/support/contacttech.htm", "source": "ics-cert@hq.dhs.gov", "tags": []}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-099-01", "source": "ics-cert@hq.dhs.gov", "tags": []}], "published": "2026-04-09T20:16:23.807", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00071, "epss_percentile": 0.21583, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40088", "description": "PraisonAI is a multi-agent teams system. Prior to 4.5.121, the execute_command function and workflow shell execution are exposed to user-controlled input via agent workflows, YAML definitions, and LLM-generated tool calls, allowing attackers to inject arbitrary shell commands through shell metacharacters. This vulnerability is fixed in 4.5.121.", "cvss_score": 9.6, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-78"], "affected_products": [], "references": [{"url": "https://github.com/MervinPraison/PraisonAI/releases/tag/v4.5.121", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-2763-cj5r-c79m", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-09T20:16:27.597", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00052, "epss_percentile": 0.16052, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 28.8, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33784", "description": "A Use of Default Password vulnerability in the Juniper Networks \n\nSupport Insights (JSI) \n\nVirtual Lightweight Collector (vLWC) allows an unauthenticated, network-based attacker to take full control of the device.\n\nvLWC software images ship with an initial password for a high privileged account. A change of this password is not enforced during the provisioning of the software, which can make full access to the system by unauthorized actors possible.This issue affects all versions of vLWC before 3.0.94.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-1393"], "affected_products": [], "references": [{"url": "https://kb.juniper.net/JSA107871", "source": "sirt@juniper.net", "tags": []}], "published": "2026-04-09T22:16:27.820", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00041, "epss_percentile": 0.12437, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34424", "description": "Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla contains a multi-stage remote access toolkit injected through a compromised update system that allows unauthenticated attackers to execute arbitrary code and commands. Attackers can trigger pre-authentication remote shell execution via HTTP headers, establish authenticated backdoors accepting arbitrary PHP code or OS commands, create hidden administrator accounts, exfiltrate credentials and access keys, and maintain persistence through multiple injection points including must-use plugins and core file modifications.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-506"], "affected_products": [], "references": [{"url": "https://mysites.guru/blog/smart-slider-3-pro-supply-chain-compromise/", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://patchstack.com/articles/critical-supply-chain-compromise-in-smart-slider-3-pro-full-malware-analysis/", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://patchstack.com/database/wordpress/plugin/nextend-smart-slider3-pro/vulnerability/wordpress-smart-slider-3-plugin-3-5-1-35-backdoor-vulnerability", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://smartslider.helpscoutdocs.com/article/2143-joomla-security-advisory-smart-slider-3-pro-3-5-1-35-compromise", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://smartslider.helpscoutdocs.com/article/2144-wordpress-security-advisory-smart-slider-3-pro-3-5-1-35-compromise", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-09T23:17:00.540", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00152, "epss_percentile": 0.35907, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-1115", "description": "A Stored Cross-Site Scripting (XSS) vulnerability was identified in the social feature of parisneo/lollms, affecting the latest version prior to 2.2.0. The vulnerability exists in the `create_post` function within `backend/routers/social/__init__.py`, where user-provided content is directly assigned to the `DBPost` model without sanitization. This allows attackers to inject and store malicious JavaScript, which is executed in the browsers of users viewing the Home Feed, including administrators. This can lead to account takeover, session hijacking, and wormable attacks. The issue is resolved in version 2.2.0.", "cvss_score": 9.6, "cvss_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://github.com/parisneo/lollms/commit/9767b882dbc893c388a286856beeaead69b8292a", "source": "security@huntr.dev", "tags": []}, {"url": "https://huntr.com/bounties/099aa4fe-7165-4337-889c-3fb4f1aa71aa", "source": "security@huntr.dev", "tags": []}, {"url": "https://huntr.com/bounties/099aa4fe-7165-4337-889c-3fb4f1aa71aa", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": []}], "published": "2026-04-10T07:16:20.750", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00045, "epss_percentile": 0.13571, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 28.8, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6057", "description": "FalkorDB Browser 1.9.3 contains an unauthenticated path traversal vulnerability in the file upload API that allows remote attackers to write arbitrary files and achieve remote code execution.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-22"], "affected_products": [], "references": [{"url": "https://github.com/FalkorDB/falkordb-browser", "source": "33c584b5-0579-4c06-b2a0-8d8329fcab9c", "tags": []}, {"url": "https://github.com/FalkorDB/falkordb-browser/pull/1611", "source": "33c584b5-0579-4c06-b2a0-8d8329fcab9c", "tags": []}], "published": "2026-04-10T10:16:04.547", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00111, "epss_percentile": 0.29463, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1083", "name": "File and Directory Discovery", "tactic": "Discovery"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-44560", "description": "owntone-server 2ca10d9 is vulnerable to Buffer Overflow due to lack of recursive checking.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-120"], "affected_products": [], "references": [{"url": "https://gist.github.com/wenwenyuyu/517851c3fe38c4f97b2d1940597da2d3", "source": "cve@mitre.org", "tags": []}, {"url": "https://github.com/owntone/owntone-server/issues/1873", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-10T15:16:22.743", "last_modified": "2026-04-14T15:16:23.843", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00018, "epss_percentile": 0.04749, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-29861", "description": "PHP-MYSQL-User-Login-System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at login.php.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-89"], "affected_products": [], "references": [{"url": "https://github.com/amanyadav78/CVE-2026-29861", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-10T15:16:23.477", "last_modified": "2026-04-14T15:16:26.800", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00014, "epss_percentile": 0.02372, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-36232", "description": "A SQL injection vulnerability was found in the instructorClasses.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that the 'classId' parameter from $_GET['classId'] is directly concatenated into the SQL query without any sanitization or validation.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-89"], "affected_products": [{"vendor": "itsourcecode", "product": "online_student_enrollment_system", "cpe": "cpe:2.3:a:itsourcecode:online_student_enrollment_system:1.0:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/Amorsec/CVE-PHP/blob/main/itsourcecode-Online_Student_Enrollment_System_in_instructorClasses.php_sql_injection.pdf", "source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"]}], "published": "2026-04-10T15:16:24.697", "last_modified": "2026-04-14T17:40:07.983", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00014, "epss_percentile": 0.02372, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-36233", "description": "A SQL injection vulnerability was found in the assignInstructorSubjects.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that attackers can inject malicious code via the parameter \"subjcode\" and use it directly in SQL queries without the need for appropriate cleaning or validation.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-89"], "affected_products": [{"vendor": "itsourcecode", "product": "online_student_enrollment_system", "cpe": "cpe:2.3:a:itsourcecode:online_student_enrollment_system:1.0:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/Amorsec/CVE-PHP/blob/main/itsourcecode-Online_Student_Enrollment_System_in_assignInstructorSubjects.php_sql_injection.pdf", "source": "cve@mitre.org", "tags": ["Exploit", "Mitigation", "Third Party Advisory"]}], "published": "2026-04-10T15:16:24.820", "last_modified": "2026-04-14T17:40:18.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00014, "epss_percentile": 0.02372, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-36234", "description": "itsourcecode Online Student Enrollment System v1.0 is vulnerable to SQL Injection in newCourse.php via the 'coursename' parameter.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-89"], "affected_products": [{"vendor": "itsourcecode", "product": "online_student_enrollment_system", "cpe": "cpe:2.3:a:itsourcecode:online_student_enrollment_system:1.0:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/Amorsec/CVE-PHP/blob/main/itsourcecode-Online_Student_Enrollment_System_in_newCourse.php_sql_injection.pdf", "source": "cve@mitre.org", "tags": ["Exploit", "Mitigation", "Third Party Advisory"]}], "published": "2026-04-10T15:16:24.953", "last_modified": "2026-04-14T17:40:46.070", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00014, "epss_percentile": 0.02372, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-36235", "description": "A SQL injection vulnerability was found in the scheduleSubList.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that the 'subjcode' parameter is directly embedded into the SQL query via string interpolation without any sanitization or validation.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-89"], "affected_products": [{"vendor": "itsourcecode", "product": "online_student_enrollment_system", "cpe": "cpe:2.3:a:itsourcecode:online_student_enrollment_system:1.0:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/Amorsec/CVE-PHP/blob/main/itsourcecode-Online_Student_Enrollment_System_in_scheduleSubList.php_sql_injection.pdf", "source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"]}], "published": "2026-04-10T15:16:25.077", "last_modified": "2026-04-14T17:40:30.570", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00014, "epss_percentile": 0.02372, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-36236", "description": "SourceCodester Engineers Online Portal v1.0 is vulnerable to SQL Injection in update_password.php via the new_password parameter.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-89"], "affected_products": [{"vendor": "janobe", "product": "engineers_online_portal", "cpe": "cpe:2.3:a:janobe:engineers_online_portal:1.0:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/Amorsec/CVE-PHP/blob/main/sourcecodester-Engineers_Online_Portal_in_PHP_update_password.php_sql_injection.pdf", "source": "cve@mitre.org", "tags": ["Exploit", "Mitigation", "Third Party Advisory"]}], "published": "2026-04-10T15:16:25.197", "last_modified": "2026-04-14T17:42:10.680", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00014, "epss_percentile": 0.02372, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-23781", "description": "An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A set of default debug user credentials is hardcoded in cleartext within the application package. If left unchanged, these credentials can be easily obtained and may allow unauthorized access to the MFT API debug interface.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-798"], "affected_products": [], "references": [{"url": "https://docs.bmc.com/xwiki/bin/view/Control-M-Orchestration/Control-M/ctm9022/Patches/Control-M-MFT-PAAFP-9-0-22-025/", "source": "cve@mitre.org", "tags": []}, {"url": "https://www.bmc.com/support/resources/issue-defect-management.html", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-10T16:16:30.400", "last_modified": "2026-04-14T15:16:26.173", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00022, "epss_percentile": 0.05866, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1078.001", "name": "Default Accounts", "tactic": "Initial Access"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-30232", "description": "Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.8.5, Chartbrew allows authenticated users to create API data connections with arbitrary URLs. The server fetches these URLs using request-promise without any IP address validation, enabling Server-Side Request Forgery attacks against internal networks and cloud metadata endpoints. This vulnerability is fixed in 4.8.5.", "cvss_score": 9.6, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", "cvss_severity": "CRITICAL", "cwes": ["CWE-918"], "affected_products": [{"vendor": "depomo", "product": "chartbrew", "cpe": "cpe:2.3:a:depomo:chartbrew:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/chartbrew/chartbrew/commit/9c4a7e2b02acb25f0782bd4ac1f16407d59c2df1", "source": "security-advisories@github.com", "tags": ["Patch"]}, {"url": "https://github.com/chartbrew/chartbrew/security/advisories/GHSA-p4rg-967r-w4cv", "source": "security-advisories@github.com", "tags": ["Vendor Advisory"]}], "published": "2026-04-10T20:16:21.323", "last_modified": "2026-04-14T17:26:55.467", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00041, "epss_percentile": 0.12288, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1090", "name": "Proxy", "tactic": "Command and Control"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 28.8, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40189", "description": "goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.4, goshs enforces the documented per-folder .goshs ACL/basic-auth mechanism for directory listings and file reads, but it does not enforce the same authorization checks for state-changing routes. An unauthenticated attacker can upload files with PUT, upload files with multipart POST /upload, create directories with ?mkdir, and delete files with ?delete inside a .goshs-protected directory. By deleting the .goshs file itself, the attacker can remove the folder's auth policy and then access previously protected content without credentials. This results in a critical authorization bypass affecting confidentiality, integrity, and availability. This vulnerability is fixed in 2.0.0-beta.4.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-862"], "affected_products": [{"vendor": "goshs", "product": "goshs", "cpe": "cpe:2.3:a:goshs:goshs:*:*:*:*:*:go:*:*"}, {"vendor": "goshs", "product": "goshs", "cpe": "cpe:2.3:a:goshs:goshs:2.0.0:beta1:*:*:*:go:*:*"}, {"vendor": "goshs", "product": "goshs", "cpe": "cpe:2.3:a:goshs:goshs:2.0.0:beta2:*:*:*:go:*:*"}, {"vendor": "goshs", "product": "goshs", "cpe": "cpe:2.3:a:goshs:goshs:2.0.0:beta3:*:*:*:go:*:*"}], "references": [{"url": "https://github.com/patrickhener/goshs/commit/f212c4f4a126556bab008f79758e21a839ef2c0f", "source": "security-advisories@github.com", "tags": ["Patch"]}, {"url": "https://github.com/patrickhener/goshs/releases/tag/v2.0.0-beta.4", "source": "security-advisories@github.com", "tags": ["Product", "Release Notes"]}, {"url": "https://github.com/patrickhener/goshs/security/advisories/GHSA-wvhv-qcqf-f3cx", "source": "security-advisories@github.com", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}, {"url": "https://github.com/patrickhener/goshs/security/advisories/GHSA-wvhv-qcqf-f3cx", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}], "published": "2026-04-10T20:16:23.890", "last_modified": "2026-04-14T20:08:54.533", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00105, "epss_percentile": 0.28469, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2019-25709", "description": "CF Image Hosting Script 1.6.5 allows unauthenticated attackers to download and decode the application database by accessing the imgdb.db file in the upload/data directory. Attackers can extract delete IDs stored in plaintext from the deserialized database and use them to delete all pictures via the d parameter.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-552"], "affected_products": [], "references": [{"url": "http://forum.codefuture.co.uk/showthread.php?tid=73141", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://davidtavarez.github.io/", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.exploit-db.com/exploits/46094", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/cf-image-hosting-script-unauthorized-database-access", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-12T13:16:33.950", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00058, "epss_percentile": 0.18103, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-31282", "description": "Totara LMS v19.1.5 and before is vulnerable to Incorrect Access Control. The login page code can be manipulated to reveal the login form. An attacker can chain that with missing rate-limit on the login form to launch a brute force attack.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-284"], "affected_products": [], "references": [{"url": "https://github.com/saykino/CVE-2026-31282", "source": "cve@mitre.org", "tags": []}, {"url": "https://www.totara.com/", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-13T15:17:33.100", "last_modified": "2026-04-14T17:16:50.023", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00018, "epss_percentile": 0.04749, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-31283", "description": "In Totara LMS v19.1.5 and before, the forgot password API does not implement rate limiting for the target email address. which can be used for an Email Bombing attack.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-770"], "affected_products": [], "references": [{"url": "https://github.com/saykino/CVE-2026-31283", "source": "cve@mitre.org", "tags": []}, {"url": "https://totara.com/", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-13T15:17:33.220", "last_modified": "2026-04-14T17:16:50.190", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00018, "epss_percentile": 0.04749, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40042", "description": "Pachno 1.0.6 contains an XML external entity injection vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting unsafe XML parsing in the TextParser helper. Attackers can inject malicious XML entities through wiki table syntax and inline tags in issue descriptions, comments, and wiki articles to trigger entity resolution via simplexml_load_string() without LIBXML_NONET restrictions.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-403"], "affected_products": [], "references": [{"url": "https://www.vulncheck.com/advisories/pachno-wiki-textparser-xml-external-entity-injection", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5984.php", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-13T19:16:51.960", "last_modified": "2026-04-13T19:16:51.960", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00045, "epss_percentile": 0.13809, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40044", "description": "Pachno 1.0.6 contains a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting malicious serialized objects into cache files. Attackers can write PHP object payloads to world-writable cache files with predictable names in the cache directory, which are unserialized during framework bootstrap before authentication checks occur.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-502"], "affected_products": [], "references": [{"url": "https://www.vulncheck.com/advisories/pachno-filecache-deserialization-remote-code-execution", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5986.php", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-13T19:16:52.290", "last_modified": "2026-04-13T19:16:52.290", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00136, "epss_percentile": 0.33334, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-22562", "description": "A malicious actor with access to the UniFi Play network could exploit a Path Traversal vulnerability found in the device firmware to write files on the system that could be used for a remote code execution (RCE).\n \nAffected Products:\nUniFi Play PowerAmp (Version 1.0.35 and earlier)
UniFi Play Audio Port  (Version 1.0.24 and earlier)
 \nMitigation:\nUpdate UniFi Play PowerAmp to Version 1.0.38 or later
Update UniFi Play Audio Port  to Version 1.1.9 or later", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-22"], "affected_products": [], "references": [{"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-063/e468dd4b-5090-4ef8-89d8-939903c08e83", "source": "support@hackerone.com", "tags": []}], "published": "2026-04-13T22:16:27.870", "last_modified": "2026-04-13T22:16:27.870", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00114, "epss_percentile": 0.2989, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1083", "name": "File and Directory Discovery", "tactic": "Discovery"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-22563", "description": "A series of Improper Input Validation vulnerabilities could allow a Command Injection by a malicious actor with access to the UniFi Play network.\n \nAffected Products:\nUniFi Play PowerAmp (Version 1.0.35 and earlier)
\nUniFi Play Audio Port  (Version 1.0.24 and earlier)
 \n\nMitigation:\nUpdate UniFi Play PowerAmp to Version 1.0.38 or later
\nUpdate UniFi Play Audio Port  to Version 1.1.9 or later", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-20"], "affected_products": [], "references": [{"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-063/e468dd4b-5090-4ef8-89d8-939903c08e83", "source": "support@hackerone.com", "tags": []}], "published": "2026-04-13T22:16:28.050", "last_modified": "2026-04-13T22:16:28.050", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00083, "epss_percentile": 0.24152, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-22564", "description": "An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play network to enable SSH to make unauthorized changes to the system.
 \n\nAffected Products:\nUniFi Play PowerAmp (Version 1.0.35 and earlier)
\nUniFi Play Audio Port  (Version 1.0.24 and earlier)
 \n\nMitigation:\nUpdate UniFi Play PowerAmp to Version 1.0.38 or later
\nUpdate UniFi Play Audio Port  to Version 1.1.9 or later", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-284"], "affected_products": [], "references": [{"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-063/e468dd4b-5090-4ef8-89d8-939903c08e83", "source": "support@hackerone.com", "tags": []}], "published": "2026-04-13T22:16:28.187", "last_modified": "2026-04-13T22:16:28.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00015, "epss_percentile": 0.02907, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40288", "description": "PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the workflow engine is vulnerable to arbitrary command and code execution through untrusted YAML files. When praisonai workflow run <file.yaml> loads a YAML file with type: job, the JobWorkflowExecutor in job_workflow.py processes steps that support run: (shell commands via subprocess.run()), script: (inline Python via exec()), and python: (arbitrary Python script execution)—all without any validation, sandboxing, or user confirmation. The affected code paths include action_run() in workflow.py and _exec_shell(), _exec_inline_python(), and _exec_python_script() in job_workflow.py. An attacker who can supply or influence a workflow YAML file (particularly in CI pipelines, shared repositories, or multi-tenant deployment environments) can achieve full arbitrary command execution on the host system, compromising the machine and any accessible data or credentials. This issue has been fixed in versions 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-78", "CWE-94"], "affected_products": [], "references": [{"url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-vc46-vw85-3wvm", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-14T04:17:12.210", "last_modified": "2026-04-14T04:17:12.210", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00066, "epss_percentile": 0.20268, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-63939", "description": "Improper input handling in /Grocery/search_products_itname.php, in anirudhkannan Grocery Store Management System 1.0, allows SQL injection via the sitem_name POST parameter.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-89"], "affected_products": [], "references": [{"url": "https://github.com/TREXNEGRO/Security-Advisories/tree/main/CVE-2025-63939", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-14T16:16:33.660", "last_modified": "2026-04-14T18:16:40.807", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-65135", "description": "In manikandan580 School-management-system 1.0, a time-based blind SQL injection vulnerability exists in /studentms/admin/between-date-reprtsdetails.php through the fromdate POST parameter.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-89"], "affected_products": [], "references": [{"url": "https://github.com/TREXNEGRO/Security-Advisories/tree/main/CVE-2025-65135", "source": "cve@mitre.org", "tags": []}, {"url": "https://github.com/TREXNEGRO/Security-Advisories/blob/main/CVE-2025-65135/poc.md", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": []}], "published": "2026-04-14T16:16:34.503", "last_modified": "2026-04-14T18:16:41.207", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39808", "description": "A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unauthorized code or commands via <insert attack vector here>", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-78"], "affected_products": [], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-100", "source": "psirt@fortinet.com", "tags": []}], "published": "2026-04-14T16:16:44.860", "last_modified": "2026-04-14T16:16:44.860", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39813", "description": "A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8 may allow attacker to escalation of privilege via <insert attack vector here>", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-24"], "affected_products": [], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-112", "source": "psirt@fortinet.com", "tags": []}], "published": "2026-04-14T16:16:45.680", "last_modified": "2026-04-14T16:16:45.680", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27303", "description": "Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.", "cvss_score": 9.6, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-502"], "affected_products": [], "references": [{"url": "https://helpx.adobe.com/security/products/connect/apsb26-37.html", "source": "psirt@adobe.com", "tags": []}], "published": "2026-04-14T18:16:56.633", "last_modified": "2026-04-14T18:16:56.633", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 28.8, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33824", "description": "Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network.", "cvss_score": 9.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-415"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33824", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:34.767", "last_modified": "2026-04-14T18:17:34.767", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 29, "ats_level": "LOW", "ats_breakdown": {"severity": 29.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-1015", "description": "The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For example, in the “Other” field of the Instant Messaging section. If another user imported the address book, clicking on the link could result in opening a web page inside Thunderbird, and that page could execute (unprivileged) JavaScript. This vulnerability was fixed in Thunderbird 128.7 and Thunderbird 135.", "cvss_score": 5.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [{"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1939458", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-10/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-11/", "source": "security@mozilla.org", "tags": []}], "published": "2025-02-04T14:15:32.363", "last_modified": "2026-04-13T15:16:50.267", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.25193, "epss_percentile": 0.96188, "social_posts": 0, "social_repos": 0, "has_poc": true, "poc_urls": [{"url": "https://github.com/r3m0t3nu11/CVE-2025-1015", "name": "r3m0t3nu11/CVE-2025-1015", "stars": 3, "description": "an attacker to create and export an address book containing a malicious payload in a field. For example, in the “Other” field of the Instant Messaging section. If another user imported the address book, clicking on the link could result in opening a web page inside Thunderbird, and that page could execute (unprivileged) JavaScript"}], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 28, "ats_level": "LOW", "ats_breakdown": {"severity": 16.2, "exploit_probability": 6.3, "weaponization": 5, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40154", "description": "PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI treats remotely fetched template files as trusted executable code without integrity verification, origin validation, or user confirmation, enabling supply chain attacks through malicious templates. This vulnerability is fixed in 4.5.128.", "cvss_score": 9.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", "cvss_severity": "CRITICAL", "cwes": ["CWE-829"], "affected_products": [], "references": [{"url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-pv9q-275h-rh7x", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-09T22:16:36.503", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00031, "epss_percentile": 0.08705, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 28, "ats_level": "LOW", "ats_breakdown": {"severity": 27.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33707", "description": "Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, the default password reset mechanism generates tokens using sha1($email) with no random component, no expiration, and no rate limiting. An attacker who knows a user's email can compute the reset token and change the victim's password without authentication. This vulnerability is fixed in 1.11.38 and 2.0.0-RC.3.", "cvss_score": 9.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", "cvss_severity": "CRITICAL", "cwes": ["CWE-640"], "affected_products": [], "references": [{"url": "https://github.com/chamilo/chamilo-lms/commit/078d7e5b77679fa7ccfcd6783bd5cc683db0bda8", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/chamilo/chamilo-lms/commit/750a45312a0d5c3ad60dbfbd0d959ca40be4a18c", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-f27g-66gq-g7v2", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-10T19:16:23.950", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00065, "epss_percentile": 0.20204, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 28, "ats_level": "LOW", "ats_breakdown": {"severity": 28.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-31845", "description": "A reflected cross-site scripting (XSS) vulnerability exists in Rukovoditel CRM version 3.6.4 and earlier in the Zadarma telephony API endpoint (/api/tel/zadarma.php). The application directly reflects user-supplied input from the 'zd_echo' GET parameter into the HTTP response without proper sanitization, output encoding, or content-type restrictions.\n\nThe vulnerable code is:\n\nif (isset($_GET['zd_echo'])) exit($_GET['zd_echo']);\n\nAn unauthenticated attacker can exploit this issue by crafting a malicious URL containing JavaScript payloads. When a victim visits the link, the payload executes in the context of the application within the victim's browser, potentially leading to session hijacking, credential theft, phishing, or account takeover.\n\nThe issue is fixed in version 3.7, which introduces proper input validation and output encoding to prevent script injection.", "cvss_score": 9.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", "cvss_severity": "CRITICAL", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://forum.rukovoditel.net/viewtopic.php?p=22499#p22499", "source": "309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c", "tags": []}], "published": "2026-04-11T19:16:28.537", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00017, "epss_percentile": 0.03937, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 28, "ats_level": "LOW", "ats_breakdown": {"severity": 27.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27243", "description": "Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Scope is changed.", "cvss_score": 9.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", "cvss_severity": "CRITICAL", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://helpx.adobe.com/security/products/connect/apsb26-37.html", "source": "psirt@adobe.com", "tags": []}], "published": "2026-04-14T18:16:55.730", "last_modified": "2026-04-14T18:16:55.730", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 28, "ats_level": "LOW", "ats_breakdown": {"severity": 27.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27245", "description": "Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Scope is changed.", "cvss_score": 9.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", "cvss_severity": "CRITICAL", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://helpx.adobe.com/security/products/connect/apsb26-37.html", "source": "psirt@adobe.com", "tags": []}], "published": "2026-04-14T18:16:55.890", "last_modified": "2026-04-14T18:16:55.890", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 28, "ats_level": "LOW", "ats_breakdown": {"severity": 27.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27246", "description": "Adobe Connect versions 2025.3, 12.10 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed.", "cvss_score": 9.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", "cvss_severity": "CRITICAL", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://helpx.adobe.com/security/products/connect/apsb26-37.html", "source": "psirt@adobe.com", "tags": []}], "published": "2026-04-14T18:16:56.050", "last_modified": "2026-04-14T18:16:56.050", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 28, "ats_level": "LOW", "ats_breakdown": {"severity": 27.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32201", "description": "Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-20"], "affected_products": [{"vendor": "microsoft", "product": "sharepoint_server", "cpe": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*"}, {"vendor": "microsoft", "product": "sharepoint_server", "cpe": "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*"}, {"vendor": "microsoft", "product": "sharepoint_server", "cpe": "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*"}], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201", "source": "secure@microsoft.com", "tags": ["Vendor Advisory"]}, {"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-32201", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["US Government Resource"]}], "published": "2026-04-14T18:17:27.160", "last_modified": "2026-04-14T19:37:08.297", "days_since_publish": 999, "source": "nvd", "in_kev": true, "kev_data": {"vendor": "Microsoft", "product": "SharePoint Server", "vulnerability_name": "Microsoft SharePoint Server Improper Input Validation Vulnerability", "date_added": "2026-04-14", "due_date": "2026-04-28", "ransomware_use": "Unknown", "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable."}, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 28, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 8, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34615", "description": "Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.", "cvss_score": 9.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", "cvss_severity": "CRITICAL", "cwes": ["CWE-502"], "affected_products": [], "references": [{"url": "https://helpx.adobe.com/security/products/connect/apsb26-37.html", "source": "psirt@adobe.com", "tags": []}], "published": "2026-04-14T18:17:36.373", "last_modified": "2026-04-14T18:17:36.373", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 28, "ats_level": "LOW", "ats_breakdown": {"severity": 27.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5752", "description": "Sandbox Escape Vulnerability in Terrarium allows arbitrary code execution with root privileges on a host process via JavaScript prototype chain traversal.", "cvss_score": 9.3, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": [], "affected_products": [], "references": [{"url": "https://github.com/cohere-ai/cohere-terrarium", "source": "cret@cert.org", "tags": []}, {"url": "https://kb.cert.org/vuls/id/414811", "source": "cret@cert.org", "tags": []}], "published": "2026-04-14T18:17:39.360", "last_modified": "2026-04-14T20:16:48.400", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 28, "ats_level": "LOW", "ats_breakdown": {"severity": 27.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2022-36323", "description": "Affected devices do not properly sanitize an input field.  This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell.", "cvss_score": 9.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-74"], "affected_products": [{"vendor": "siemens", "product": "scalance_m-800_firmware", "cpe": "cpe:2.3:o:siemens:scalance_m-800_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_s615_firmware", "cpe": "cpe:2.3:o:siemens:scalance_s615_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_sc-600_firmware", "cpe": "cpe:2.3:o:siemens:scalance_sc-600_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_sc622-2c_firmware", "cpe": "cpe:2.3:o:siemens:scalance_sc622-2c_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_sc632-2c_firmware", "cpe": "cpe:2.3:o:siemens:scalance_sc632-2c_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_sc636-2c_firmware", "cpe": "cpe:2.3:o:siemens:scalance_sc636-2c_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_sc642-2c_firmware", "cpe": "cpe:2.3:o:siemens:scalance_sc642-2c_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_sc646-2c_firmware", "cpe": "cpe:2.3:o:siemens:scalance_sc646-2c_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_w700_ieee_802.11ax_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w700_ieee_802.11ax_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_w700_ieee_802.11n_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w700_ieee_802.11n_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_w700_ieee_802.11ac_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w700_ieee_802.11ac_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xb-200_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xb-200_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xb205-3_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xb205-3_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xb205-3ld_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xb205-3ld_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xb208_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xb208_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xb213-3_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xb213-3_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xb213-3ld_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xb213-3ld_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xb216_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xb216_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc-200_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc-200_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc206-2_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc206-2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc206-2g_poe__firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc206-2g_poe__firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc206-2g_poe_eec_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc206-2g_poe_eec_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc206-2sfp_eec_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc206-2sfp_eec_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc206-2sfp_g_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc206-2sfp_g_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc206-2sfp_g_\\(e\\/ip\\)_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc206-2sfp_g_\\(e\\/ip\\)_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc206-2sfp_g_eec_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc206-2sfp_g_eec_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc208_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc208_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc208eec_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc208eec_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc208g_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc208g_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc208g_\\(e\\/ip\\)_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc208g_\\(e\\/ip\\)_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc208g_eec_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc208g_eec_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc208g_poe_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc208g_poe_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc216_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc216_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc216-4c_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc216-4c_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc216-4c_g_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc216-4c_g_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc216-4c_g_\\(e\\/ip\\)_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc216-4c_g_\\(e\\/ip\\)_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc216-4c_g_eec_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc216-4c_g_eec_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc216eec_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc216eec_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc224__firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc224__firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc224-4c_g__firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc224-4c_g__firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc224-4c_g_\\(e\\/ip\\)_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc224-4c_g_\\(e\\/ip\\)_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc224-4c_g_eec_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc224-4c_g_eec_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xf-200ba_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xf-200ba_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xf204-2ba_dna_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xf204-2ba_dna_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xf204-2ba_irt_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xf204-2ba_irt_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xm400_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xm400_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xm408-4c_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xm408-4c_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xm408-4c_l3_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xm408-4c_l3_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xm408-8c_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xm408-8c_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xm408-8c_l3_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xm408-8c_l3_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xm416-4c_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xm416-4c_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xm416-4c_l3_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xm416-4c_l3_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xp-200_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xp-200_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xp208_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xp208_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xp208_\\(eip\\)_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xp208_\\(eip\\)_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xp208eec_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xp208eec_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xp208poe_eec_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xp208poe_eec_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xp216_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xp216_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xp216_\\(eip\\)_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xp216_\\(eip\\)_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xp216eec_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xp216eec_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xp216poe_eec_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xp216poe_eec_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr-300_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr-300_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr-300eec_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr-300eec_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr-300poe_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr-300poe_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr-300wg_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr-300wg_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr324-12m_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr324-12m_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr324-12m_ts_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr324-12m_ts_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr324-4m_eec_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr324-4m_eec_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr324-4m_poe_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr324-4m_poe_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr324-4m_poe_ts_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr324-4m_poe_ts_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr324wg_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr324wg_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr326-2c_poe_wg_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr326-2c_poe_wg_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr328-4c_wg_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr328-4c_wg_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr500_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr500_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr524_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr524_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr524-8c_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr524-8c_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr524-8c_l3_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr524-8c_l3_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr526_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr526_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr526-8c_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr526-8c_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr526-8c_l3_firmware", "cpe": "cpe:2.3:h:siemens:scalance_xr526-8c_l3_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr528_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr528_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr528-6m_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr528-6m_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr528-6m_2hr2_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr528-6m_2hr2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr528-6m_2hr2_l3_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr528-6m_2hr2_l3_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr528-6m_l3_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr528-6m_l3_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr552_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr552_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr552-12_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr552-12_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr552-12m_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr552-12m_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr552-12m_2hr2_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr552-12m_2hr2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr552-12m_2hr2_l3_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr552-12m_2hr2_l3_firmware:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-019200.html", "source": "productcert@siemens.com", "tags": []}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-710008.html", "source": "productcert@siemens.com", "tags": []}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-710008.pdf", "source": "productcert@siemens.com", "tags": ["Patch", "Vendor Advisory"]}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-710008.pdf", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"]}], "published": "2022-08-10T12:15:12.863", "last_modified": "2026-04-14T09:16:29.610", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.006, "epss_percentile": 0.69456, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 27, "ats_level": "LOW", "ats_breakdown": {"severity": 27.3, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2023-44373", "description": "Affected devices do not properly sanitize an input field.  This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. Follow-up of CVE-2022-36323.", "cvss_score": 9.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-74"], "affected_products": [{"vendor": "siemens", "product": "6gk5205-3bb00-2ab2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5205-3bb00-2ab2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5205-3bb00-2tb2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5205-3bb00-2tb2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5205-3bd00-2tb2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5205-3bd00-2tb2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5205-3bd00-2ab2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5205-3bd00-2ab2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5205-3bf00-2tb2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5205-3bf00-2tb2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5205-3bf00-2ab2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5205-3bf00-2ab2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5208-0ba00-2tb2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5208-0ba00-2tb2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5208-0ba00-2ab2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5208-0ba00-2ab2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5213-3bd00-2tb2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5213-3bd00-2tb2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5213-3bd00-2ab2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5213-3bd00-2ab2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5213-3bb00-2tb2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5213-3bb00-2tb2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5213-3bb00-2ab2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5213-3bb00-2ab2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5213-3bf00-2tb2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5213-3bf00-2tb2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5213-3bf00-2ab2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5213-3bf00-2ab2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5216-0ba00-2tb2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5216-0ba00-2tb2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5216-0ba00-2ab2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5216-0ba00-2ab2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5206-2bd00-2ac2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5206-2bd00-2ac2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5206-2bb00-2ac2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5206-2bb00-2ac2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5206-2rs00-2ac2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5206-2rs00-2ac2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5206-2rs00-5ac2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5206-2rs00-5ac2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5206-2rs00-5fc2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5206-2rs00-5fc2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5206-2bs00-2ac2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5206-2bs00-2ac2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5206-2bs00-2fc2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5206-2bs00-2fc2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5206-2gs00-2ac2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5206-2gs00-2ac2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5206-2gs00-2tc2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5206-2gs00-2tc2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5206-2gs00-2fc2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5206-2gs00-2fc2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5208-0ba00-2ac2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5208-0ba00-2ac2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5208-0ba00-2fc2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5208-0ba00-2fc2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5208-0ga00-2ac2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5208-0ga00-2ac2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5208-0ga00-2tc2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5208-0ga00-2tc2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5208-0ga00-2fc2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5208-0ga00-2fc2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5208-0ra00-2ac2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5208-0ra00-2ac2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5208-0ra00-5ac2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5208-0ra00-5ac2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5216-0ba00-2ac2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5216-0ba00-2ac2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5216-3rs00-2ac2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5216-3rs00-2ac2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5216-3rs00-5ac2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5216-3rs00-5ac2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5216-4bs00-2ac2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5216-4bs00-2ac2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5216-4gs00-2ac2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5216-4gs00-2ac2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5216-4gs00-2tc2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5216-4gs00-2tc2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5216-4gs00-2fc2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5216-4gs00-2fc2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5216-0ba00-2fc2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5216-0ba00-2fc2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5224-0ba00-2ac2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5224-0ba00-2ac2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5224-4gs00-2ac2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5224-4gs00-2ac2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5224-4gs00-2tc2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5224-4gs00-2tc2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5224-4gs00-2fc2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5224-4gs00-2fc2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5204-0ba00-2gf2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5204-0ba00-2gf2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5204-0ba00-2yf2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5204-0ba00-2yf2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5204-2aa00-2gf2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5204-2aa00-2gf2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5204-2aa00-2yf2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5204-2aa00-2yf2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5208-0ha00-2as6_firmware", "cpe": "cpe:2.3:o:siemens:6gk5208-0ha00-2as6_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5208-0ha00-2ts6_firmware", "cpe": "cpe:2.3:o:siemens:6gk5208-0ha00-2ts6_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5208-0ha00-2es6_firmware", "cpe": "cpe:2.3:o:siemens:6gk5208-0ha00-2es6_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5208-0ua00-5es6_firmware", "cpe": "cpe:2.3:o:siemens:6gk5208-0ua00-5es6_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5216-0ha00-2as6_firmware", "cpe": "cpe:2.3:o:siemens:6gk5216-0ha00-2as6_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5216-0ha00-2ts6_firmware", "cpe": "cpe:2.3:o:siemens:6gk5216-0ha00-2ts6_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5216-0ha00-2es6_firmware", "cpe": "cpe:2.3:o:siemens:6gk5216-0ha00-2es6_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5216-0ua00-5es6_firmware", "cpe": "cpe:2.3:o:siemens:6gk5216-0ua00-5es6_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5324-0ba00-3ar3_firmware", "cpe": "cpe:2.3:o:siemens:6gk5324-0ba00-3ar3_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5324-0ba00-2ar3_firmware", "cpe": "cpe:2.3:o:siemens:6gk5324-0ba00-2ar3_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5326-2qs00-3ar3_firmware", "cpe": "cpe:2.3:o:siemens:6gk5326-2qs00-3ar3_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5326-2qs00-3rr3_firmware", "cpe": "cpe:2.3:o:siemens:6gk5326-2qs00-3rr3_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5328-4fs00-3ar3_firmware", "cpe": "cpe:2.3:o:siemens:6gk5328-4fs00-3ar3_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5328-4fs00-3rr3_firmware", "cpe": "cpe:2.3:o:siemens:6gk5328-4fs00-3rr3_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5328-4fs00-2ar3_firmware", "cpe": "cpe:2.3:o:siemens:6gk5328-4fs00-2ar3_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5328-4fs00-2rr3_firmware", "cpe": "cpe:2.3:o:siemens:6gk5328-4fs00-2rr3_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5328-4ss00-3ar3_firmware", "cpe": "cpe:2.3:o:siemens:6gk5328-4ss00-3ar3_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5328-4ss00-2ar3_firmware", "cpe": "cpe:2.3:o:siemens:6gk5328-4ss00-2ar3_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6ag1206-2bb00-7ac2_firmware", "cpe": "cpe:2.3:o:siemens:6ag1206-2bb00-7ac2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6ag1206-2bs00-7ac2_firmware", "cpe": "cpe:2.3:o:siemens:6ag1206-2bs00-7ac2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6ag1208-0ba00-7ac2_firmware", "cpe": "cpe:2.3:o:siemens:6ag1208-0ba00-7ac2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6ag1216-4bs00-7ac2_firmware", "cpe": "cpe:2.3:o:siemens:6ag1216-4bs00-7ac2_firmware:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-019200.html", "source": "productcert@siemens.com", "tags": []}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-180704.html", "source": "productcert@siemens.com", "tags": []}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-602936.html", "source": "productcert@siemens.com", "tags": []}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-690517.html", "source": "productcert@siemens.com", "tags": []}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-699386.html", "source": "productcert@siemens.com", "tags": []}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-721642.html", "source": "productcert@siemens.com", "tags": []}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-180704.pdf", "source": "productcert@siemens.com", "tags": []}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-699386.pdf", "source": "productcert@siemens.com", "tags": ["Vendor Advisory"]}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-180704.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-602936.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-690517.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-699386.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-180704.pdf", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-699386.pdf", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"]}], "published": "2023-11-14T11:15:13.417", "last_modified": "2026-04-14T09:16:33.397", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00533, "epss_percentile": 0.67387, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 27, "ats_level": "LOW", "ats_breakdown": {"severity": 27.3, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-1941", "description": "Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed (distinct from CVE-2025-0245). This vulnerability was fixed in Firefox 136.", "cvss_score": 9.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "cvss_severity": "CRITICAL", "cwes": ["CWE-284"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1944665", "source": "security@mozilla.org", "tags": ["Issue Tracking"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-14/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-03-04T14:15:39.063", "last_modified": "2026-04-13T15:16:53.777", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00066, "epss_percentile": 0.20443, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 27, "ats_level": "LOW", "ats_breakdown": {"severity": 27.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-4083", "description": "A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape. This vulnerability was fixed in Firefox 138, Firefox ESR 128.10, Firefox ESR 115.23, Thunderbird 138, and Thunderbird 128.10.", "cvss_score": 9.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "cvss_severity": "CRITICAL", "cwes": ["CWE-653"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1958350", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-28/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-29/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-30/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-31/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-32/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00024.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-04-29T14:15:35.003", "last_modified": "2026-04-13T15:16:59.477", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00406, "epss_percentile": 0.61076, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 27, "ats_level": "LOW", "ats_breakdown": {"severity": 27.3, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-6427", "description": "An attacker was able to bypass the `connect-src` directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools. This vulnerability was fixed in Firefox 140 and Thunderbird 140.", "cvss_score": 9.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "cvss_severity": "CRITICAL", "cwes": ["CWE-693"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1966927", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-51/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-54/", "source": "security@mozilla.org", "tags": []}], "published": "2025-06-24T13:15:23.650", "last_modified": "2026-04-13T15:17:06.703", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00087, "epss_percentile": 0.24966, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 27, "ats_level": "LOW", "ats_breakdown": {"severity": 27.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-8037", "description": "Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the `Secure` attribute. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1.", "cvss_score": 9.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "cvss_severity": "CRITICAL", "cwes": ["CWE-614"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1964767", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-56/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-59/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-61/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-63/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-07-22T21:15:50.860", "last_modified": "2026-04-13T15:17:10.840", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00049, "epss_percentile": 0.15144, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 27, "ats_level": "LOW", "ats_breakdown": {"severity": 27.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-54145", "description": "The QR scanner could allow arbitrary websites to be opened if a user was tricked into scanning a malicious link that leveraged Firefox's open-text URL scheme. This vulnerability was fixed in Firefox for iOS 141.", "cvss_score": 9.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "cvss_severity": "CRITICAL", "cwes": ["CWE-601"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:iphone_os:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1946122", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-60/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-08-19T21:15:27.843", "last_modified": "2026-04-13T15:17:02.177", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00046, "epss_percentile": 0.13946, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 27, "ats_level": "LOW", "ats_breakdown": {"severity": 27.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-11717", "description": "When switching between Android apps using the card carousel Firefox shows a black screen as its card image when a password-related screen was the last one being used. Prior to Firefox 144 the password edit screen was visible. This vulnerability was fixed in Firefox 144.", "cvss_score": 9.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "cvss_severity": "CRITICAL", "cwes": ["CWE-200"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1872601", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-81/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-10-14T13:15:38.033", "last_modified": "2026-04-13T15:16:40.930", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00044, "epss_percentile": 0.13307, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1005", "name": "Data from Local System", "tactic": "Collection"}], "ats_score": 27, "ats_level": "LOW", "ats_breakdown": {"severity": 27.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-68145", "description": "In mcp-server-git versions prior to 2025.12.17, when the server is started with the --repository flag to restrict operations to a specific repository path, it did not validate that repo_path arguments in subsequent tool calls were actually within that configured path. This could allow tool calls to operate on other repositories accessible to the server process. The fix adds path validation that resolves both the configured repository and the requested path (following symlinks) and verifies the requested path is within the allowed repository before executing any git operations. Users are advised to upgrade to 2025.12.17 upon release to remediate this issue.", "cvss_score": 9.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "cvss_severity": "CRITICAL", "cwes": ["CWE-22"], "affected_products": [{"vendor": "lfprojects", "product": "model_context_protocol_servers", "cpe": "cpe:2.3:a:lfprojects:model_context_protocol_servers:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/modelcontextprotocol/servers/security/advisories/GHSA-j22h-9j4x-23w5", "source": "security-advisories@github.com", "tags": ["Vendor Advisory"]}], "published": "2025-12-17T23:16:04.857", "last_modified": "2026-04-14T15:13:35.400", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00095, "epss_percentile": 0.2632, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1083", "name": "File and Directory Discovery", "tactic": "Discovery"}], "ats_score": 27, "ats_level": "LOW", "ats_breakdown": {"severity": 27.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-40892", "description": "A Stored Cross-Site Scripting vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing a JavaScript payload, or a victim can be socially engineered to import a malicious report template. When the victim views or imports the report, the XSS executes in their browser context, allowing the attacker to perform unauthorized actions as the victim, such as modify application data, disrupt application availability, and access limited sensitive information.", "cvss_score": 8.9, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-79"], "affected_products": [{"vendor": "nozominetworks", "product": "cmc", "cpe": "cpe:2.3:a:nozominetworks:cmc:*:*:*:*:*:*:*:*"}, {"vendor": "nozominetworks", "product": "guardian", "cpe": "cpe:2.3:a:nozominetworks:guardian:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://security.nozominetworks.com/NN-2025:13-01", "source": "prodsec@nozominetworks.com", "tags": ["Mitigation", "Vendor Advisory"]}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-827968.html", "source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e", "tags": []}], "published": "2025-12-18T14:15:59.457", "last_modified": "2026-04-14T10:16:27.033", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00051, "epss_percentile": 0.15526, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 27, "ats_level": "LOW", "ats_breakdown": {"severity": 26.7, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-23527", "description": "H3 is a minimal H(TTP) framework built for high performance and portability. Prior to 1.15.5, there is a critical HTTP Request Smuggling vulnerability. readRawBody is doing a strict case-sensitive check for the Transfer-Encoding header. It explicitly looks for \"chunked\", but per the RFC, this header should be case-insensitive. This vulnerability is fixed in 1.15.5.", "cvss_score": 8.9, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-444"], "affected_products": [{"vendor": "h3", "product": "h3", "cpe": "cpe:2.3:a:h3:h3:*:*:*:*:*:node.js:*:*"}], "references": [{"url": "https://github.com/h3js/h3/commit/618ccf4f37b8b6148bea7f36040471af45bfb097", "source": "security-advisories@github.com", "tags": ["Patch"]}, {"url": "https://github.com/h3js/h3/releases/tag/v1.15.5", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/h3js/h3/security/advisories/GHSA-mp2g-9vg9-f4cg", "source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"]}, {"url": "https://simonkoeck.com/writeups/h3-transfer-encoding-request-smuggling", "source": "security-advisories@github.com", "tags": []}], "published": "2026-01-15T20:16:05.620", "last_modified": "2026-04-13T17:16:27.900", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00037, "epss_percentile": 0.10877, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 27, "ats_level": "LOW", "ats_breakdown": {"severity": 26.7, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2806", "description": "Uninitialized memory in the Graphics: Text component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.", "cvss_score": 9.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-908", "CWE-457"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2006199", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-02-24T14:16:29.113", "last_modified": "2026-04-13T15:17:32.037", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00061, "epss_percentile": 0.18981, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 27, "ats_level": "LOW", "ats_breakdown": {"severity": 27.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-40931", "description": "Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id.\n\nApache::Session::Generate::MD5 generates session ids insecurely. The default session id generator returns a MD5 hash seeded with the built-in rand() function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. Predicable session ids could allow an attacker to gain access to systems.\n\nNote that the libapache-session-perl package in some Debian-based Linux distributions may be patched to use Crypt::URandom.", "cvss_score": 9.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "cvss_severity": "CRITICAL", "cwes": ["CWE-338", "CWE-340"], "affected_products": [{"vendor": "chorny", "product": "apache\\", "cpe": "cpe:2.3:a:chorny:apache\\:\\:session\\:\\:generate\\:\\:md5:*:*:*:*:*:perl:*:*"}], "references": [{"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930659", "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "tags": []}, {"url": "https://github.com/chorny/Apache-Session/issues/4", "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "tags": ["Issue Tracking"]}, {"url": "https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/work_items/1633", "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "tags": []}, {"url": "https://metacpan.org/dist/Apache-Session/source/lib/Apache/Session/Generate/MD5.pm#L27", "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "tags": ["Product"]}, {"url": "https://metacpan.org/pod/Apache::Session::Generate::Random", "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "tags": []}, {"url": "https://rt.cpan.org/Ticket/Display.html?id=173631", "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "tags": ["Third Party Advisory"]}, {"url": "https://salsa.debian.org/perl-team/modules/packages/libapache-session-perl/-/commit/bdabd71c2f91b18526e31a9dc52b4c17b3d246b7#898a4b8b00022df1b8689910b67707f3e738d180", "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "tags": []}, {"url": "https://security.metacpan.org/docs/guides/random-data-for-security.html", "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://www.openwall.com/lists/oss-security/2019/06/15/1", "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "tags": []}, {"url": "http://www.openwall.com/lists/oss-security/2026/03/05/3", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}], "published": "2026-03-05T02:16:39.960", "last_modified": "2026-04-12T18:16:38.647", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00067, "epss_percentile": 0.20747, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 27, "ats_level": "LOW", "ats_breakdown": {"severity": 27.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4092", "description": "Path Traversal in Clasp impacting versions < 3.2.0 allows a remote attacker to perform remote code execution via a malicious Google Apps Script project containing specially crafted filenames with directory traversal sequences.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-22"], "affected_products": [{"vendor": "google", "product": "clasp", "cpe": "cpe:2.3:a:google:clasp:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/google/clasp/pull/1109", "source": "cve-coordination@google.com", "tags": ["Issue Tracking", "Patch"]}], "published": "2026-03-13T19:55:13.493", "last_modified": "2026-04-14T17:34:34.770", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.01122, "epss_percentile": 0.78264, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1083", "name": "File and Directory Discovery", "tactic": "Discovery"}], "ats_score": 27, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.3, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-59383", "description": "A buffer overflow vulnerability has been reported to affect Media Streaming Add-On. The remote attackers can then exploit the vulnerability to modify memory or crash processes.\n\nWe have already fixed the vulnerability in the following version:\nMedia Streaming Add-on 500.1.1 and later", "cvss_score": 9.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-121"], "affected_products": [{"vendor": "qnap", "product": "media_streaming_add-on", "cpe": "cpe:2.3:a:qnap:media_streaming_add-on:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://www.qnap.com/en/security-advisory/qsa-26-09", "source": "security@qnapsecurity.com.tw", "tags": ["Vendor Advisory"]}], "published": "2026-03-20T17:16:42.007", "last_modified": "2026-04-14T01:17:24.170", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00127, "epss_percentile": 0.32024, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 27, "ats_level": "LOW", "ats_breakdown": {"severity": 27.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4715", "description": "Uninitialized memory in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.", "cvss_score": 9.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-908", "CWE-908"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2018405", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "source": "security@mozilla.org", "tags": []}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "source": "security@mozilla.org", "tags": []}], "published": "2026-03-24T13:16:07.410", "last_modified": "2026-04-13T15:17:43.070", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00023, "epss_percentile": 0.06051, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 27, "ats_level": "LOW", "ats_breakdown": {"severity": 27.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4716", "description": "Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.", "cvss_score": 9.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-908", "CWE-908"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2018592", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "source": "security@mozilla.org", "tags": []}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "source": "security@mozilla.org", "tags": []}], "published": "2026-03-24T13:16:07.503", "last_modified": "2026-04-13T15:17:43.250", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00023, "epss_percentile": 0.06051, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 27, "ats_level": "LOW", "ats_breakdown": {"severity": 27.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4724", "description": "Undefined behavior in the Audio/Video component. This vulnerability was fixed in Firefox 149 and Thunderbird 149.", "cvss_score": 9.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "cvss_severity": "CRITICAL", "cwes": ["CWE-758"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014865", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-03-24T13:16:08.280", "last_modified": "2026-04-13T15:17:44.733", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00015, "epss_percentile": 0.02999, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 27, "ats_level": "LOW", "ats_breakdown": {"severity": 27.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-15618", "description": "Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key.\n\nBusiness::OnlinePayment::StoredTransaction generates a secret key by using a MD5 hash of a single call to the built-in rand function, which is unsuitable for cryptographic use.\n\nThis key is intended for encrypting credit card transaction data.", "cvss_score": 9.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "cvss_severity": "CRITICAL", "cwes": ["CWE-338", "CWE-693"], "affected_products": [{"vendor": "mock", "product": "business\\", "cpe": "cpe:2.3:a:mock:business\\:\\:onlinepayment\\:\\:storedtransaction:0.01:*:*:*:*:perl:*:*"}], "references": [{"url": "https://metacpan.org/dist/Business-OnlinePayment-StoredTransaction/source/lib/Business/OnlinePayment/StoredTransaction.pm#L64-75", "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "tags": ["Product"]}, {"url": "https://security.metacpan.org/patches/B/Business-OnlinePayment-StoredTransaction/0.01/CVE-2025-15618-r1.patch", "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "tags": ["Patch"]}, {"url": "http://www.openwall.com/lists/oss-security/2026/03/31/7", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}], "published": "2026-03-31T11:16:11.950", "last_modified": "2026-04-13T13:20:21.790", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0005, "epss_percentile": 0.15242, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 27, "ats_level": "LOW", "ats_breakdown": {"severity": 27.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33990", "description": "Docker Model Runner (DMR) is software used to manage, run, and deploy AI models using Docker. Prior to version 1.1.25, Docker Model Runner contains an SSRF vulnerability in its OCI registry token exchange flow. When pulling a model, Model Runner follows the realm URL from the registry's WWW-Authenticate header without validating the scheme, hostname, or IP range. A malicious OCI registry can set the realm to an internal URL (e.g., http://127.0.0.1:3000/), causing Model Runner running on the host to make arbitrary GET requests to internal services and reflect the full response body back to the caller. Additionally, the token exchange mechanism can relay data from internal services back to the attacker-controlled registry via the Authorization: Bearer header. This issue has been patched in version 1.1.25. For Docker Desktop users, enabling Enhanced Container Isolation (ECI) blocks container access to Model Runner, preventing exploitation. However, if the Docker Model Runner is exposed to localhost over TCP in specific configurations, the vulnerability is still exploitable.", "cvss_score": 9.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "cvss_severity": "CRITICAL", "cwes": ["CWE-918"], "affected_products": [{"vendor": "docker", "product": "model_runner", "cpe": "cpe:2.3:a:docker:model_runner:*:*:*:*:*:docker:*:*"}], "references": [{"url": "https://github.com/docker/model-runner/security/advisories/GHSA-x2f5-332j-9xwq", "source": "security-advisories@github.com", "tags": ["Mitigation", "Vendor Advisory"]}], "published": "2026-04-01T17:28:39.823", "last_modified": "2026-04-14T20:08:23.340", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00027, "epss_percentile": 0.07407, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1090", "name": "Proxy", "tactic": "Command and Control"}], "ats_score": 27, "ats_level": "LOW", "ats_breakdown": {"severity": 27.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34559", "description": "CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when creating or editing blog tags. An attacker can inject a malicious JavaScript payload into the tag name field, which is then stored server-side. This stored payload is later rendered unsafely across public tag pages and administrative interfaces without proper output encoding, leading to stored cross-site scripting (XSS). This issue has been patched in version 0.31.0.0.", "cvss_score": 9.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L", "cvss_severity": "CRITICAL", "cwes": ["CWE-79"], "affected_products": [{"vendor": "ci4-cms-erp", "product": "ci4ms", "cpe": "cpe:2.3:a:ci4-cms-erp:ci4ms:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/ci4-cms-erp/ci4ms/releases/tag/0.31.0.0", "source": "security-advisories@github.com", "tags": ["Release Notes"]}, {"url": "https://github.com/ci4-cms-erp/ci4ms/security/advisories/GHSA-4333-387x-w245", "source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"]}, {"url": "https://github.com/ci4-cms-erp/ci4ms/security/advisories/GHSA-4333-387x-w245", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"]}], "published": "2026-04-01T22:16:18.780", "last_modified": "2026-04-13T18:02:00.033", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00016, "epss_percentile": 0.03438, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 27, "ats_level": "LOW", "ats_breakdown": {"severity": 27.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34560", "description": "CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application renders user-controlled input unsafely within the logs interface. If any stored XSS payload exists within logged data, it is rendered without proper output encoding. This issue becomes a Blind XSS scenario because the attacker does not see immediate execution. Instead, the payload is stored within application logs and only executes later when an administrator views the logs page. This issue has been patched in version 0.31.0.0.", "cvss_score": 9.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L", "cvss_severity": "CRITICAL", "cwes": ["CWE-79"], "affected_products": [{"vendor": "ci4-cms-erp", "product": "ci4ms", "cpe": "cpe:2.3:a:ci4-cms-erp:ci4ms:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/ci4-cms-erp/ci4ms/releases/tag/0.31.0.0", "source": "security-advisories@github.com", "tags": ["Release Notes"]}, {"url": "https://github.com/ci4-cms-erp/ci4ms/security/advisories/GHSA-r4v5-rwr2-q7r4", "source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"]}, {"url": "https://github.com/ci4-cms-erp/ci4ms/security/advisories/GHSA-r4v5-rwr2-q7r4", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"]}], "published": "2026-04-01T22:16:19.333", "last_modified": "2026-04-13T18:00:22.750", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00019, "epss_percentile": 0.05108, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 27, "ats_level": "LOW", "ats_breakdown": {"severity": 27.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-28798", "description": "ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. Prior to version 1.5.3, a proxy endpoint (/v1/sys/proxy) exposed by ZimaOS's web interface can be abused (via an externally reachable domain using a Cloudflare Tunnel) to make requests to internal localhost services. This results in unauthenticated access to internal-only endpoints and sensitive local services when the product is reachable from the Internet through a Cloudflare Tunnel. This issue has been patched in version 1.5.3.", "cvss_score": 9.0, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-918"], "affected_products": [{"vendor": "zimaspace", "product": "zimaos", "cpe": "cpe:2.3:o:zimaspace:zimaos:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/IceWhaleTech/ZimaOS/releases/tag/1.5.3", "source": "security-advisories@github.com", "tags": ["Product", "Release Notes"]}, {"url": "https://github.com/IceWhaleTech/ZimaOS/security/advisories/GHSA-vqqj-f979-8c8m", "source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"]}], "published": "2026-04-03T20:16:02.433", "last_modified": "2026-04-13T18:27:54.580", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00054, "epss_percentile": 0.16965, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1090", "name": "Proxy", "tactic": "Command and Control"}], "ats_score": 27, "ats_level": "LOW", "ats_breakdown": {"severity": 27.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35174", "description": "Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, a path traversal vulnerability exists in the administration console that allows an administrator or a user with Change Settings permission to change the uploads path to any folder. This vulnerability allows the user to download any file on the server, including config.json.php with database credentials and overwrite critical system files, leading to remote code execution. This vulnerability is fixed in 2026.01.", "cvss_score": 9.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-22", "CWE-73", "CWE-434", "CWE-22"], "affected_products": [{"vendor": "chyrplite", "product": "chyrp_lite", "cpe": "cpe:2.3:a:chyrplite:chyrp_lite:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/xenocrat/chyrp-lite/security/advisories/GHSA-p6pf-2grm-8257", "source": "security-advisories@github.com", "tags": ["Vendor Advisory"]}], "published": "2026-04-06T18:16:43.677", "last_modified": "2026-04-14T15:37:14.427", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00456, "epss_percentile": 0.63872, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1083", "name": "File and Directory Discovery", "tactic": "Discovery"}, {"id": "T1105", "name": "Ingress Tool Transfer", "tactic": "Command and Control"}], "ats_score": 27, "ats_level": "LOW", "ats_breakdown": {"severity": 27.3, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2023-46945", "description": "QD 20230821 is vulnerable to Server-side request forgery (SSRF) via a crafted request", "cvss_score": 9.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "cvss_severity": "CRITICAL", "cwes": ["CWE-918"], "affected_products": [{"vendor": "qd-today", "product": "qd", "cpe": "cpe:2.3:a:qd-today:qd:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://gist.github.com/kurokoleung/5b36b2013a54adadcce79967d3e4f056", "source": "cve@mitre.org", "tags": ["Third Party Advisory"]}, {"url": "https://qd-today.github.io/qd/", "source": "cve@mitre.org", "tags": ["Product"]}], "published": "2026-04-08T17:17:01.010", "last_modified": "2026-04-14T19:29:23.040", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00038, "epss_percentile": 0.1112, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1090", "name": "Proxy", "tactic": "Command and Control"}], "ats_score": 27, "ats_level": "LOW", "ats_breakdown": {"severity": 27.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-31017", "description": "A Server-Side Request Forgery (SSRF) vulnerability exists in the Print Format functionality of ERPNext v16.0.1 and Frappe Framework v16.1.1, where user-supplied HTML is insufficiently sanitized before being rendered into PDF. When generating PDFs from user-controlled HTML content, the application allows the inclusion of HTML elements such as <iframe> that reference external resources. The PDF rendering engine automatically fetches these resources on the server side. An attacker can abuse this behavior to force the server to make arbitrary HTTP requests to internal services, including cloud metadata endpoints, potentially leading to sensitive information disclosure.", "cvss_score": 9.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "cvss_severity": "CRITICAL", "cwes": ["CWE-918"], "affected_products": [{"vendor": "frappe", "product": "erpnext", "cpe": "cpe:2.3:a:frappe:erpnext:16.0.1:*:*:*:*:*:*:*"}, {"vendor": "frappe", "product": "frappe", "cpe": "cpe:2.3:a:frappe:frappe:16.1.1:*:*:*:*:*:*:*"}], "references": [{"url": "http://frappe.com", "source": "cve@mitre.org", "tags": ["Product"]}, {"url": "https://github.com/PhDg1410/CVE/tree/main/CVE-2026-31017", "source": "cve@mitre.org", "tags": ["Third Party Advisory"]}], "published": "2026-04-08T17:21:18.737", "last_modified": "2026-04-14T15:46:59.460", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00039, "epss_percentile": 0.11704, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1090", "name": "Proxy", "tactic": "Command and Control"}], "ats_score": 27, "ats_level": "LOW", "ats_breakdown": {"severity": 27.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40035", "description": "Unfurl through 2025.08 contains an improper input validation vulnerability in config parsing that enables Flask debug mode by default. The debug configuration value is read as a string and passed directly to app.run(), causing any non-empty string to evaluate truthy, allowing attackers to access the Werkzeug debugger and disclose sensitive information or achieve remote code execution.", "cvss_score": 9.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "cvss_severity": "CRITICAL", "cwes": ["CWE-489"], "affected_products": [], "references": [{"url": "https://github.com/obsidianforensics/unfurl/security/advisories/GHSA-vg9h-jx4v-cwx2", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/dfir-unfurl-werkzeug-debugger-exposure-via-string-config-parsing", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://github.com/obsidianforensics/unfurl/security/advisories/GHSA-vg9h-jx4v-cwx2", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": []}], "published": "2026-04-08T22:16:24.010", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00131, "epss_percentile": 0.32553, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 27, "ats_level": "LOW", "ats_breakdown": {"severity": 27.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34177", "description": "Canonical LXD versions 4.12 through 6.7 contain an incomplete denylist in isVMLowLevelOptionForbidden (lxd/project/limits/permissions.go), which omits raw.apparmor and raw.qemu.conf from the set of keys blocked under the restricted.virtual-machines.lowlevel=block project restriction. A remote attacker with can_edit permission on a VM instance in a restricted project can inject an AppArmor rule and a QEMU chardev configuration that bridges the LXD Unix socket into the guest VM, enabling privilege escalation to LXD cluster administrator and subsequently to host root.", "cvss_score": 9.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-184"], "affected_products": [], "references": [{"url": "https://github.com/canonical/lxd/pull/17909", "source": "security@ubuntu.com", "tags": []}, {"url": "https://github.com/canonical/lxd/security/advisories/GHSA-fm2x-c5qw-4h6f", "source": "security@ubuntu.com", "tags": []}, {"url": "https://github.com/canonical/lxd/security/advisories/GHSA-fm2x-c5qw-4h6f", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": []}], "published": "2026-04-09T10:16:21.653", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00103, "epss_percentile": 0.28212, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 27, "ats_level": "LOW", "ats_breakdown": {"severity": 27.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34178", "description": "In Canonical LXD before 6.8, the backup import path validates project restrictions against backup/index.yaml in the supplied tar archive but creates the instance from backup/container/backup.yaml, a separate file in the same archive that is never checked against project restrictions. An authenticated remote attacker with instance-creation permission in a restricted project can craft a backup archive where backup.yaml carries restricted settings such as security.privileged=true or raw.lxc directives, bypassing all project restriction enforcement and allowing full host compromise.", "cvss_score": 9.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-20"], "affected_products": [], "references": [{"url": "https://github.com/canonical/lxd/pull/17921", "source": "security@ubuntu.com", "tags": []}, {"url": "https://github.com/canonical/lxd/security/advisories/GHSA-q96j-3fmm-7fv4", "source": "security@ubuntu.com", "tags": []}, {"url": "https://github.com/canonical/lxd/security/advisories/GHSA-q96j-3fmm-7fv4", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": []}], "published": "2026-04-09T10:16:21.820", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00044, "epss_percentile": 0.13289, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 27, "ats_level": "LOW", "ats_breakdown": {"severity": 27.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34179", "description": "In Canonical LXD versions 4.12 through 6.7, the doCertificateUpdate function in lxd/certificates.go does not validate the Type field when handling PUT/PATCH requests to /1.0/certificates/{fingerprint} for restricted TLS certificate users, allowing a remote authenticated attacker to escalate privileges to cluster admin.", "cvss_score": 9.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-915"], "affected_products": [], "references": [{"url": "https://github.com/canonical/lxd/pull/17936", "source": "security@ubuntu.com", "tags": []}, {"url": "https://github.com/canonical/lxd/security/advisories/GHSA-c3h3-89qf-jqm5", "source": "security@ubuntu.com", "tags": []}, {"url": "https://github.com/canonical/lxd/security/advisories/GHSA-c3h3-89qf-jqm5", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": []}], "published": "2026-04-09T10:16:21.963", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00087, "epss_percentile": 0.24989, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 27, "ats_level": "LOW", "ats_breakdown": {"severity": 27.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-57735", "description": "When user logged out, the JWT token the user had authtenticated with was not invalidated, which could lead to reuse of that token in case it was intercepted. In Airflow 3.2 we implemented the mechanism that implements token invalidation at logout. Users who are concerned about the logout scenario and possibility of intercepting the tokens, should upgrade to Airflow 3.2+\n\n\n\nUsers are recommended to upgrade to version 3.2.0, which fixes this issue.", "cvss_score": 9.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "cvss_severity": "CRITICAL", "cwes": ["CWE-613"], "affected_products": [], "references": [{"url": "https://github.com/apache/airflow/pull/56633", "source": "security@apache.org", "tags": []}, {"url": "https://github.com/apache/airflow/pull/61339", "source": "security@apache.org", "tags": []}, {"url": "https://lists.apache.org/thread/ovn8mpd8zkc604hojt7x3wsw3kc60x98", "source": "security@apache.org", "tags": []}, {"url": "http://www.openwall.com/lists/oss-security/2026/04/09/16", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2026-04-09T11:16:20.757", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00011, "epss_percentile": 0.01208, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 27, "ats_level": "LOW", "ats_breakdown": {"severity": 27.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-50228", "description": "Jizhicms v2.5.4 is vulnerable to Server-Side Request Forgery (SSRF) in User Evaluation, Message, and Comment modules.", "cvss_score": 9.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "cvss_severity": "CRITICAL", "cwes": ["CWE-918"], "affected_products": [{"vendor": "jizhicms", "product": "jizhicms", "cpe": "cpe:2.3:a:jizhicms:jizhicms:2.5.4:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/Cherry-toto/jizhicms", "source": "cve@mitre.org", "tags": ["Product"]}, {"url": "https://github.com/Cherry-toto/jizhicms/issues/104", "source": "cve@mitre.org", "tags": ["Issue Tracking"]}, {"url": "https://www.jizhicms.cn", "source": "cve@mitre.org", "tags": ["Product"]}], "published": "2026-04-09T15:16:07.433", "last_modified": "2026-04-14T20:11:40.267", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00017, "epss_percentile": 0.03894, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1090", "name": "Proxy", "tactic": "Command and Control"}], "ats_score": 27, "ats_level": "LOW", "ats_breakdown": {"severity": 27.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5445", "description": "An out-of-bounds read vulnerability exists in the `DecodeLookupTable` function within `DicomImageDecoder.cpp`. The lookup-table decoding logic used for `PALETTE COLOR` images does not validate pixel indices against the lookup table size. Crafted images containing indices larger than the palette size cause the decoder to read beyond allocated lookup table memory and expose heap contents in the output image.", "cvss_score": 9.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-125"], "affected_products": [{"vendor": "orthanc-server", "product": "orthanc", "cpe": "cpe:2.3:a:orthanc-server:orthanc:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://kb.cert.org/vuls/id/536588", "source": "cret@cert.org", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://www.machinespirits.de/", "source": "cret@cert.org", "tags": ["Not Applicable"]}, {"url": "https://www.orthanc-server.com/", "source": "cret@cert.org", "tags": ["Product"]}], "published": "2026-04-09T15:16:16.863", "last_modified": "2026-04-14T20:10:01.390", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00017, "epss_percentile": 0.03894, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 27, "ats_level": "LOW", "ats_breakdown": {"severity": 27.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-30479", "description": "A Dynamic-link Library Injection vulnerability in OSGeo Project MapServer before v8.0 allows attackers to execute arbitrary code via a crafted executable.", "cvss_score": 9.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "cvss_severity": "CRITICAL", "cwes": ["CWE-94"], "affected_products": [], "references": [{"url": "https://github.com/penjaminTester/Research/tree/main/CVE-2026-30479", "source": "cve@mitre.org", "tags": []}, {"url": "https://mapserver.org/index.html", "source": "cve@mitre.org", "tags": []}, {"url": "https://github.com/penjaminTester/Research/tree/main/CVE-2026-30479", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": []}], "published": "2026-04-09T17:16:24.730", "last_modified": "2026-04-14T17:16:49.510", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00019, "epss_percentile": 0.05081, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 27, "ats_level": "LOW", "ats_breakdown": {"severity": 27.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39958", "description": "oma is a package manager for AOSC OS. Prior to 1.25.2, oma-topics is responsible for fetching metadata for testing repositories (topics) named \"Topic Manifests\" ({mirror}/debs/manifest/topics.json) from remote repository servers, registering them as APT source entries. However, the name field in said metadata were not checked for transliteration. In this case, a malicious party may supply a malformed Topic Manifest, which may cause malicious APT source entries to be added to /etc/apt/sources.list.d/atm.list as oma-topics finishes fetching and registering metadata. This vulnerability is fixed in 1.25.2.", "cvss_score": 9.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-93"], "affected_products": [], "references": [{"url": "https://github.com/AOSC-Dev/oma/commit/b361c0f219bbf91a684610c76210f71f093dbc18", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/AOSC-Dev/oma/pull/733", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/AOSC-Dev/oma/releases/tag/v1.25.2", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/AOSC-Dev/oma/security/advisories/GHSA-86jc-7r6q-cr3f", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-09T17:16:30.257", "last_modified": "2026-04-13T20:16:43.253", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00042, "epss_percentile": 0.12799, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 27, "ats_level": "LOW", "ats_breakdown": {"severity": 27.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39980", "description": "OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.5, the safeEjs.ts file does not properly sanitize EJS templates. Users with the Manage customization capability can run arbitrary JavaScript in the context of the OpenCTI platform process during notifier template execution. This vulnerability is fixed in 6.9.5.", "cvss_score": 9.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-1336"], "affected_products": [], "references": [{"url": "https://github.com/OpenCTI-Platform/opencti/releases/tag/6.9.5", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-jv9r-jw2f-rhrf", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-09T18:17:02.203", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00071, "epss_percentile": 0.21708, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 27, "ats_level": "LOW", "ats_breakdown": {"severity": 27.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39912", "description": "V2Board 1.6.1 through 1.7.4 and Xboard through 0.1.9 expose authentication tokens in HTTP response bodies of the loginWithMailLink endpoint when the login_with_mail_link_enable feature is active. Unauthenticated attackers can POST to the loginWithMailLink endpoint with a known email address to receive the full authentication URL in the response, then exchange the token at the token2Login endpoint to obtain a valid bearer token with complete account access including admin privileges.", "cvss_score": 9.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "cvss_severity": "CRITICAL", "cwes": ["CWE-201"], "affected_products": [], "references": [{"url": "https://chocapikk.com/posts/2026/xboard-v2board-account-takeover/", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://github.com/cedar2025/Xboard/blob/1fe6531924cc1ec662a88b9ef725afcf78d660bc/app/Http/Controllers/V1/Passport/AuthController.php#L51", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://github.com/cedar2025/Xboard/blob/1fe6531924cc1ec662a88b9ef725afcf78d660bc/app/Services/Auth/MailLinkService.php#L49", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://github.com/cedar2025/Xboard/commit/121511523f04882ec0c7447acd9b8ebcb8a47957", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://github.com/cedar2025/Xboard/pull/873", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://github.com/v2board/v2board/blob/0ca47622a50116d0ddd7ffb316b157afb57d25e8/app/Http/Controllers/Passport/AuthController.php#L71", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://github.com/v2board/v2board/pull/981", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/v2board-xboard-authentication-token-exposure-via-loginwithmaillink", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-09T19:16:25.920", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0006, "epss_percentile": 0.18555, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 27, "ats_level": "LOW", "ats_breakdown": {"severity": 27.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-29145", "description": "CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M7 through 10.1.52, from 9.0.83 through 9.0.115; Apache Tomcat Native: from 1.1.23 through 1.1.34, from 1.2.0 through 1.2.39, from 1.3.0 through 1.3.6, from 2.0.0 through 2.0.13.\n\nUsers are recommended to upgrade to version Tomcat Native 1.3.7 or 2.0.14 and Tomcat 11.0.20, 10.1.53 and 9.0.116, which fix the issue.", "cvss_score": 9.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "cvss_severity": "CRITICAL", "cwes": ["CWE-287"], "affected_products": [{"vendor": "apache", "product": "tomcat", "cpe": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*"}, {"vendor": "apache", "product": "tomcat", "cpe": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*"}, {"vendor": "apache", "product": "tomcat", "cpe": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*"}, {"vendor": "apache", "product": "tomcat", "cpe": "cpe:2.3:a:apache:tomcat:10.1.0:-:*:*:*:*:*:*"}, {"vendor": "apache", "product": "tomcat", "cpe": "cpe:2.3:a:apache:tomcat:10.1.0:milestone10:*:*:*:*:*:*"}, {"vendor": "apache", "product": "tomcat", "cpe": "cpe:2.3:a:apache:tomcat:10.1.0:milestone11:*:*:*:*:*:*"}, {"vendor": "apache", "product": "tomcat", "cpe": "cpe:2.3:a:apache:tomcat:10.1.0:milestone12:*:*:*:*:*:*"}, {"vendor": "apache", "product": "tomcat", "cpe": "cpe:2.3:a:apache:tomcat:10.1.0:milestone13:*:*:*:*:*:*"}, {"vendor": "apache", "product": "tomcat", "cpe": "cpe:2.3:a:apache:tomcat:10.1.0:milestone14:*:*:*:*:*:*"}, {"vendor": "apache", "product": "tomcat", "cpe": "cpe:2.3:a:apache:tomcat:10.1.0:milestone15:*:*:*:*:*:*"}, {"vendor": "apache", "product": "tomcat", "cpe": "cpe:2.3:a:apache:tomcat:10.1.0:milestone16:*:*:*:*:*:*"}, {"vendor": "apache", "product": "tomcat", "cpe": "cpe:2.3:a:apache:tomcat:10.1.0:milestone17:*:*:*:*:*:*"}, {"vendor": "apache", "product": "tomcat", "cpe": "cpe:2.3:a:apache:tomcat:10.1.0:milestone18:*:*:*:*:*:*"}, {"vendor": "apache", "product": "tomcat", "cpe": "cpe:2.3:a:apache:tomcat:10.1.0:milestone19:*:*:*:*:*:*"}, {"vendor": "apache", "product": "tomcat", "cpe": "cpe:2.3:a:apache:tomcat:10.1.0:milestone20:*:*:*:*:*:*"}, {"vendor": "apache", "product": "tomcat", "cpe": "cpe:2.3:a:apache:tomcat:10.1.0:milestone7:*:*:*:*:*:*"}, {"vendor": "apache", "product": "tomcat", "cpe": "cpe:2.3:a:apache:tomcat:10.1.0:milestone8:*:*:*:*:*:*"}, {"vendor": "apache", "product": "tomcat", "cpe": "cpe:2.3:a:apache:tomcat:10.1.0:milestone9:*:*:*:*:*:*"}, {"vendor": "apache", "product": "tomcat_native", "cpe": "cpe:2.3:a:apache:tomcat_native:*:*:*:*:*:*:*:*"}, {"vendor": "apache", "product": "tomcat_native", "cpe": "cpe:2.3:a:apache:tomcat_native:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://lists.apache.org/thread/yz5fxmhd2j43wgqykssdo7kltws57jfz", "source": "security@apache.org", "tags": ["Mailing List", "Vendor Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2026/04/09/23", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}], "published": "2026-04-09T20:16:24.447", "last_modified": "2026-04-14T13:22:28.357", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00063, "epss_percentile": 0.1945, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1078", "name": "Valid Accounts", "tactic": "Initial Access"}], "ats_score": 27, "ats_level": "LOW", "ats_breakdown": {"severity": 27.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32892", "description": "Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains an OS Command Injection vulnerability in the file move function. The move() function in fileManage.lib.php passes user-controlled path values directly into exec() shell commands without using escapeshellarg(). When a user moves a document via document.php, the move_to POST parameter — which only passes through Security::remove_XSS() (an HTML-only filter) — is concatenated directly into shell commands such as exec(\"mv $source $target\"). By default, Chamilo allows all authenticated users to create courses (allow_users_to_create_courses = true). Any user who is a teacher in a course (including self-created courses) can move documents, making this vulnerability exploitable by any authenticated user. The attacker must first place a directory with shell metacharacters in its name on the filesystem (achievable via Course Backup Import), then move a document into that directory to trigger arbitrary command execution as the web server user (www-data). This vulnerability is fixed in 1.11.38 and 2.0.0-RC.3.", "cvss_score": 9.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-78"], "affected_products": [], "references": [{"url": "https://github.com/chamilo/chamilo-lms/commit/3597b19b73d73d681e4fb503285e9bbfe71714bf", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/chamilo/chamilo-lms/commit/62671e5e268f235cddfba704edee90f35c234df1", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-59cv-qh65-vvrr", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-10T18:16:41.797", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00194, "epss_percentile": 0.41378, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 27, "ats_level": "LOW", "ats_breakdown": {"severity": 27.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5085", "description": "Solstice::Session versions through 1440 for Perl generates session ids insecurely.\n\nThe _generateSessionID method returns an MD5 digest seeded by the epoch time, a random hash reference, a call to the built-in rand() function and the process id.\n\nThe same method is used in the _generateID method in Solstice::Subsession, which is part of the same distribution.\n\nThe epoch time may be guessed, if it is not leaked in the HTTP Date header. Stringified hash refences will contain predictable content. The built-in rand() function is seeded by 16-bits and is unsuitable for security purposes. The process id comes from a small set of numbers.\n\nPredictable session ids could allow an attacker to gain access to systems.", "cvss_score": 9.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "cvss_severity": "CRITICAL", "cwes": ["CWE-338", "CWE-340"], "affected_products": [], "references": [{"url": "https://metacpan.org/dist/Solstice/source/lib/Solstice/Session.pm#L481", "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "tags": []}, {"url": "https://metacpan.org/dist/Solstice/source/lib/Solstice/Subsession.pm#L105", "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "tags": []}, {"url": "https://security.metacpan.org/docs/guides/random-data-for-security.html", "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "tags": []}, {"url": "http://www.openwall.com/lists/oss-security/2026/04/13/2", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2026-04-13T07:16:50.543", "last_modified": "2026-04-13T16:16:33.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0003, "epss_percentile": 0.08581, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 27, "ats_level": "LOW", "ats_breakdown": {"severity": 27.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4365", "description": "The LearnPress plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the `delete_question_answer()` function in all versions up to, and including, 4.3.2.8. The plugin exposes a `wp_rest` nonce in public frontend HTML (`lpData`) to unauthenticated visitors, and uses that nonce as the only security gate for the `lp-load-ajax` AJAX dispatcher. The `delete_question_answer` action has no capability or ownership check. This makes it possible for unauthenticated attackers to delete any quiz answer option by sending a crafted POST request with a publicly available nonce.", "cvss_score": 9.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://plugins.trac.wordpress.org/browser/learnpress/trunk/inc/Ajax/AbstractAjax.php#L33", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/learnpress/trunk/inc/Ajax/EditQuestionAjax.php#L285", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/learnpress/trunk/inc/class-lp-assets.php#L177", "source": "security@wordfence.com", "tags": []}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/021bd566-1663-46ba-a616-ab554b691cbb?source=cve", "source": "security@wordfence.com", "tags": []}], "published": "2026-04-14T02:16:05.767", "last_modified": "2026-04-14T02:16:05.767", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00054, "epss_percentile": 0.167, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 27, "ats_level": "LOW", "ats_breakdown": {"severity": 27.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40289", "description": "PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the browser bridge (praisonai browser start) is vulnerable to unauthenticated remote session hijacking due to missing authentication and a bypassable origin check on its /ws WebSocket endpoint. The server binds to 0.0.0.0 by default and only validates the Origin header when one is present, meaning any non-browser client that omits the header is accepted without restriction. An unauthenticated network attacker can connect, send a start_session message, and the server will route it to the first idle browser-extension WebSocket (effectively hijacking that session) and then broadcast all resulting automation actions and outputs back to the attacker. This enables unauthorized remote control of connected browser automation sessions, leakage of sensitive page context and automation results, and misuse of model-backed browser actions in any environment where the bridge is network-reachable. This issue has been fixed in versions 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents.", "cvss_score": 9.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "cvss_severity": "CRITICAL", "cwes": ["CWE-306"], "affected_products": [], "references": [{"url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-8x8f-54wf-vv92", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-14T04:17:12.710", "last_modified": "2026-04-14T04:17:12.710", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00055, "epss_percentile": 0.17268, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 27, "ats_level": "LOW", "ats_breakdown": {"severity": 27.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40313", "description": "PraisonAI is a multi-agent teams system. In versions 4.5.139 and below, the GitHub Actions workflows are vulnerable to ArtiPACKED attack, a known credential leakage vector caused by using actions/checkout without setting persist-credentials: false. By default, actions/checkout writes the GITHUB_TOKEN (and sometimes ACTIONS_RUNTIME_TOKEN) into the .git/config file for persistence, and if any subsequent workflow step uploads artifacts (build outputs, logs, test results, etc.), these tokens can be inadvertently included. Since PraisonAI is a public repository, any user with read access can download these artifacts and extract the leaked tokens, potentially enabling an attacker to push malicious code, poison releases and PyPI/Docker packages, steal repository secrets, and execute a full supply chain compromise affecting all downstream users. The issue spans numerous workflow and action files across .github/workflows/ and .github/actions/. This issue has been fixed in version 4.5.140.", "cvss_score": 9.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "cvss_severity": "CRITICAL", "cwes": ["CWE-829"], "affected_products": [], "references": [{"url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-3959-6v5q-45q2", "source": "security-advisories@github.com", "tags": []}, {"url": "https://thehackernews.com/2024/08/github-vulnerability-artipacked-exposes.html", "source": "security-advisories@github.com", "tags": []}, {"url": "https://unit42.paloaltonetworks.com/github-repo-artifacts-leak-tokens", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-14T04:17:13.890", "last_modified": "2026-04-14T04:17:13.890", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00029, "epss_percentile": 0.08181, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 27, "ats_level": "LOW", "ats_breakdown": {"severity": 27.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-26149", "description": "Improper neutralization of escape, meta, or control sequences in Microsoft Power Apps allows an authorized attacker to bypass a security feature over a network.", "cvss_score": 9.0, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "cvss_severity": "CRITICAL", "cwes": ["CWE-150"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26149", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:16:45.790", "last_modified": "2026-04-14T18:16:45.790", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 27, "ats_level": "LOW", "ats_breakdown": {"severity": 27.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2020-11022", "description": "In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.", "cvss_score": 6.9, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79", "CWE-79"], "affected_products": [{"vendor": "jquery", "product": "jquery", "cpe": "cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*"}, {"vendor": "drupal", "product": "drupal", "cpe": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*"}, {"vendor": "drupal", "product": "drupal", "cpe": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*"}, {"vendor": "drupal", "product": "drupal", "cpe": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*"}, {"vendor": "debian", "product": "debian_linux", "cpe": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"}, {"vendor": "fedoraproject", "product": "fedora", "cpe": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*"}, {"vendor": "fedoraproject", "product": "fedora", "cpe": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*"}, {"vendor": "fedoraproject", "product": "fedora", "cpe": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "agile_product_lifecycle_management_for_process", "cpe": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "application_testing_suite", "cpe": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "banking_digital_experience", "cpe": "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "banking_digital_experience", "cpe": "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "banking_digital_experience", "cpe": "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "banking_digital_experience", "cpe": "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "banking_digital_experience", "cpe": "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "banking_digital_experience", "cpe": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "blockchain_platform", "cpe": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "communications_application_session_controller", "cpe": "cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "communications_billing_and_revenue_management", "cpe": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "communications_billing_and_revenue_management", "cpe": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "communications_diameter_signaling_router_idih\\", "cpe": "cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\\::*:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "communications_eagle_application_processor", "cpe": "cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "communications_services_gatekeeper", "cpe": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "communications_webrtc_session_controller", "cpe": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "enterprise_manager_ops_center", "cpe": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "enterprise_session_border_controller", "cpe": "cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_analytical_applications_infrastructure", "cpe": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_analytical_applications_reconciliation_framework", "cpe": "cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_analytical_applications_reconciliation_framework", "cpe": "cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_asset_liability_management", "cpe": "cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.6:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_asset_liability_management", "cpe": "cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.7:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_asset_liability_management", "cpe": "cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_balance_sheet_planning", "cpe": "cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_basel_regulatory_capital_basic", "cpe": "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_basel_regulatory_capital_basic", "cpe": "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_basel_regulatory_capital_internal_ratings_based_approach", "cpe": "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_basel_regulatory_capital_internal_ratings_based_approach", "cpe": "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_data_foundation", "cpe": "cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_data_governance_for_us_regulatory_reporting", "cpe": "cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_data_integration_hub", "cpe": "cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.6:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_data_integration_hub", "cpe": "cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.7:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_data_integration_hub", "cpe": "cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_funds_transfer_pricing", "cpe": "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.6:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_funds_transfer_pricing", "cpe": "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.7:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_funds_transfer_pricing", "cpe": "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_hedge_management_and_ifrs_valuations", "cpe": "cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_hedge_management_and_ifrs_valuations", "cpe": "cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_institutional_performance_analytics", "cpe": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_institutional_performance_analytics", "cpe": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_institutional_performance_analytics", "cpe": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_liquidity_risk_management", "cpe": "cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_liquidity_risk_measurement_and_management", "cpe": "cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_liquidity_risk_measurement_and_management", "cpe": "cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_liquidity_risk_measurement_and_management", "cpe": "cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_loan_loss_forecasting_and_provisioning", "cpe": "cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_loan_loss_forecasting_and_provisioning", "cpe": "cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_market_risk_measurement_and_management", "cpe": "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_market_risk_measurement_and_management", "cpe": "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_price_creation_and_discovery", "cpe": "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_price_creation_and_discovery", "cpe": "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_profitability_management", "cpe": "cpe:2.3:a:oracle:financial_services_profitability_management:8.0.6:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_profitability_management", "cpe": "cpe:2.3:a:oracle:financial_services_profitability_management:8.0.7:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_profitability_management", "cpe": "cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_regulatory_reporting_for_european_banking_authority", "cpe": "cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:*:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_regulatory_reporting_for_us_federal_reserve", "cpe": "cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "healthcare_foundation", "cpe": "cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "healthcare_foundation", "cpe": "cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "healthcare_foundation", "cpe": "cpe:2.3:a:oracle:healthcare_foundation:7.2.1:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "healthcare_foundation", "cpe": "cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "hospitality_materials_control", "cpe": "cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "hospitality_simphony", "cpe": "cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "hospitality_simphony", "cpe": "cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "hospitality_simphony", "cpe": "cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "insurance_accounting_analyzer", "cpe": "cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "insurance_allocation_manager_for_enterprise_profitability", "cpe": "cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "insurance_allocation_manager_for_enterprise_profitability", "cpe": "cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "insurance_data_foundation", "cpe": "cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "insurance_insbridge_rating_and_underwriting", "cpe": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "insurance_insbridge_rating_and_underwriting", "cpe": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "jdeveloper", "cpe": "cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "jdeveloper", "cpe": "cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "jdeveloper", "cpe": "cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "peoplesoft_enterprise_peopletools", "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "peoplesoft_enterprise_peopletools", "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "peoplesoft_enterprise_peopletools", "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "policy_automation", "cpe": "cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "policy_automation_connector_for_siebel", "cpe": "cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "policy_automation_for_mobile_devices", "cpe": "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "retail_back_office", "cpe": "cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "retail_back_office", "cpe": "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "retail_customer_management_and_segmentation_foundation", "cpe": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "retail_returns_management", "cpe": "cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "retail_returns_management", "cpe": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "siebel_ui_framework", "cpe": "cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "storagetek_acsls", "cpe": "cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "weblogic_server", "cpe": "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "weblogic_server", "cpe": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "weblogic_server", "cpe": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "weblogic_server", "cpe": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "weblogic_server", "cpe": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*"}, {"vendor": "netapp", "product": "max_data", "cpe": "cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:*"}, {"vendor": "netapp", "product": "oncommand_insight", "cpe": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*"}, {"vendor": "netapp", "product": "oncommand_system_manager", "cpe": "cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:*"}, {"vendor": "netapp", "product": "snap_creator_framework", "cpe": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*"}, {"vendor": "netapp", "product": "snapcenter", "cpe": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*"}, {"vendor": "netapp", "product": "h300s_firmware", "cpe": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "netapp", "product": "h500s_firmware", "cpe": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "netapp", "product": "h700s_firmware", "cpe": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "netapp", "product": "h300e_firmware", "cpe": "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "netapp", "product": "h500e_firmware", "cpe": "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "netapp", "product": "h700e_firmware", "cpe": "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "netapp", "product": "h410s_firmware", "cpe": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "netapp", "product": "h410c_firmware", "cpe": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "opensuse", "product": "leap", "cpe": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"}, {"vendor": "opensuse", "product": "leap", "cpe": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*"}, {"vendor": "tenable", "product": "log_correlation_engine", "cpe": "cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "agile_product_supplier_collaboration_for_process", "cpe": "cpe:2.3:a:oracle:agile_product_supplier_collaboration_for_process:6.2.0.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "banking_digital_experience", "cpe": "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "communications_application_session_controller", "cpe": "cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "communications_billing_and_revenue_management", "cpe": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "communications_billing_and_revenue_management", "cpe": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "communications_diameter_signaling_router_idih\\", "cpe": "cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\\::*:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "communications_webrtc_session_controller", "cpe": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "enterprise_manager_ops_center", "cpe": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "enterprise_session_border_controller", "cpe": "cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_analytical_applications_infrastructure", "cpe": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_analytical_applications_reconciliation_framework", "cpe": "cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_analytical_applications_reconciliation_framework", "cpe": "cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_asset_liability_management", "cpe": "cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.6:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_asset_liability_management", "cpe": "cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.7:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_asset_liability_management", "cpe": "cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_balance_sheet_planning", "cpe": "cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_basel_regulatory_capital_basic", "cpe": "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_basel_regulatory_capital_basic", "cpe": "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_basel_regulatory_capital_internal_ratings_based_approach", "cpe": "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_basel_regulatory_capital_internal_ratings_based_approach", "cpe": "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_data_foundation", "cpe": "cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_data_governance_for_us_regulatory_reporting", "cpe": "cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_data_integration_hub", "cpe": "cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.6:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_data_integration_hub", "cpe": "cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.7:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_data_integration_hub", "cpe": "cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_funds_transfer_pricing", "cpe": "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.6:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_funds_transfer_pricing", "cpe": "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.7:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_funds_transfer_pricing", "cpe": "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_hedge_management_and_ifrs_valuations", "cpe": "cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_hedge_management_and_ifrs_valuations", "cpe": "cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_institutional_performance_analytics", "cpe": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_institutional_performance_analytics", "cpe": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_institutional_performance_analytics", "cpe": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_liquidity_risk_management", "cpe": "cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_liquidity_risk_measurement_and_management", "cpe": "cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_liquidity_risk_measurement_and_management", "cpe": "cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_liquidity_risk_measurement_and_management", "cpe": "cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_loan_loss_forecasting_and_provisioning", "cpe": "cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_loan_loss_forecasting_and_provisioning", "cpe": "cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_market_risk_measurement_and_management", "cpe": "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_market_risk_measurement_and_management", "cpe": "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_price_creation_and_discovery", "cpe": "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_price_creation_and_discovery", "cpe": "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_profitability_management", "cpe": "cpe:2.3:a:oracle:financial_services_profitability_management:8.0.6:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_profitability_management", "cpe": "cpe:2.3:a:oracle:financial_services_profitability_management:8.0.7:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_profitability_management", "cpe": "cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_regulatory_reporting_for_european_banking_authority", "cpe": "cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:*:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "financial_services_regulatory_reporting_for_us_federal_reserve", "cpe": "cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "healthcare_foundation", "cpe": "cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "healthcare_foundation", "cpe": "cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "healthcare_foundation", "cpe": "cpe:2.3:a:oracle:healthcare_foundation:7.2.1:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "healthcare_foundation", "cpe": "cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "hospitality_materials_control", "cpe": "cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "hospitality_simphony", "cpe": "cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "hospitality_simphony", "cpe": "cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "hospitality_simphony", "cpe": "cpe:2.3:a:oracle:hospitality_simphony:19.1.0-19.1.2:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "insurance_accounting_analyzer", "cpe": "cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "insurance_allocation_manager_for_enterprise_profitability", "cpe": "cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "insurance_allocation_manager_for_enterprise_profitability", "cpe": "cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "insurance_data_foundation", "cpe": "cpe:2.3:a:oracle:insurance_data_foundation:8.0.6-8.1.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "insurance_insbridge_rating_and_underwriting", "cpe": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "insurance_insbridge_rating_and_underwriting", "cpe": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "jdeveloper", "cpe": "cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "jdeveloper", "cpe": "cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "jdeveloper", "cpe": "cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "peoplesoft_enterprise_peopletools", "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "peoplesoft_enterprise_peopletools", "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "peoplesoft_enterprise_peopletools", "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "policy_automation", "cpe": "cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "policy_automation_connector_for_siebel", "cpe": "cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "policy_automation_for_mobile_devices", "cpe": "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "retail_back_office", "cpe": "cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "retail_back_office", "cpe": "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "retail_customer_management_and_segmentation_foundation", "cpe": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "retail_returns_management", "cpe": "cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "retail_returns_management", "cpe": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "siebel_ui_framework", "cpe": "cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "weblogic_server", "cpe": "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "weblogic_server", "cpe": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "weblogic_server", "cpe": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "weblogic_server", "cpe": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "weblogic_server", "cpe": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*"}], "references": [{"url": "http://security.netapp.com/advisory/ntap-20200511-0006", "source": "security-advisories@github.com", "tags": []}, {"url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77", "source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"]}, {"url": "https://github.com/jquery/jquery/releases/tag/3.5.0", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2", "source": "security-advisories@github.com", "tags": ["Mitigation", "Third Party Advisory"]}, {"url": "https://github.com/maximebf/php-debugbar/commit/847216e60544258c881f2733d699bbcfeefac0fc", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/maximebf/php-debugbar/issues/447", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2020-11022.yml", "source": "security-advisories@github.com", "tags": []}, {"url": "https://jquery.com/upgrade-guide/3.5", "source": "security-advisories@github.com", "tags": []}, {"url": "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36@%3Cissues.flink.apache.org%3E", "source": "security-advisories@github.com", "tags": []}, {"url": "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48@%3Cissues.flink.apache.org%3E", "source": "security-advisories@github.com", "tags": []}, {"url": "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae@%3Cissues.flink.apache.org%3E", "source": "security-advisories@github.com", "tags": []}, {"url": "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760@%3Cissues.flink.apache.org%3E", "source": "security-advisories@github.com", "tags": []}, {"url": "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d@%3Cissues.flink.apache.org%3E", "source": "security-advisories@github.com", "tags": []}, {"url": "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c@%3Cissues.flink.apache.org%3E", "source": "security-advisories@github.com", "tags": []}, {"url": "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67@%3Cdev.flink.apache.org%3E", "source": "security-advisories@github.com", "tags": []}, {"url": "https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133@%3Ccommits.airflow.apache.org%3E", "source": "security-advisories@github.com", "tags": []}, {"url": "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108@%3Cissues.flink.apache.org%3E", "source": "security-advisories@github.com", "tags": []}, {"url": "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4@%3Cissues.flink.apache.org%3E", "source": "security-advisories@github.com", "tags": []}, {"url": "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2@%3Cissues.flink.apache.org%3E", "source": "security-advisories@github.com", "tags": []}, {"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html", "source": "security-advisories@github.com", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html", "source": "security-advisories@github.com", "tags": []}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY", "source": "security-advisories@github.com", "tags": []}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K", "source": "security-advisories@github.com", "tags": []}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4", "source": "security-advisories@github.com", "tags": []}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B", "source": "security-advisories@github.com", "tags": []}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W", "source": "security-advisories@github.com", "tags": []}, {"url": "https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html", "source": "security-advisories@github.com", "tags": []}, {"url": "https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html", "source": "security-advisories@github.com", "tags": []}, {"url": "https://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html", "source": "security-advisories@github.com", "tags": []}, {"url": "https://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html", "source": "security-advisories@github.com", "tags": []}, {"url": "https://security.gentoo.org/glsa/202007-03", "source": "security-advisories@github.com", "tags": ["Third Party Advisory"]}, {"url": "https://www.debian.org/security/2020/dsa-4693", "source": "security-advisories@github.com", "tags": ["Third Party Advisory"]}, {"url": "https://www.drupal.org/sa-core-2020-002", "source": "security-advisories@github.com", "tags": ["Third Party Advisory"]}, {"url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"]}, {"url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"]}, {"url": "https://www.oracle.com/security-alerts/cpujan2021.html", "source": "security-advisories@github.com", "tags": ["Third Party Advisory"]}, {"url": "https://www.oracle.com/security-alerts/cpujan2022.html", "source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"]}, {"url": "https://www.oracle.com/security-alerts/cpujul2020.html", "source": "security-advisories@github.com", "tags": ["Third Party Advisory"]}, {"url": "https://www.oracle.com/security-alerts/cpujul2021.html", "source": "security-advisories@github.com", "tags": []}, {"url": "https://www.oracle.com/security-alerts/cpujul2022.html", "source": "security-advisories@github.com", "tags": []}, {"url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "source": "security-advisories@github.com", "tags": ["Third Party Advisory"]}, {"url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"]}, {"url": "https://www.tenable.com/security/tns-2020-10", "source": "security-advisories@github.com", "tags": ["Third Party Advisory"]}, {"url": "https://www.tenable.com/security/tns-2020-11", "source": "security-advisories@github.com", "tags": ["Third Party Advisory"]}, {"url": "https://www.tenable.com/security/tns-2021-02", "source": "security-advisories@github.com", "tags": ["Third Party Advisory"]}, {"url": "https://www.tenable.com/security/tns-2021-10", "source": "security-advisories@github.com", "tags": ["Third Party Advisory"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"]}, {"url": "http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"]}, {"url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"]}, {"url": "https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Third Party Advisory"]}, {"url": "https://jquery.com/upgrade-guide/3.5/", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Vendor Advisory"]}, {"url": "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3Cissues.flink.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3Cissues.flink.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3Cissues.flink.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3Cissues.flink.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3Cissues.flink.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3Cissues.flink.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3Cdev.flink.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133%40%3Ccommits.airflow.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3Cissues.flink.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3Cissues.flink.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3Cissues.flink.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://security.gentoo.org/glsa/202007-03", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://security.netapp.com/advisory/ntap-20200511-0006/", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://www.debian.org/security/2020/dsa-4693", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://www.drupal.org/sa-core-2020-002", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://www.oracle.com//security-alerts/cpujul2021.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"]}, {"url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"]}, {"url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"]}, {"url": "https://www.oracle.com/security-alerts/cpujan2021.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://www.oracle.com/security-alerts/cpujan2022.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"]}, {"url": "https://www.oracle.com/security-alerts/cpujul2020.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://www.oracle.com/security-alerts/cpujul2022.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"]}, {"url": "https://www.tenable.com/security/tns-2020-10", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://www.tenable.com/security/tns-2020-11", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://www.tenable.com/security/tns-2021-02", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://www.tenable.com/security/tns-2021-10", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}], "published": "2020-04-29T22:15:11.903", "last_modified": "2026-04-13T15:16:29.173", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.02391, "epss_percentile": 0.85033, "social_posts": 0, "social_repos": 0, "has_poc": true, "poc_urls": [{"url": "https://github.com/0xAJ2K/CVE-2020-11022-CVE-2020-11023", "name": "0xAJ2K/CVE-2020-11022-CVE-2020-11023", "stars": 35, "description": "Little thing put together quickly to demonstrate this CVE "}, {"url": "https://github.com/ossf-cve-benchmark/CVE-2020-11022", "name": "ossf-cve-benchmark/CVE-2020-11022", "stars": 1, "description": null}, {"url": "https://github.com/Snorlyd/https-nj.gov---CVE-2020-11022", "name": "Snorlyd/https-nj.gov---CVE-2020-11022", "stars": 1, "description": "Vulnearability Report of the New Jersey official site"}, {"url": "https://github.com/okni2k/HW-Pyton-10", "name": "okni2k/HW-Pyton-10", "stars": 0, "description": "Домашняя работа по Pyton № 10 CVE-2020-11022  Краткое описание  CVE-2020-11022 — уязвимость типа Reflected XSS (межсайтовый скриптинг), связанная с некорректной обработкой пользовательского ввода, который отражается в HTML-ответе без экранирования. Атакующий может внедрить JavaScript-код, который выполнится в браузере пользователя."}], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 20.7, "exploit_probability": 0.6, "weaponization": 5, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2022-31765", "description": "Affected devices do not properly authorize the change password function of the web interface.\r\nThis could allow low privileged users to escalate their privileges.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-862"], "affected_products": [{"vendor": "siemens", "product": "6gk6108-4am00-2ba2_firmware", "cpe": "cpe:2.3:o:siemens:6gk6108-4am00-2ba2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk6108-4am00-2da2_firmware", "cpe": "cpe:2.3:o:siemens:6gk6108-4am00-2da2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5804-0ap00-2aa2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5804-0ap00-2aa2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5812-1aa00-2aa2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5812-1aa00-2aa2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5812-1ba00-2aa2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5812-1ba00-2aa2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5816-1aa00-2aa2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5816-1aa00-2aa2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5816-1ba00-2aa2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5816-1ba00-2aa2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5826-2ab00-2ab2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5826-2ab00-2ab2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5874-2aa00-2aa2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5874-2aa00-2aa2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5874-3aa00-2aa2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5874-3aa00-2aa2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5876-3aa02-2ba2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5876-3aa02-2ba2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5876-3aa02-2ea2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5876-3aa02-2ea2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5876-4aa00-2ba2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5876-4aa00-2ba2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5876-4aa00-2da2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5876-4aa00-2da2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5853-2ea00-2da1_firmware", "cpe": "cpe:2.3:o:siemens:6gk5853-2ea00-2da1_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5856-2ea00-3da1_firmware", "cpe": "cpe:2.3:o:siemens:6gk5856-2ea00-3da1_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5856-2ea00-3aa1_firmware", "cpe": "cpe:2.3:o:siemens:6gk5856-2ea00-3aa1_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5622-2gs00-2ac2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5622-2gs00-2ac2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5632-2gs00-2ac2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5632-2gs00-2ac2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5636-2gs00-2ac2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5636-2gs00-2ac2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5642-2gs00-2ac2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5642-2gs00-2ac2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5646-2gs00-2ac2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5646-2gs00-2ac2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5721-1fc00-0aa0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5721-1fc00-0aa0_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5721-1fc00-0ab0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5721-1fc00-0ab0_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5722-1fc00-0aa0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5722-1fc00-0aa0_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5722-1fc00-0ab0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5722-1fc00-0ab0_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5722-1fc00-0ac0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5722-1fc00-0ac0_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5734-1fx00-0aa0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5734-1fx00-0aa0_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5734-1fx00-0aa6_firmware", "cpe": "cpe:2.3:o:siemens:6gk5734-1fx00-0aa6_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5734-1fx00-0ab0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5734-1fx00-0ab0_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5734-1fx00-0ab6_firmware", "cpe": "cpe:2.3:o:siemens:6gk5734-1fx00-0ab6_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5738-1gy00-0aa0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5738-1gy00-0aa0_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5738-1gy00-0ab0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5738-1gy00-0ab0_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5748-1gd00-0aa0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5748-1gd00-0aa0_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5748-1gd00-0ab0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5748-1gd00-0ab0_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5748-1fc00-0aa0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5748-1fc00-0aa0_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5748-1fc00-0ab0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5748-1fc00-0ab0_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5761-1fc00-0aa0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5761-1fc00-0aa0_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5761-1fc00-0ab0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5761-1fc00-0ab0_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5774-1fy00-0ta0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5774-1fy00-0ta0_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5774-1fy00-0tb0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5774-1fy00-0tb0_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5774-1fx00-0aa0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5774-1fx00-0aa0_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5774-1fx00-0aa6_firmware", "cpe": "cpe:2.3:o:siemens:6gk5774-1fx00-0aa6_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5774-1fx00-0ab0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5774-1fx00-0ab0_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5774-1fx00-0ac0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5774-1fx00-0ac0_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5774-1fx00-0ab6_firmware", "cpe": "cpe:2.3:o:siemens:6gk5774-1fx00-0ab6_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5778-1gy00-0aa0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5778-1gy00-0aa0_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5778-1gy00-0ab0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5778-1gy00-0ab0_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5778-1gy00-0ta0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5778-1gy00-0ta0_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5778-1gy00-0tb0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5778-1gy00-0tb0_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5786-1fc00-0aa0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5786-1fc00-0aa0_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5786-1fc00-0ab0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5786-1fc00-0ab0_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5786-2fc00-0aa0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5786-2fc00-0aa0_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5786-2fc00-0ab0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5786-2fc00-0ab0_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5786-2fc00-0ac0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5786-2fc00-0ac0_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5786-2fe00-0aa0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5786-2fe00-0aa0_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5786-2fe00-0ab0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5786-2fe00-0ab0_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5786-2hc00-0aa0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5786-2hc00-0aa0_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5786-2hc00-0ab0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5786-2hc00-0ab0_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5788-1gd00-0aa0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5788-1gd00-0aa0_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5788-1gd00-0ab0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5788-1gd00-0ab0_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5788-1fc00-0aa0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5788-1fc00-0aa0_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5788-1fc00-0ab0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5788-1fc00-0ab0_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5788-2gd00-0aa0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5788-2gd00-0aa0_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5788-2gd00-0ab0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5788-2gd00-0ab0_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5788-2gd00-0ta0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5788-2gd00-0ta0_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5788-2gd00-0tb0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5788-2gd00-0tb0_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5788-2gd00-0tc0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5788-2gd00-0tc0_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5788-2fc00-0aa0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5788-2fc00-0aa0_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5788-2fc00-0ab0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5788-2fc00-0ab0_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5788-2fc00-0ac0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5788-2fc00-0ac0_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5748-1gy01-0aa0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5748-1gy01-0aa0_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5748-1gy01-0ta0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5748-1gy01-0ta0_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5788-1gy01-0aa0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5788-1gy01-0aa0_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5788-2gy01-0ta0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5788-2gy01-0ta0_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5788-2gy01-0aa0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5788-2gy01-0aa0_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5788-2hy01-0aa0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5788-2hy01-0aa0_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5763-1al00-7da0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5763-1al00-7da0_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5766-1ge00-7da0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5766-1ge00-7da0_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5766-1ge00-7db0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5766-1ge00-7db0_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5766-1je00-7da0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5766-1je00-7da0_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5766-1ge00-7ta0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5766-1ge00-7ta0_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5766-1ge00-7tb0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5766-1ge00-7tb0_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5766-1je00-7ta0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5766-1je00-7ta0_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5763-1al00-3aa0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5763-1al00-3aa0_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5763-1al00-3da0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5763-1al00-3da0_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5766-1ge00-3da0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5766-1ge00-3da0_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5766-1ge00-3db0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5766-1ge00-3db0_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5766-1je00-3da0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5766-1je00-3da0_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5205-3bb00-2ab2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5205-3bb00-2ab2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5205-3bb00-2tb2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5205-3bb00-2tb2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5205-3bd00-2tb2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5205-3bd00-2tb2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5205-3bd00-2ab2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5205-3bd00-2ab2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5205-3bf00-2tb2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5205-3bf00-2tb2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5205-3bf00-2ab2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5205-3bf00-2ab2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5208-0ba00-2tb2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5208-0ba00-2tb2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5208-0ba00-2ab2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5208-0ba00-2ab2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5213-3bd00-2tb2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5213-3bd00-2tb2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5213-3bd00-2ab2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5213-3bd00-2ab2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5213-3bb00-2tb2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5213-3bb00-2tb2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5213-3bb00-2ab2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5213-3bb00-2ab2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5213-3bf00-2tb2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5213-3bf00-2tb2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5213-3bf00-2ab2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5213-3bf00-2ab2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5216-0ba00-2tb2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5216-0ba00-2tb2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5216-0ba00-2ab2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5216-0ba00-2ab2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5206-2bd00-2ac2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5206-2bd00-2ac2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5206-2bb00-2ac2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5206-2bb00-2ac2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5206-2rs00-2ac2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5206-2rs00-2ac2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5206-2rs00-5ac2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5206-2rs00-5ac2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5206-2rs00-5fc2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5206-2rs00-5fc2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5206-2bs00-2ac2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5206-2bs00-2ac2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5206-2bs00-2fc2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5206-2bs00-2fc2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5206-2gs00-2ac2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5206-2gs00-2ac2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5206-2gs00-2tc2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5206-2gs00-2tc2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5206-2gs00-2fc2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5206-2gs00-2fc2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5208-0ba00-2ac2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5208-0ba00-2ac2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5208-0ba00-2fc2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5208-0ba00-2fc2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5208-0ga00-2ac2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5208-0ga00-2ac2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5208-0ga00-2tc2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5208-0ga00-2tc2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5208-0ga00-2fc2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5208-0ga00-2fc2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5208-0ra00-2ac2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5208-0ra00-2ac2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5208-0ra00-5ac2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5208-0ra00-5ac2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5216-0ba00-2ac2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5216-0ba00-2ac2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5216-3rs00-2ac2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5216-3rs00-2ac2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5216-3rs00-5ac2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5216-3rs00-5ac2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5216-4bs00-2ac2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5216-4bs00-2ac2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5216-4gs00-2ac2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5216-4gs00-2ac2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5216-4gs00-2tc2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5216-4gs00-2tc2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5216-4gs00-2fc2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5216-4gs00-2fc2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5216-0ba00-2fc2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5216-0ba00-2fc2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5224-0ba00-2ac2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5224-0ba00-2ac2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5224-4gs00-2ac2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5224-4gs00-2ac2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5224-4gs00-2tc2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5224-4gs00-2tc2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5224-4gs00-2fc2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5224-4gs00-2fc2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5204-0ba00-2gf2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5204-0ba00-2gf2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5204-0ba00-2yf2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5204-0ba00-2yf2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5204-2aa00-2gf2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5204-2aa00-2gf2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5204-2aa00-2yf2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5204-2aa00-2yf2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5408-4gp00-2am2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5408-4gp00-2am2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5408-4gq00-2am2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5408-4gq00-2am2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5408-8gs00-2am2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5408-8gs00-2am2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5408-8gr00-2am2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5408-8gr00-2am2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5416-4gs00-2am2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5416-4gs00-2am2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5416-4gr00-2am2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5416-4gr00-2am2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5208-0ha00-2as6_firmware", "cpe": "cpe:2.3:o:siemens:6gk5208-0ha00-2as6_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5208-0ha00-2ts6_firmware", "cpe": "cpe:2.3:o:siemens:6gk5208-0ha00-2ts6_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5208-0ha00-2es6_firmware", "cpe": "cpe:2.3:o:siemens:6gk5208-0ha00-2es6_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5208-0ua00-5es6_firmware", "cpe": "cpe:2.3:o:siemens:6gk5208-0ua00-5es6_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5216-0ha00-2as6_firmware", "cpe": "cpe:2.3:o:siemens:6gk5216-0ha00-2as6_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5216-0ha00-2ts6_firmware", "cpe": "cpe:2.3:o:siemens:6gk5216-0ha00-2ts6_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5216-0ha00-2es6_firmware", "cpe": "cpe:2.3:o:siemens:6gk5216-0ha00-2es6_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5216-0ua00-5es6_firmware", "cpe": "cpe:2.3:o:siemens:6gk5216-0ua00-5es6_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5324-0ba00-3ar3_firmware", "cpe": "cpe:2.3:o:siemens:6gk5324-0ba00-3ar3_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5324-0ba00-2ar3_firmware", "cpe": "cpe:2.3:o:siemens:6gk5324-0ba00-2ar3_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5326-2qs00-3ar3_firmware", "cpe": "cpe:2.3:o:siemens:6gk5326-2qs00-3ar3_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5326-2qs00-3rr3_firmware", "cpe": "cpe:2.3:o:siemens:6gk5326-2qs00-3rr3_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5328-4fs00-3ar3_firmware", "cpe": "cpe:2.3:o:siemens:6gk5328-4fs00-3ar3_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5328-4fs00-3rr3_firmware", "cpe": "cpe:2.3:o:siemens:6gk5328-4fs00-3rr3_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5328-4fs00-2ar3_firmware", "cpe": "cpe:2.3:o:siemens:6gk5328-4fs00-2ar3_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5328-4fs00-2rr3_firmware", "cpe": "cpe:2.3:o:siemens:6gk5328-4fs00-2rr3_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5328-4ss00-3ar3_firmware", "cpe": "cpe:2.3:o:siemens:6gk5328-4ss00-3ar3_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5328-4ss00-2ar3_firmware", "cpe": "cpe:2.3:o:siemens:6gk5328-4ss00-2ar3_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5524-8gs00-3ar2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5524-8gs00-3ar2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5524-8gr00-3ar2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5524-8gr00-3ar2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5524-8gs00-4ar2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5524-8gs00-4ar2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5524-8gr00-4ar2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5524-8gr00-4ar2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5524-8gs00-2ar2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5524-8gs00-2ar2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5524-8gr00-2ar2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5524-8gr00-2ar2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5526-8gs00-3ar2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5526-8gs00-3ar2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5526-8gr00-3ar2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5526-8gr00-3ar2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5526-8gs00-4ar2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5526-8gs00-4ar2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5526-8gr00-4ar2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5526-8gr00-4ar2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5526-8gs00-2ar2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5526-8gs00-2ar2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5526-8gr00-2ar2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5526-8gr00-2ar2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5528-0aa00-2ar2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5528-0aa00-2ar2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5528-0aa00-2hr2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5528-0aa00-2hr2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5528-0ar00-2hr2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5528-0ar00-2hr2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5528-0ar00-2ar2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5528-0ar00-2ar2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5552-0aa00-2ar2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5552-0aa00-2ar2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5552-0aa00-2hr2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5552-0aa00-2hr2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5552-0ar00-2hr2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5552-0ar00-2hr2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5552-0ar00-2ar2_firmware", "cpe": "cpe:2.3:o:siemens:6gk5552-0ar00-2ar2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6ag1206-2bb00-7ac2_firmware", "cpe": "cpe:2.3:o:siemens:6ag1206-2bb00-7ac2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6ag1206-2bs00-7ac2_firmware", "cpe": "cpe:2.3:o:siemens:6ag1206-2bs00-7ac2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6ag1208-0ba00-7ac2_firmware", "cpe": "cpe:2.3:o:siemens:6ag1208-0ba00-7ac2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6ag1216-4bs00-7ac2_firmware", "cpe": "cpe:2.3:o:siemens:6ag1216-4bs00-7ac2_firmware:-:*:*:*:*:*:*:*"}], "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-019200.html", "source": "productcert@siemens.com", "tags": []}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-552702.html", "source": "productcert@siemens.com", "tags": []}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-552702.pdf", "source": "productcert@siemens.com", "tags": ["Mitigation", "Patch", "Vendor Advisory"]}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-552702.pdf", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Patch", "Vendor Advisory"]}], "published": "2022-10-11T11:15:09.737", "last_modified": "2026-04-14T09:16:29.233", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00504, "epss_percentile": 0.66121, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-1010", "description": "An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-416", "CWE-416"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1936982", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-07/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-08/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-09/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-10/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-11/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00005.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00006.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-02-04T14:15:31.767", "last_modified": "2026-04-13T15:16:49.243", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00344, "epss_percentile": 0.57008, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-1011", "description": "A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution. This vulnerability was fixed in Firefox 135, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-94"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1936454", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-07/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-09/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-10/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-11/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00005.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00006.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-02-04T14:15:31.887", "last_modified": "2026-04-13T15:16:49.467", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00211, "epss_percentile": 0.43629, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-1930", "description": "On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. This vulnerability was fixed in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-416"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1902309", "source": "security@mozilla.org", "tags": ["Issue Tracking"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-14/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-15/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-16/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-17/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-18/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-03-04T14:15:37.850", "last_modified": "2026-04-13T15:16:51.590", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00342, "epss_percentile": 0.56905, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-2817", "description": "Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths controlled by a non-privileged user and enabling privilege escalation. This vulnerability was fixed in Firefox 138, Firefox ESR 128.10, Firefox ESR 115.23, Thunderbird 138, and Thunderbird 128.10.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-22"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1917536", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-28/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-29/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-30/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-31/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-32/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00022.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-04-29T14:15:32.220", "last_modified": "2026-04-13T15:16:55.633", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00378, "epss_percentile": 0.59342, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1083", "name": "File and Directory Discovery", "tactic": "Discovery"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-4919", "description": "An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability was fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 138.0.2.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-125", "CWE-787"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1966614", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-36/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-37/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-38/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-40/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-41/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00024.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00046.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-05-17T22:15:19.653", "last_modified": "2026-04-13T15:17:01.630", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00277, "epss_percentile": 0.51096, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-6426", "description": "The executable file warning did not warn users before opening files with the `terminal` extension. \n*This bug only affects Firefox for macOS. Other versions of Firefox are unaffected.*. This vulnerability was fixed in Firefox 140, Firefox ESR 128.12, Thunderbird 140, and Thunderbird 128.12.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-345"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1964385", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-51/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-53/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-54/", "source": "security@mozilla.org", "tags": []}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-55/", "source": "security@mozilla.org", "tags": []}], "published": "2025-06-24T13:15:23.537", "last_modified": "2026-04-13T15:17:06.523", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00046, "epss_percentile": 0.13885, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-8034", "description": "Memory safety bugs present in Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-119"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1970422", "source": "security@mozilla.org", "tags": []}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-56/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-57/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-58/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-59/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-61/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-62/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-63/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00016.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-07-22T21:15:50.560", "last_modified": "2026-04-13T15:17:10.217", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00123, "epss_percentile": 0.3145, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-8035", "description": "Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-119"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1975961", "source": "security@mozilla.org", "tags": []}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-56/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-58/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-59/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-61/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-62/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-63/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00016.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-07-22T21:15:50.660", "last_modified": "2026-04-13T15:17:10.447", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00092, "epss_percentile": 0.25877, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-8040", "description": "Memory safety bugs present in Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-119"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1975058%2C1975998", "source": "security@mozilla.org", "tags": []}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-56/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-59/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-61/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-63/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-07-22T21:15:51.163", "last_modified": "2026-04-13T15:17:11.393", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00095, "epss_percentile": 0.26347, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-10533", "description": "Integer overflow in the SVG component. This vulnerability was fixed in Firefox 143, Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-190"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1980788", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-73/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-74/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-75/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-77/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-78/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00026.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-09-16T13:15:47.553", "last_modified": "2026-04-13T15:16:36.860", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00096, "epss_percentile": 0.26501, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-10537", "description": "Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-119"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1938220%2C1980730%2C1981280%2C1981283%2C1984505%2C1985067", "source": "security@mozilla.org", "tags": ["Issue Tracking"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-73/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-75/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-77/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-78/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00020.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00026.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-09-16T13:15:49.433", "last_modified": "2026-04-13T15:16:37.560", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00068, "epss_percentile": 0.21, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-11152", "description": "Sandbox escape due to integer overflow in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143.0.3.", "cvss_score": 8.6, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-190"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1987246", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-80/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-09-30T13:15:48.680", "last_modified": "2026-04-13T15:16:38.857", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00056, "epss_percentile": 0.17453, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 25.8, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-11714", "description": "Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-119", "CWE-125", "CWE-787"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1973699%2C1989945%2C1990970%2C1991040%2C1992113", "source": "security@mozilla.org", "tags": ["Broken Link", "Issue Tracking"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-81/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-82/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-83/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-84/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-85/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00015.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00031.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-10-14T13:15:37.680", "last_modified": "2026-04-13T15:16:40.350", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00056, "epss_percentile": 0.17353, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-11715", "description": "Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 144, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-119"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1983838%2C1987624%2C1988244%2C1988912%2C1989734%2C1990085%2C1991899", "source": "security@mozilla.org", "tags": ["Broken Link", "Issue Tracking"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-81/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-83/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-84/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-85/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00015.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00031.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-10-14T13:15:37.800", "last_modified": "2026-04-13T15:16:40.547", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00058, "epss_percentile": 0.18156, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-13014", "description": "Use-after-free in the Audio/Video component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and Thunderbird 140.5.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-416"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1994241", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-87/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-88/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-89/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-90/", "source": "security@mozilla.org", "tags": []}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-91/", "source": "security@mozilla.org", "tags": []}], "published": "2025-11-11T16:15:38.473", "last_modified": "2026-04-13T15:16:42.297", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00043, "epss_percentile": 0.13081, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-13020", "description": "Use-after-free in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-416"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1995686", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-87/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-88/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-90/", "source": "security@mozilla.org", "tags": []}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-91/", "source": "security@mozilla.org", "tags": []}], "published": "2025-11-11T16:15:39.097", "last_modified": "2026-04-13T15:16:43.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00036, "epss_percentile": 0.10731, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-10655", "description": "SQL Injection in Frappe HelpDesk in the dashboard get_dashboard_data due to unsafe concatenation of user-controlled parameters into dynamic SQL statements.This issue affects Frappe HelpDesk: 1.14.0.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-89"], "affected_products": [{"vendor": "frappe", "product": "helpdesk", "cpe": "cpe:2.3:a:frappe:helpdesk:1.14.0:*:*:*:*:*:*:*"}], "references": [{"url": "https://fluidattacks.com/advisories/dyango", "source": "help@fluidattacks.com", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://github.com/frappe/helpdesk", "source": "help@fluidattacks.com", "tags": ["Product"]}, {"url": "https://github.com/frappe/helpdesk/pull/2795", "source": "help@fluidattacks.com", "tags": ["Exploit", "Issue Tracking"]}], "published": "2025-12-09T16:17:31.540", "last_modified": "2026-04-14T15:35:01.293", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00055, "epss_percentile": 0.17069, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-14323", "description": "Privilege escalation in the DOM: Notifications component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": [], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1996555", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-92/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-93/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-94/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-95/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-96/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-12-09T16:17:39.700", "last_modified": "2026-04-13T15:16:45.220", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00076, "epss_percentile": 0.22696, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-14328", "description": "Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": [], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1996761", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-92/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-94/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-95/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-96/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-12-09T16:17:40.333", "last_modified": "2026-04-13T15:16:46.140", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00074, "epss_percentile": 0.22424, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-14329", "description": "Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": [], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1997018", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-92/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-94/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-95/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-96/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-12-09T16:17:40.503", "last_modified": "2026-04-13T15:16:46.317", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00074, "epss_percentile": 0.22424, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-68143", "description": "Model Context Protocol Servers is a collection of reference implementations for the model context protocol (MCP). In mcp-server-git versions prior to 2025.9.25, the git_init tool accepted arbitrary filesystem paths and created Git repositories without validating the target location. Unlike other tools which required an existing repository, git_init could operate on any directory accessible to the server process, making those directories eligible for subsequent git operations. The tool was removed entirely, as the server is intended to operate on existing repositories only. Users are advised to upgrade to 2025.9.25 or newer to remediate this issue.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-22"], "affected_products": [{"vendor": "lfprojects", "product": "model_context_protocol_servers", "cpe": "cpe:2.3:a:lfprojects:model_context_protocol_servers:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/modelcontextprotocol/servers/commit/eac56e7bcde48fb64d5a973924d05d69a7d876e6", "source": "security-advisories@github.com", "tags": ["Patch"]}, {"url": "https://github.com/modelcontextprotocol/servers/security/advisories/GHSA-5cgr-j3jf-jw3v", "source": "security-advisories@github.com", "tags": ["Vendor Advisory"]}], "published": "2025-12-17T23:16:04.560", "last_modified": "2026-04-14T15:30:51.740", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00156, "epss_percentile": 0.36418, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1083", "name": "File and Directory Discovery", "tactic": "Discovery"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-14861", "description": "Memory safety bugs present in Firefox 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 146.0.1.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-119"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1996570%2C1999700", "source": "security@mozilla.org", "tags": ["Broken Link"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-98/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-12-18T15:15:53.157", "last_modified": "2026-04-13T15:16:47.820", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00056, "epss_percentile": 0.17538, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-0880", "description": "Sandbox escape due to integer overflow in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-190"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2005014", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-02/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-03/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-05/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-01-13T14:16:38.557", "last_modified": "2026-04-13T15:17:16.710", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00021, "epss_percentile": 0.05485, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-0882", "description": "Use-after-free in the IPC component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-416"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1924125", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-02/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-03/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-05/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-01-13T14:16:38.750", "last_modified": "2026-04-13T15:17:17.050", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00021, "epss_percentile": 0.05485, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-24869", "description": "Use-after-free in the Layout: Scrolling and Overflow component. This vulnerability was fixed in Firefox 147.0.2.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-416", "CWE-416"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2008698", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-06/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-01-27T16:16:36.283", "last_modified": "2026-04-13T15:17:19.507", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00056, "epss_percentile": 0.17538, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-67478", "description": "Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files includes/Mail/UserMailer.Php.\n\nThis issue affects CheckUser: from * before 1.39.14, 1.43.4, 1.44.1.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": [], "affected_products": [{"vendor": "mediawiki", "product": "checkuser", "cpe": "cpe:2.3:a:mediawiki:checkuser:*:*:*:*:*:mediawiki:*:*"}, {"vendor": "mediawiki", "product": "checkuser", "cpe": "cpe:2.3:a:mediawiki:checkuser:*:*:*:*:*:mediawiki:*:*"}, {"vendor": "mediawiki", "product": "checkuser", "cpe": "cpe:2.3:a:mediawiki:checkuser:1.44.0:*:*:*:*:mediawiki:*:*"}], "references": [{"url": "https://phabricator.wikimedia.org/T385403", "source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc", "tags": ["Broken Link"]}], "published": "2026-02-03T02:16:08.840", "last_modified": "2026-04-14T14:08:48.420", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00022, "epss_percentile": 0.05755, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-62600", "description": "eprosima Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to 2.6.11, 2.14.6, 3.2.4, 3.3.1, and 3.4.1, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes an Out-Of-Memory (OOM) condition, resulting in remote termination of Fast-DDS.\nIf the fields of PID_IDENTITY_TOKEN or PID_PERMISSION_TOKEN in the DATA Submessage — specifically by tampering with the length field in readBinaryPropertySeq— are modified, an integer overflow occurs, leading to an OOM during the resize operation. This vulnerability is fixed in 2.6.11, 2.14.6, 3.2.4, 3.3.1, and 3.4.1.", "cvss_score": 8.6, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-190", "CWE-789"], "affected_products": [{"vendor": "eprosima", "product": "fast_dds", "cpe": "cpe:2.3:a:eprosima:fast_dds:*:*:*:*:*:*:*:*"}, {"vendor": "eprosima", "product": "fast_dds", "cpe": "cpe:2.3:a:eprosima:fast_dds:*:*:*:*:*:*:*:*"}, {"vendor": "eprosima", "product": "fast_dds", "cpe": "cpe:2.3:a:eprosima:fast_dds:3.4.0:*:*:*:*:*:*:*"}, {"vendor": "debian", "product": "debian_linux", "cpe": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*"}, {"vendor": "debian", "product": "debian_linux", "cpe": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*"}, {"vendor": "debian", "product": "debian_linux", "cpe": "cpe:2.3:o:debian:debian_linux:13.0:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-hvm8-mm7f-m6hc", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-hvm8-mm7f-m6hc", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": []}], "published": "2026-02-03T19:16:14.170", "last_modified": "2026-04-14T16:16:31.990", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00019, "epss_percentile": 0.05019, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 25.8, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2447", "description": "Heap buffer overflow in libvpx. This vulnerability was fixed in Firefox 147.0.4, Firefox ESR 140.7.1, Firefox ESR 115.32.1, Thunderbird 140.7.2, and Thunderbird 147.0.2.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-122"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014390", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-10/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-11/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2026/02/msg00028.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2026-02-16T15:18:34.740", "last_modified": "2026-04-13T15:17:19.983", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00017, "epss_percentile": 0.03817, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2769", "description": "Use-after-free in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-416"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014550", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-14/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-02-24T14:16:25.287", "last_modified": "2026-04-13T15:17:23.223", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0005, "epss_percentile": 0.1544, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2798", "description": "Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-416"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014136", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-02-24T14:16:28.307", "last_modified": "2026-04-13T15:17:29.780", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00046, "epss_percentile": 0.13996, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-3845", "description": "Heap buffer overflow in the Audio/Video: Playback component in Firefox for Android. This vulnerability was fixed in Firefox 148.0.2.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-122"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:android:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2020174", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-19/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-03-10T18:19:05.507", "last_modified": "2026-04-13T15:17:34.783", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00046, "epss_percentile": 0.14026, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-3847", "description": "Memory safety bugs present in Firefox 148.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 148.0.2.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-119", "CWE-416"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=2017513%2C2017622%2C2019341", "source": "security@mozilla.org", "tags": ["Broken Link"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-19/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-03-10T18:19:05.837", "last_modified": "2026-04-13T15:17:35.143", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00049, "epss_percentile": 0.1491, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-14287", "description": "A command injection vulnerability exists in mlflow/mlflow versions before v3.7.0, specifically in the `mlflow/sagemaker/__init__.py` file at lines 161-167. The vulnerability arises from the direct interpolation of user-supplied container image names into shell commands without proper sanitization, which are then executed using `os.system()`. This allows attackers to execute arbitrary commands by supplying malicious input through the `--container` parameter of the CLI. The issue affects environments where MLflow is used, including development setups, CI/CD pipelines, and cloud deployments.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-94"], "affected_products": [{"vendor": "lfprojects", "product": "mlflow", "cpe": "cpe:2.3:a:lfprojects:mlflow:*:-:*:*:*:*:*:*"}], "references": [{"url": "https://huntr.com/bounties/229cd526-41aa-4819-b6f0-e2d0371c89e3", "source": "security@huntr.dev", "tags": ["Exploit", "Third Party Advisory"]}], "published": "2026-03-16T14:17:55.610", "last_modified": "2026-04-14T16:48:14.020", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00083, "epss_percentile": 0.24228, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-30924", "description": "qui is a web interface for managing qBittorrent instances. Versions 1.14.1 and below use a permissive CORS policy that reflects arbitrary origins while also returning Access-Control-Allow-Credentials: true, effectively allowing any external webpage to make authenticated requests on behalf of a logged-in user. An attacker can exploit this by tricking a victim into loading a malicious webpage, which silently interacts with the application using the victim's session and potentially exfiltrating sensitive data such as API keys and account credentials, or even achieving full system compromise through the built-in External Programs manager. Exploitation requires that the victim access the application via a non-localhost hostname and load an attacker-controlled webpage, making highly targeted social-engineering attacks the most likely real-world scenario. This issue was not fixed at the time of publication.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-942"], "affected_products": [{"vendor": "getqui", "product": "qui", "cpe": "cpe:2.3:a:getqui:qui:*:*:*:*:*:docker:*:*"}], "references": [{"url": "https://github.com/autobrr/qui/commit/424f7a0de089dce881e8bbecd220163a78e0295f", "source": "security-advisories@github.com", "tags": ["Patch"]}, {"url": "https://github.com/autobrr/qui/security/advisories/GHSA-h8vw-ph9r-xpch", "source": "security-advisories@github.com", "tags": ["Vendor Advisory"]}], "published": "2026-03-19T21:17:09.943", "last_modified": "2026-04-14T17:48:44.787", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00054, "epss_percentile": 0.16769, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32721", "description": "LuCI is the OpenWrt Configuration Interface. Versions prior to both 24.10.5 and 25.12.0, contain a stored XSS vulnerability in the wireless scan modal, where SSID values from scan results are rendered as raw HTML without any sanitization. The wireless.js file in the luci-mod-network package passes SSIDs via a template literal to dom.append(), which processes them through innerHTML, allowing an attacker to craft a malicious SSID containing arbitrary HTML/JavaScript. Exploitation requires the user to actively open the wireless scan modal (e.g., to connect to a Wi-Fi access point or survey nearby channels), and only affects OpenWrt versions newer than 23.05/22.03 up to the patched releases (24.10.6 and 25.12.1). The issue has been fixed in version LuCI 26.072.65753~068150b.", "cvss_score": 8.6, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-79"], "affected_products": [{"vendor": "openwrt", "product": "luci", "cpe": "cpe:2.3:a:openwrt:luci:*:*:*:*:*:*:*:*"}, {"vendor": "openwrt", "product": "openwrt", "cpe": "cpe:2.3:o:openwrt:openwrt:*:*:*:*:*:*:*:*"}, {"vendor": "openwrt", "product": "openwrt", "cpe": "cpe:2.3:o:openwrt:openwrt:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/openwrt/luci/commit/068150ba5f524ef6b03817b258d31ec310053fd6", "source": "security-advisories@github.com", "tags": ["Patch"]}, {"url": "https://github.com/openwrt/luci/commit/cdce600aaec66f762f18d608c74cbf3abcafe1c7", "source": "security-advisories@github.com", "tags": ["Patch"]}, {"url": "https://github.com/openwrt/luci/security/advisories/GHSA-vvj6-7362-pjrw", "source": "security-advisories@github.com", "tags": ["Patch", "Vendor Advisory"]}], "published": "2026-03-19T23:16:44.030", "last_modified": "2026-04-14T17:49:24.540", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 7e-05, "epss_percentile": 0.00585, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 25.8, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-67260", "description": "The Terrapack software, from ASTER TEC / ASTER S.p.A., with the indicated components and versions has a file upload vulnerability that may allow attackers to execute arbitrary code. Vulnerable components include Terrapack TkWebCoreNG:: 1.0.20200914, Terrapack TKServerCGI 2.5.4.150, and Terrapack TpkWebGIS Client 1.0.0.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-434"], "affected_products": [{"vendor": "aster-te", "product": "terrapack_tkservercgi", "cpe": "cpe:2.3:a:aster-te:terrapack_tkservercgi:2.5.4.150:*:*:*:*:*:*:*"}, {"vendor": "aster-te", "product": "terrapack_tkwebcoreng", "cpe": "cpe:2.3:a:aster-te:terrapack_tkwebcoreng:1.0.20200914:*:*:*:*:*:*:*"}, {"vendor": "aster-te", "product": "terrapack_tpkwebgis", "cpe": "cpe:2.3:a:aster-te:terrapack_tpkwebgis:1.0.0:*:*:*:*:*:*:*"}], "references": [{"url": "http://aster.com", "source": "cve@mitre.org", "tags": ["Not Applicable"]}, {"url": "http://terrapack.com", "source": "cve@mitre.org", "tags": ["Broken Link"]}, {"url": "https://github.com/edi-marc/Vulnerability_List/tree/main/CVE_Terrapack", "source": "cve@mitre.org", "tags": ["Third Party Advisory"]}, {"url": "https://packetstorm.news/files/id/217271", "source": "cve@mitre.org", "tags": ["Not Applicable"]}, {"url": "https://www.acn.gov.it/portale/en/csirt-italia", "source": "cve@mitre.org", "tags": ["Broken Link"]}], "published": "2026-03-20T16:16:16.490", "last_modified": "2026-04-14T20:54:09.390", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00067, "epss_percentile": 0.20596, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1105", "name": "Ingress Tool Transfer", "tactic": "Command and Control"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33166", "description": "Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. The Allure report generator prior to version 2.38.0 is vulnerable to an arbitrary file read via path traversal when processing test results. An attacker can craft a malicious result file (-result.json, -container.json, or .plist) that points an attachment source to a sensitive file on the host system. During report generation, Allure will resolve these paths and include the sensitive files in the final report. Version 2.38.0 fixes the issue.", "cvss_score": 8.6, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-22"], "affected_products": [{"vendor": "qameta", "product": "allure_report", "cpe": "cpe:2.3:a:qameta:allure_report:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/allure-framework/allure2/security/advisories/GHSA-64hm-gfwq-jppw", "source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"]}], "published": "2026-03-20T22:16:28.660", "last_modified": "2026-04-14T18:42:27.007", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00018, "epss_percentile": 0.04518, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1083", "name": "File and Directory Discovery", "tactic": "Discovery"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 25.8, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4687", "description": "Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.", "cvss_score": 8.6, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-754", "CWE-120"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016368", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-21/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "source": "security@mozilla.org", "tags": []}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "source": "security@mozilla.org", "tags": []}], "published": "2026-03-24T13:16:04.537", "last_modified": "2026-04-13T15:17:36.980", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00024, "epss_percentile": 0.06369, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 25.8, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4690", "description": "Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.", "cvss_score": 8.6, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-190", "CWE-754", "CWE-120", "CWE-190"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016375", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-21/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "source": "security@mozilla.org", "tags": []}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "source": "security@mozilla.org", "tags": []}], "published": "2026-03-24T13:16:04.837", "last_modified": "2026-04-13T15:17:37.640", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00021, "epss_percentile": 0.05455, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 25.8, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4722", "description": "Privilege escalation in the IPC component. This vulnerability was fixed in Firefox 149 and Thunderbird 149.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": [], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2010097", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "source": "security@mozilla.org", "tags": []}], "published": "2026-03-24T13:16:08.093", "last_modified": "2026-04-13T15:17:44.393", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00015, "epss_percentile": 0.03063, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33943", "description": "Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. In versions 15.10.0 through 20.8.7, a code injection vulnerability in `ECMAScriptModuleCompiler` allows an attacker to achieve Remote Code Execution (RCE) by injecting arbitrary JavaScript expressions inside `export { }` declarations in ES module scripts processed by happy-dom. The compiler directly interpolates unsanitized content into generated code as an executable expression, and the quote filter does not strip backticks, allowing template literal-based payloads to bypass sanitization. Version 20.8.8 fixes the issue.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-94"], "affected_products": [{"vendor": "capricorn86", "product": "happy_dom", "cpe": "cpe:2.3:a:capricorn86:happy_dom:*:*:*:*:*:node.js:*:*"}], "references": [{"url": "https://github.com/capricorn86/happy-dom/commit/5437fdf8f13adb9590f9f52616d9f69c3ee8db3c", "source": "security-advisories@github.com", "tags": ["Patch"]}, {"url": "https://github.com/capricorn86/happy-dom/releases/tag/v20.8.8", "source": "security-advisories@github.com", "tags": ["Product", "Release Notes"]}, {"url": "https://github.com/capricorn86/happy-dom/security/advisories/GHSA-6q6h-j7hj-3r64", "source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"]}, {"url": "https://github.com/capricorn86/happy-dom/security/advisories/GHSA-6q6h-j7hj-3r64", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"]}], "published": "2026-03-27T22:16:21.393", "last_modified": "2026-04-13T17:24:44.997", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00059, "epss_percentile": 0.18372, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-10551", "description": "A Stored Cross-site Scripting (XSS) vulnerability affecting Document Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.", "cvss_score": 8.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-79"], "affected_products": [{"vendor": "3ds", "product": "3dexperience", "cpe": "cpe:2.3:o:3ds:3dexperience:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2025-10551", "source": "3DS.Information-Security@3ds.com", "tags": ["Vendor Advisory"]}], "published": "2026-03-31T09:16:21.623", "last_modified": "2026-04-13T13:28:22.133", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00033, "epss_percentile": 0.09277, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34747", "description": "Payload is a free and open source headless content management system. Prior to version 3.79.1, certain request inputs were not properly validated. An attacker could craft requests that influence SQL query execution, potentially exposing or modifying data in collections. This issue has been patched in version 3.79.1.", "cvss_score": 8.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-89"], "affected_products": [{"vendor": "payloadcms", "product": "payload", "cpe": "cpe:2.3:a:payloadcms:payload:*:*:*:*:*:node.js:*:*"}], "references": [{"url": "https://github.com/payloadcms/payload/releases/tag/v3.79.1", "source": "security-advisories@github.com", "tags": ["Product", "Release Notes"]}, {"url": "https://github.com/payloadcms/payload/security/advisories/GHSA-7xxh-373w-35vg", "source": "security-advisories@github.com", "tags": ["Mitigation", "Vendor Advisory"]}], "published": "2026-04-01T20:16:26.887", "last_modified": "2026-04-13T18:53:11.523", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00065, "epss_percentile": 0.20071, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 25.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34748", "description": "Payload is a free and open source headless content management system. Prior to version 3.78.0 in @payloadcms/next, a stored Cross-Site Scripting (XSS) vulnerability existed in the admin panel. An authenticated user with write access to a collection could save content that, when viewed by another user, would execute in their browser. This issue has been patched in version 3.78.0.", "cvss_score": 8.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-79"], "affected_products": [{"vendor": "payloadcms", "product": "payload", "cpe": "cpe:2.3:a:payloadcms:payload:*:*:*:*:*:node.js:*:*"}], "references": [{"url": "https://github.com/payloadcms/payload/security/advisories/GHSA-mmxc-95ch-2j7c", "source": "security-advisories@github.com", "tags": ["Mitigation", "Vendor Advisory"]}], "published": "2026-04-01T20:16:27.040", "last_modified": "2026-04-13T19:13:21.220", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00036, "epss_percentile": 0.10518, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34954", "description": "PraisonAI is a multi-agent teams system. Prior to version 1.5.95, FileTools.download_file() in praisonaiagents validates the destination path but performs no validation on the url parameter, passing it directly to httpx.stream() with follow_redirects=True. An attacker who controls the URL can reach any host accessible from the server including cloud metadata services and internal network services. This issue has been patched in version 1.5.95.", "cvss_score": 8.6, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-918"], "affected_products": [{"vendor": "praison", "product": "praisonaiagents", "cpe": "cpe:2.3:a:praison:praisonaiagents:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-44c2-3rw4-5gvh", "source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"]}], "published": "2026-04-03T23:17:06.810", "last_modified": "2026-04-13T18:46:18.453", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00041, "epss_percentile": 0.12432, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1090", "name": "Proxy", "tactic": "Command and Control"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 25.8, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34955", "description": "PraisonAI is a multi-agent teams system. Prior to version 4.5.97, SubprocessSandbox in all modes (BASIC, STRICT, NETWORK_ISOLATED) calls subprocess.run() with shell=True and relies solely on string-pattern matching to block dangerous commands. The blocklist does not include sh or bash as standalone executables, allowing trivial sandbox escape in STRICT mode via sh -c '<command>'. This issue has been patched in version 4.5.97.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-78"], "affected_products": [{"vendor": "praison", "product": "praisonai", "cpe": "cpe:2.3:a:praison:praisonai:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-r4f2-3m54-pp7q", "source": "security-advisories@github.com", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}], "published": "2026-04-04T00:16:19.370", "last_modified": "2026-04-14T18:56:02.767", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00022, "epss_percentile": 0.05999, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34940", "description": "KubeAI is an AI inference operator for kubernetes. Prior to 0.23.2, the ollamaStartupProbeScript() function in internal/modelcontroller/engine_ollama.go constructs a shell command string using fmt.Sprintf with unsanitized model URL components (ref, modelParam). This shell command is executed via bash -c as a Kubernetes startup probe. An attacker who can create or update Model custom resources can inject arbitrary shell commands that execute inside model server pods. This vulnerability is fixed in 0.23.2.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-78"], "affected_products": [{"vendor": "kubeai", "product": "kubeai", "cpe": "cpe:2.3:a:kubeai:kubeai:*:*:*:*:*:kubernetes:*:*"}], "references": [{"url": "https://github.com/kubeai-project/kubeai/security/advisories/GHSA-324q-cwx9-7crr", "source": "security-advisories@github.com", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}, {"url": "https://github.com/kubeai-project/kubeai/security/advisories/GHSA-324q-cwx9-7crr", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}], "published": "2026-04-06T16:16:37.870", "last_modified": "2026-04-14T20:28:36.067", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00062, "epss_percentile": 0.19193, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35164", "description": "Brave CMS is an open-source CMS. Prior to 2.0.6, an unrestricted file upload vulnerability exists in the CKEditor upload functionality. It is found in app/Http/Controllers/Dashboard/CkEditorController.php within the ckupload method. The method fails to validate uploaded file types and relies entirely on user input. This allows an authenticated user to upload executable PHP scripts and gain Remote Code Execution. This vulnerability is fixed in 2.0.6.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-434"], "affected_products": [{"vendor": "ajax30", "product": "bravecms", "cpe": "cpe:2.3:a:ajax30:bravecms:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/Ajax30/BraveCMS-2.0/security/advisories/GHSA-2j4q-6p52-4rhw", "source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"]}, {"url": "https://github.com/Ajax30/BraveCMS-2.0/security/advisories/GHSA-2j4q-6p52-4rhw", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"]}], "published": "2026-04-06T18:16:42.900", "last_modified": "2026-04-14T15:51:15.613", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00233, "epss_percentile": 0.46119, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1105", "name": "Ingress Tool Transfer", "tactic": "Command and Control"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35470", "description": "OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to 2.10.2, confronta_righe.php files across different modules in OpenSTAManager contain an SQL Injection vulnerability. The righe parameter received via $_GET['righe'] is directly concatenated into an SQL query without any sanitization, parameterization or validation. An authenticated attacker can inject arbitrary SQL statements to extract sensitive data from the database, including user credentials, customer information, invoice data and any other stored data. This vulnerability is fixed in 2.10.2.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-89"], "affected_products": [{"vendor": "devcode", "product": "openstamanager", "cpe": "cpe:2.3:a:devcode:openstamanager:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/devcode-it/openstamanager/releases/tag/v2.10.2", "source": "security-advisories@github.com", "tags": ["Product", "Release Notes"]}, {"url": "https://github.com/devcode-it/openstamanager/security/advisories/GHSA-mmm5-3g4x-qw39", "source": "security-advisories@github.com", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}, {"url": "https://github.com/devcode-it/openstamanager/security/advisories/GHSA-mmm5-3g4x-qw39", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}], "published": "2026-04-06T18:16:44.400", "last_modified": "2026-04-14T19:58:01.767", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00034, "epss_percentile": 0.09825, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35182", "description": "Brave CMS is an open-source CMS. Prior to 2.0.6, this vulnerability is a missing authorization check found in the update role endpoint at routes/web.php. The POST route for /rights/update-role/{id} lacks the checkUserPermissions:assign-user-roles middleware. This allows any authenticated user to change account roles and promote themselves to Super Admin. This vulnerability is fixed in 2.0.6.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-862"], "affected_products": [{"vendor": "ajax30", "product": "bravecms", "cpe": "cpe:2.3:a:ajax30:bravecms:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/Ajax30/BraveCMS-2.0/security/advisories/GHSA-g58h-mvjw-f4hv", "source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"]}, {"url": "https://github.com/Ajax30/BraveCMS-2.0/security/advisories/GHSA-g58h-mvjw-f4hv", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"]}], "published": "2026-04-06T20:16:26.553", "last_modified": "2026-04-14T15:50:57.397", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00036, "epss_percentile": 0.10438, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5732", "description": "Incorrect boundary conditions, integer overflow in the Graphics: Text component. This vulnerability was fixed in Firefox 149.0.2, Firefox ESR 140.9.1, Thunderbird 149.0.2, and Thunderbird 140.9.1.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-190"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2017867", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-25/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-27/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-28/", "source": "security@mozilla.org", "tags": []}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-29/", "source": "security@mozilla.org", "tags": []}], "published": "2026-04-07T13:16:47.463", "last_modified": "2026-04-13T15:17:46.467", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00042, "epss_percentile": 0.12708, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5733", "description": "Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 149.0.2 and Thunderbird 149.0.2.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-119"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2022554", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-25/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-28/", "source": "security@mozilla.org", "tags": []}], "published": "2026-04-07T13:16:47.567", "last_modified": "2026-04-13T15:17:46.643", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00039, "epss_percentile": 0.1175, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39322", "description": "PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, POST /api/v1/auth/sign-in creates a valid session for banned accounts before verifying the supplied password. That session is then accepted across authenticated /api routes, enabling account data access and authenticated actions as the banned user.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-287"], "affected_products": [{"vendor": "polarlearn", "product": "polarlearn", "cpe": "cpe:2.3:a:polarlearn:polarlearn:-:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/polarnl/PolarLearn/security/advisories/GHSA-9vx4-7ww7-4cf5", "source": "security-advisories@github.com", "tags": ["Vendor Advisory"]}], "published": "2026-04-07T20:16:28.773", "last_modified": "2026-04-14T18:44:29.327", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00046, "epss_percentile": 0.1397, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1078", "name": "Valid Accounts", "tactic": "Initial Access"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27140", "description": "SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": [], "affected_products": [], "references": [{"url": "https://go.dev/cl/763768", "source": "security@golang.org", "tags": []}, {"url": "https://go.dev/issue/78335", "source": "security@golang.org", "tags": []}, {"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "source": "security@golang.org", "tags": []}, {"url": "https://pkg.go.dev/vuln/GO-2026-4871", "source": "security@golang.org", "tags": []}], "published": "2026-04-08T02:16:02.887", "last_modified": "2026-04-13T14:16:10.200", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0002, "epss_percentile": 0.05329, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39475", "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Syed Balkhi User Feedback userfeedback-lite allows Blind SQL Injection.This issue affects User Feedback: from n/a through <= 1.10.1.", "cvss_score": 8.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-89"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/userfeedback-lite/vulnerability/wordpress-user-feedback-plugin-1-10-1-sql-injection-vulnerability-2?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:22.257", "last_modified": "2026-04-14T15:16:34.413", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00028, "epss_percentile": 0.0774, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 25.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5858", "description": "Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-122"], "affected_products": [{"vendor": "google", "product": "chrome", "cpe": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html", "source": "chrome-cve-admin@google.com", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://issues.chromium.org/issues/493319454", "source": "chrome-cve-admin@google.com", "tags": ["Permissions Required"]}], "published": "2026-04-08T22:16:25.253", "last_modified": "2026-04-13T17:24:19.943", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00081, "epss_percentile": 0.23761, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5859", "description": "Integer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-472"], "affected_products": [{"vendor": "google", "product": "chrome", "cpe": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html", "source": "chrome-cve-admin@google.com", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://issues.chromium.org/issues/494158331", "source": "chrome-cve-admin@google.com", "tags": ["Permissions Required"]}], "published": "2026-04-08T22:16:25.383", "last_modified": "2026-04-13T17:23:57.670", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0008, "epss_percentile": 0.23523, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5860", "description": "Use after free in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-416"], "affected_products": [{"vendor": "google", "product": "chrome", "cpe": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html", "source": "chrome-cve-admin@google.com", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://issues.chromium.org/issues/486495143", "source": "chrome-cve-admin@google.com", "tags": ["Permissions Required"]}], "published": "2026-04-08T22:16:25.497", "last_modified": "2026-04-13T17:23:41.910", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00123, "epss_percentile": 0.314, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5861", "description": "Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-416"], "affected_products": [{"vendor": "google", "product": "chrome", "cpe": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html", "source": "chrome-cve-admin@google.com", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://issues.chromium.org/issues/486927780", "source": "chrome-cve-admin@google.com", "tags": ["Permissions Required"]}], "published": "2026-04-08T22:16:25.610", "last_modified": "2026-04-13T17:23:28.143", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00139, "epss_percentile": 0.33982, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5862", "description": "Inappropriate implementation in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": [], "affected_products": [{"vendor": "google", "product": "chrome", "cpe": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html", "source": "chrome-cve-admin@google.com", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://issues.chromium.org/issues/470566252", "source": "chrome-cve-admin@google.com", "tags": ["Permissions Required"]}], "published": "2026-04-08T22:16:25.720", "last_modified": "2026-04-13T17:23:10.410", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00102, "epss_percentile": 0.28011, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5863", "description": "Inappropriate implementation in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": [], "affected_products": [{"vendor": "google", "product": "chrome", "cpe": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html", "source": "chrome-cve-admin@google.com", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://issues.chromium.org/issues/484527367", "source": "chrome-cve-admin@google.com", "tags": ["Permissions Required"]}], "published": "2026-04-08T22:16:25.817", "last_modified": "2026-04-13T17:23:00.400", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00102, "epss_percentile": 0.28011, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5865", "description": "Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-843"], "affected_products": [{"vendor": "google", "product": "chrome", "cpe": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html", "source": "chrome-cve-admin@google.com", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://issues.chromium.org/issues/491884710", "source": "chrome-cve-admin@google.com", "tags": ["Permissions Required"]}], "published": "2026-04-08T22:16:26.017", "last_modified": "2026-04-13T17:21:24.000", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00104, "epss_percentile": 0.28292, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5866", "description": "Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-416", "CWE-416"], "affected_products": [{"vendor": "google", "product": "chrome", "cpe": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html", "source": "chrome-cve-admin@google.com", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://issues.chromium.org/issues/492218537", "source": "chrome-cve-admin@google.com", "tags": ["Permissions Required"]}], "published": "2026-04-08T22:16:26.130", "last_modified": "2026-04-13T17:20:46.547", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00139, "epss_percentile": 0.33982, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5868", "description": "Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-122"], "affected_products": [{"vendor": "google", "product": "chrome", "cpe": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html", "source": "chrome-cve-admin@google.com", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://issues.chromium.org/issues/493256564", "source": "chrome-cve-admin@google.com", "tags": ["Permissions Required"]}], "published": "2026-04-08T22:16:26.360", "last_modified": "2026-04-13T18:10:29.863", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00091, "epss_percentile": 0.2565, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5870", "description": "Integer overflow in Skia in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-472", "CWE-190"], "affected_products": [{"vendor": "google", "product": "chrome", "cpe": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html", "source": "chrome-cve-admin@google.com", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://issues.chromium.org/issues/495534710", "source": "chrome-cve-admin@google.com", "tags": ["Permissions Required"]}], "published": "2026-04-08T22:16:26.580", "last_modified": "2026-04-13T18:08:33.457", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00102, "epss_percentile": 0.28011, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5871", "description": "Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-843"], "affected_products": [{"vendor": "google", "product": "chrome", "cpe": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html", "source": "chrome-cve-admin@google.com", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://issues.chromium.org/issues/495679730", "source": "chrome-cve-admin@google.com", "tags": ["Permissions Required"]}], "published": "2026-04-08T22:16:26.690", "last_modified": "2026-04-13T16:18:53.350", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00104, "epss_percentile": 0.28292, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5872", "description": "Use after free in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-416"], "affected_products": [{"vendor": "google", "product": "chrome", "cpe": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html", "source": "chrome-cve-admin@google.com", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://issues.chromium.org/issues/496281816", "source": "chrome-cve-admin@google.com", "tags": ["Permissions Required"]}], "published": "2026-04-08T22:16:26.800", "last_modified": "2026-04-13T18:06:34.253", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00139, "epss_percentile": 0.33982, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5873", "description": "Out of bounds read and write in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-125", "CWE-787"], "affected_products": [{"vendor": "google", "product": "chrome", "cpe": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html", "source": "chrome-cve-admin@google.com", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://issues.chromium.org/issues/496301615", "source": "chrome-cve-admin@google.com", "tags": ["Permissions Required"]}], "published": "2026-04-08T22:16:26.907", "last_modified": "2026-04-13T18:06:13.463", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00102, "epss_percentile": 0.28011, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5877", "description": "Use after free in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-416", "CWE-416"], "affected_products": [{"vendor": "google", "product": "chrome", "cpe": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html", "source": "chrome-cve-admin@google.com", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://issues.chromium.org/issues/333024273", "source": "chrome-cve-admin@google.com", "tags": ["Permissions Required"]}], "published": "2026-04-08T22:16:27.323", "last_modified": "2026-04-14T20:02:13.440", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00086, "epss_percentile": 0.24844, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5879", "description": "Insufficient validation of untrusted input in ANGLE in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-20"], "affected_products": [{"vendor": "google", "product": "chrome", "cpe": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html", "source": "chrome-cve-admin@google.com", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://issues.chromium.org/issues/40073848", "source": "chrome-cve-admin@google.com", "tags": ["Permissions Required"]}], "published": "2026-04-08T22:16:27.537", "last_modified": "2026-04-13T17:40:13.463", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00148, "epss_percentile": 0.35264, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5884", "description": "Insufficient validation of untrusted input in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-20"], "affected_products": [{"vendor": "google", "product": "chrome", "cpe": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html", "source": "chrome-cve-admin@google.com", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://issues.chromium.org/issues/484547633", "source": "chrome-cve-admin@google.com", "tags": ["Issue Tracking", "Permissions Required"]}], "published": "2026-04-08T22:16:28.050", "last_modified": "2026-04-13T21:19:48.020", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00138, "epss_percentile": 0.33559, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5904", "description": "Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Low)", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-416", "CWE-416"], "affected_products": [{"vendor": "google", "product": "chrome", "cpe": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html", "source": "chrome-cve-admin@google.com", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://issues.chromium.org/issues/483851888", "source": "chrome-cve-admin@google.com", "tags": ["Issue Tracking", "Permissions Required"]}], "published": "2026-04-08T22:16:30.287", "last_modified": "2026-04-13T21:13:50.300", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00029, "epss_percentile": 0.08202, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5908", "description": "Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: Low)", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-472", "CWE-472"], "affected_products": [{"vendor": "google", "product": "chrome", "cpe": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html", "source": "chrome-cve-admin@google.com", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://issues.chromium.org/issues/485115554", "source": "chrome-cve-admin@google.com", "tags": ["Permissions Required"]}], "published": "2026-04-08T22:16:30.677", "last_modified": "2026-04-14T14:11:43.907", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00073, "epss_percentile": 0.22161, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5909", "description": "Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: Low)", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-472", "CWE-472"], "affected_products": [{"vendor": "google", "product": "chrome", "cpe": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html", "source": "chrome-cve-admin@google.com", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://issues.chromium.org/issues/485203821", "source": "chrome-cve-admin@google.com", "tags": ["Permissions Required"]}], "published": "2026-04-08T22:16:30.790", "last_modified": "2026-04-14T14:45:45.227", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00073, "epss_percentile": 0.22161, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5910", "description": "Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: Low)", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-472", "CWE-472"], "affected_products": [{"vendor": "google", "product": "chrome", "cpe": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html", "source": "chrome-cve-admin@google.com", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://issues.chromium.org/issues/485212874", "source": "chrome-cve-admin@google.com", "tags": ["Permissions Required"]}], "published": "2026-04-08T22:16:30.900", "last_modified": "2026-04-14T14:44:54.290", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00073, "epss_percentile": 0.22161, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5912", "description": "Integer overflow in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Low)", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-472", "CWE-472"], "affected_products": [{"vendor": "google", "product": "chrome", "cpe": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html", "source": "chrome-cve-admin@google.com", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://issues.chromium.org/issues/486498791", "source": "chrome-cve-admin@google.com", "tags": ["Permissions Required"]}], "published": "2026-04-08T22:16:31.110", "last_modified": "2026-04-14T14:44:17.467", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00085, "epss_percentile": 0.24572, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5914", "description": "Type Confusion in CSS in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Low)", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-843", "CWE-843"], "affected_products": [{"vendor": "google", "product": "chrome", "cpe": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html", "source": "chrome-cve-admin@google.com", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://issues.chromium.org/issues/490023239", "source": "chrome-cve-admin@google.com", "tags": ["Permissions Required"]}], "published": "2026-04-08T22:16:31.343", "last_modified": "2026-04-14T14:09:47.780", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00019, "epss_percentile": 0.04817, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5173", "description": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to invoke unintended server-side methods through websocket connections due to improper access control.", "cvss_score": 8.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-749"], "affected_products": [], "references": [{"url": "https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/", "source": "cve@gitlab.com", "tags": []}, {"url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/588959", "source": "cve@gitlab.com", "tags": []}], "published": "2026-04-08T23:17:00.220", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00021, "epss_percentile": 0.05717, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 25.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5815", "description": "A vulnerability was detected in D-Link DIR-645 1.01/1.02/1.03. Impacted is the function hedwigcgi_main of the file /cgi-bin/hedwig.cgi. The manipulation results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-119", "CWE-121"], "affected_products": [], "references": [{"url": "https://github.com/Pers1st0/CVE/blob/main/stack-based%20buffer%20overflow%20vulnerability%20exists%20in%20the%20hedwig.cgi%20of%20D-Link%20DIR-645.md", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/Pers1st0/CVE/blob/main/stack-based%20buffer%20overflow%20vulnerability%20exists%20in%20the%20hedwig.cgi%20of%20D-Link%20DIR-645.md#poc", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/788298", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356263", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356263/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.dlink.com/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-09T00:16:20.863", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00094, "epss_percentile": 0.2623, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4326", "description": "The Vertex Addons for Elementor plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. This is due to improper authorization enforcement in the activate_required_plugins() function. Specifically, the current_user_can('install_plugins') capability check does not terminate execution when it fails — it only sets an error message variable while allowing the plugin installation and activation code to execute. The error response is only sent after the installation and activation have already completed. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install and activate arbitrary plugins from the WordPress.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://plugins.trac.wordpress.org/browser/addons-for-elementor-builder/tags/1.6.4/app/Ajax.php#L229", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/addons-for-elementor-builder/tags/1.6.4/app/Ajax.php#L232", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/addons-for-elementor-builder/tags/1.6.4/app/Ajax.php#L264", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/addons-for-elementor-builder/tags/1.6.4/app/Ajax.php#L278", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/addons-for-elementor-builder/trunk/app/Ajax.php#L229", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/addons-for-elementor-builder/trunk/app/Ajax.php#L232", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/addons-for-elementor-builder/trunk/app/Ajax.php#L264", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/addons-for-elementor-builder/trunk/app/Ajax.php#L278", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3491143%40addons-for-elementor-builder&new=3491143%40addons-for-elementor-builder&sfp_email=&sfph_mail=", "source": "security@wordfence.com", "tags": []}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1bb409f0-ccbd-4dfa-b097-b29ee539daa3?source=cve", "source": "security@wordfence.com", "tags": []}], "published": "2026-04-09T02:16:16.530", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00084, "epss_percentile": 0.24414, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5830", "description": "A vulnerability was identified in Tenda AC15 15.03.05.18. This affects the function websGetVar of the file /goform/SysToolChangePwd. Such manipulation of the argument oldPwd/newPwd/cfmPwd leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-119", "CWE-121"], "affected_products": [], "references": [{"url": "https://files.catbox.moe/xrk8jb.zip", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/789178", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356277", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356277/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.tenda.com.cn/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-09T02:16:17.920", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00046, "epss_percentile": 0.14172, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-70810", "description": "Cross Site Request Forgery vulnerability in Phpbb phbb3 v.3.3.15 allows a local attacker to execute arbitrary code via the login function and the authentication mechanism", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-352"], "affected_products": [], "references": [{"url": "https://gist.github.com/ariefibis/80e306765c23d6fac1584dbb76822e30", "source": "cve@mitre.org", "tags": []}, {"url": "https://github.com/ariefibis", "source": "cve@mitre.org", "tags": []}, {"url": "https://www.linkedin.com/in/mohammed-a-6a2548112/", "source": "cve@mitre.org", "tags": []}, {"url": "https://gist.github.com/ariefibis/80e306765c23d6fac1584dbb76822e30", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": []}], "published": "2026-04-09T15:16:09.037", "last_modified": "2026-04-14T17:16:27.000", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00038, "epss_percentile": 0.11375, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-70364", "description": "An issue was discovered in Kiamo before 8.4 allowing authenticated administrative attackers to execute arbitrary PHP code on the server.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-94"], "affected_products": [], "references": [{"url": "http://kiamo.com", "source": "cve@mitre.org", "tags": []}, {"url": "https://github.com/hackvens/blog.hackvens.fr/blob/main/_posts/advisories/2025-12-23-CVE-2025-70364-Kiamo.md", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-09T16:16:25.573", "last_modified": "2026-04-14T17:16:26.810", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00018, "epss_percentile": 0.04749, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39942", "description": "Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, the PATCH /files/{id} endpoint accepts a user-controlled filename_disk parameter. By setting this value to match the storage path of another user's file, an attacker can overwrite that file's content while manipulating metadata fields such as uploaded_by to obscure the tampering. This vulnerability is fixed in 11.17.0.", "cvss_score": 8.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-284", "CWE-639"], "affected_products": [{"vendor": "monospace", "product": "directus", "cpe": "cpe:2.3:a:monospace:directus:*:*:*:*:*:node.js:*:*"}], "references": [{"url": "https://github.com/directus/directus/releases/tag/v11.17.0", "source": "security-advisories@github.com", "tags": ["Product", "Release Notes"]}, {"url": "https://github.com/directus/directus/security/advisories/GHSA-393c-p46r-7c95", "source": "security-advisories@github.com", "tags": ["Mitigation", "Vendor Advisory"]}], "published": "2026-04-09T17:16:29.813", "last_modified": "2026-04-14T17:36:25.930", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00025, "epss_percentile": 0.06878, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 25.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39974", "description": "n8n-MCP is a Model Context Protocol (MCP) server that provides AI assistants with comprehensive access to n8n node documentation, properties, and operations. Prior to 2.47.4, an authenticated Server-Side Request Forgery in n8n-mcp allows a caller holding a valid AUTH_TOKEN to cause the server to issue HTTP requests to arbitrary URLs supplied through multi-tenant HTTP headers. Response bodies are reflected back through JSON-RPC, so an attacker can read the contents of any URL the server can reach — including cloud instance metadata endpoints (AWS IMDS, GCP, Azure, Alibaba, Oracle), internal network services, and any other host the server process has network access to. The primary at-risk deployments are multi-tenant HTTP installations where more than one operator can present a valid AUTH_TOKEN, or where a token is shared with less-trusted clients. Single-tenant stdio deployments and HTTP deployments without multi-tenant headers are not affected. This vulnerability is fixed in 2.47.4.", "cvss_score": 8.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-918"], "affected_products": [], "references": [{"url": "https://github.com/czlonkowski/n8n-mcp/commit/d9d847f230923d96e0857ccecf3a4dedcc9b0096", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/czlonkowski/n8n-mcp/releases/tag/v2.47.4", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/czlonkowski/n8n-mcp/security/advisories/GHSA-4ggg-h7ph-26qr", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-09T17:16:30.933", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00027, "epss_percentile": 0.07386, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1090", "name": "Proxy", "tactic": "Command and Control"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 25.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-30478", "description": "A Dynamic-link Library Injection vulnerability in GatewayGeo MapServer for Windows version 5 allows attackers to escalate privileges via a crafted executable.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-427"], "affected_products": [], "references": [{"url": "https://github.com/penjaminTester/Research/tree/main/CVE-2026-30478", "source": "cve@mitre.org", "tags": []}, {"url": "https://ms4w.com", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-09T18:16:58.847", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00013, "epss_percentile": 0.02065, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39911", "description": "Hashgraph Guardian through version 3.5.0 contains an unsandboxed JavaScript execution vulnerability in the Custom Logic policy block worker that allows authenticated Standard Registry users to execute arbitrary code by passing user-supplied JavaScript expressions directly to the Node.js Function() constructor without isolation. Attackers can import native Node.js modules to read arbitrary files from the container filesystem, access process environment variables containing sensitive credentials such as RSA private keys, JWT signing keys, and API tokens, and forge valid authentication tokens for any user including administrators.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-668"], "affected_products": [], "references": [{"url": "https://github.com/hashgraph/guardian/pull/5929", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/hashgraph-guardian-unsandboxed-javascript-execution-rce", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-09T18:17:01.870", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0012, "epss_percentile": 0.30913, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39981", "description": "AGiXT is a dynamic AI Agent Automation Platform. Prior to 1.9.2, the safe_join() function in the essential_abilities extension fails to validate that resolved file paths remain within the designated agent workspace. An authenticated attacker can use directory traversal sequences to read, write, or delete arbitrary files on the server hosting the AGiXT instance. This vulnerability is fixed in 1.9.2.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-22"], "affected_products": [], "references": [{"url": "https://github.com/Josh-XT/AGiXT/commit/2079ea5a88fa671a921bf0b5eba887a5a1b73d5f", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/Josh-XT/AGiXT/releases/tag/v1.9.2", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/Josh-XT/AGiXT/security/advisories/GHSA-5gfj-64gh-mgmw", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-09T18:17:02.350", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00482, "epss_percentile": 0.65151, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1083", "name": "File and Directory Discovery", "tactic": "Discovery"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39983", "description": "basic-ftp is an FTP client for Node.js. Prior to 5.2.1, basic-ftp allows FTP command injection via CRLF sequences (\\r\\n) in file path parameters passed to high-level path APIs such as cd(), remove(), rename(), uploadFrom(), downloadTo(), list(), and removeDir(). The library's protectWhitespace() helper only handles leading spaces and returns other paths unchanged, while FtpContext.send() writes the resulting command string directly to the control socket with \\r\\n appended. This lets attacker-controlled path strings split one intended FTP command into multiple commands. This vulnerability is fixed in 5.2.1.", "cvss_score": 8.6, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-93"], "affected_products": [{"vendor": "patrickjuchli", "product": "basic-ftp", "cpe": "cpe:2.3:a:patrickjuchli:basic-ftp:*:*:*:*:*:node.js:*:*"}], "references": [{"url": "https://github.com/patrickjuchli/basic-ftp/commit/2ecc8e2c500c5234115f06fd1dbde1aa03d70f4b", "source": "security-advisories@github.com", "tags": ["Patch"]}, {"url": "https://github.com/patrickjuchli/basic-ftp/releases/tag/v5.2.1", "source": "security-advisories@github.com", "tags": ["Product", "Release Notes"]}, {"url": "https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q", "source": "security-advisories@github.com", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}, {"url": "https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}], "published": "2026-04-09T18:17:02.503", "last_modified": "2026-04-14T20:07:51.800", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0156, "epss_percentile": 0.81482, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 25.8, "exploit_probability": 0.4, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5329", "description": "Rapid7 Velociraptor versions prior to 0.76.2 contain an improper input validation vulnerability in the client monitoring message handler on the Velociraptor server (primarily Linux) that allows an authenticated remote attacker  to write to arbitrary internal server queues via a crafted monitoring message with a malicious queue name. The server handler that receives client monitoring messages does not sufficiently validate the queue name supplied by the client, allowing a rogue client to write arbitrary messages to privileged internal queues. This may lead to remote code execution on the Velociraptor server. Rapid7 Hosted Velociraptor instances are not affected by this vulnerability.", "cvss_score": 8.5, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-20"], "affected_products": [], "references": [{"url": "https://docs.velociraptor.app/announcements/advisories/cve-2026-5329/", "source": "cve@rapid7.com", "tags": []}], "published": "2026-04-09T18:17:04.253", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.002, "epss_percentile": 0.42127, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 25.5, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4436", "description": "A low-privileged remote attacker can send Modbus packets to manipulate \nregister values that are inputs to the odorant injection logic such that\n too much or too little odorant is injected into a gas line.", "cvss_score": 8.6, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-306"], "affected_products": [], "references": [{"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-099-02.json", "source": "ics-cert@hq.dhs.gov", "tags": []}, {"url": "https://lincenergysystems-my.sharepoint.com/:f:/p/h_baer/IgDYaHIhXpyLQJvnKPd6b80TAUgV7Lp8qmVYBFUb0lmr7ak?e=JLeADm", "source": "ics-cert@hq.dhs.gov", "tags": []}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-099-02", "source": "ics-cert@hq.dhs.gov", "tags": []}], "published": "2026-04-09T20:16:27.903", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00048, "epss_percentile": 0.14752, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 25.8, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5979", "description": "A vulnerability was detected in D-Link DIR-605L 2.13B01. Affected by this vulnerability is the function formVirtualServ of the file /goform/formVirtualServ of the component POST Request Handler. The manipulation of the argument curTime results in buffer overflow. The attack can be launched remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-119", "CWE-120"], "affected_products": [], "references": [{"url": "https://lavender-bicycle-a5a.notion.site/D-Link-DIR-605L-formVirtualServ-33153a41781f80b496e1de206077bc7e?source=copy_link", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/791852", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356533", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356533/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.dlink.com/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-09T21:16:13.967", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00045, "epss_percentile": 0.13505, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5980", "description": "A flaw has been found in D-Link DIR-605L 2.13B01. Affected by this issue is the function formSetMACFilter of the file /goform/formSetMACFilter of the component POST Request Handler. This manipulation of the argument curTime causes buffer overflow. The attack may be initiated remotely. The exploit has been published and may be used. This vulnerability only affects products that are no longer supported by the maintainer.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-119", "CWE-120"], "affected_products": [], "references": [{"url": "https://lavender-bicycle-a5a.notion.site/D-Link-DIR-605L-formSetMACFilter-33153a41781f807c8fb4c3a75f7b555e?source=copy_link", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/791853", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356534", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356534/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.dlink.com/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-09T21:16:14.223", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00045, "epss_percentile": 0.13505, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-13914", "description": "A Key Exchange without Entity Authentication vulnerability in the SSH implementation of Juniper Networks Apstra allows a unauthenticated, MITM \n\nattacker to impersonate managed devices.\n\nDue to insufficient SSH host key validation an attacker can perform a machine-in-the-middle attack on the SSH connections from Apstra to managed devices, enabling an attacker to impersonate a managed device and capture user credentials.\n\nThis issue affects all versions of Apstra before 6.1.1.", "cvss_score": 8.7, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-322"], "affected_products": [], "references": [{"url": "https://kb.juniper.net/JSA107862", "source": "sirt@juniper.net", "tags": []}], "published": "2026-04-09T22:16:22.697", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00032, "epss_percentile": 0.09161, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33785", "description": "A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on MX Series allows a local, authenticated user with low privileges to execute specific commands which will lead to a complete compromise of managed devices.\n\nAny user logged in, without requiring specific privileges, can issue 'request csds' CLI operational commands. These commands are only meant to be executed by high privileged or users designated for Juniper Device Manager (JDM) / Connected Security Distributed Services (CSDS) operations as they will impact all aspects of the devices managed via the respective MX.\n\nThis issue affects Junos OS on MX Series:\n\n\n\n  *  24.4 releases before 24.4R2-S3, \n  *  25.2 releases before 25.2R2.\n\n\n\n\nThis issue does not affect Junos OS releases before 24.4.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://kb.juniper.net/JSA107872", "source": "sirt@juniper.net", "tags": []}], "published": "2026-04-09T22:16:27.987", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00012, "epss_percentile": 0.01622, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35638", "description": "OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the Control UI that allows unauthenticated sessions to retain self-declared privileged scopes without device identity verification. Attackers can exploit the device-less allow path in the trusted-proxy mechanism to maintain elevated permissions by declaring arbitrary scopes, bypassing device identity requirements.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-286"], "affected_products": [], "references": [{"url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://github.com/openclaw/openclaw/commit/ccf16cd8892402022439346ae1d23352e3707e9e", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-48vw-m3qc-wr99", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-self-declared-scopes-in-trusted-proxy-control-ui", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-09T22:16:33.123", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00041, "epss_percentile": 0.12308, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35639", "description": "OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the device.pair.approve method that allows an operator.pairing approver to approve pending device requests with broader operator scopes than the approver actually holds. Attackers can exploit insufficient scope validation to escalate privileges to operator.admin and achieve remote code execution on the Node infrastructure.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-648"], "affected_products": [], "references": [{"url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://github.com/openclaw/openclaw/commit/fc2d29ea926f47c428c556e92ec981441228d2a4", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-hf68-49fm-59cq", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-device-pair-approve-scope-validation", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-09T22:16:33.317", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00199, "epss_percentile": 0.41961, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5981", "description": "A vulnerability has been found in D-Link DIR-605L 2.13B01. This affects the function formAdvFirewall of the file /goform/formAdvFirewall of the component POST Request Handler. Such manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-119", "CWE-120"], "affected_products": [], "references": [{"url": "https://lavender-bicycle-a5a.notion.site/D-Link-DIR-605L-formAdvFirewall-33153a41781f80678733f4b12282f3fa?source=copy_link", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/791854", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356535", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356535/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.dlink.com/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-09T22:16:37.233", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00045, "epss_percentile": 0.13505, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5982", "description": "A vulnerability was found in D-Link DIR-605L 2.13B01. This vulnerability affects the function formAdvNetwork of the file /goform/formAdvNetwork of the component POST Request Handler. Performing a manipulation of the argument curTime results in buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-119", "CWE-120"], "affected_products": [], "references": [{"url": "https://lavender-bicycle-a5a.notion.site/D-Link-DIR-605L-formAdvNetwork-33153a41781f80f9a47bd5e073fc00ae?source=copy_link", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/791855", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356536", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356536/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.dlink.com/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-09T22:16:37.467", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00045, "epss_percentile": 0.13505, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5983", "description": "A vulnerability was determined in D-Link DIR-605L 2.13B01. This issue affects the function formSetDDNS of the file /goform/formSetDDNS of the component POST Request Handler. Executing a manipulation of the argument curTime can lead to buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-119", "CWE-120"], "affected_products": [], "references": [{"url": "https://lavender-bicycle-a5a.notion.site/D-Link-DIR-605L-formSetDDNS-33153a41781f802f9997f48dc9cf6304?source=copy_link", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/791856", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356537", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356537/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.dlink.com/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-09T22:16:37.663", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00045, "epss_percentile": 0.13505, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5984", "description": "A vulnerability was identified in D-Link DIR-605L 2.13B01. Impacted is the function formSetLog of the file /goform/formSetLog of the component POST Request Handler. The manipulation of the argument curTime leads to buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-119", "CWE-120"], "affected_products": [], "references": [{"url": "https://lavender-bicycle-a5a.notion.site/D-Link-DIR-605L-formSetLog-33153a41781f8038bbbcc04073d7875b?source=copy_link", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/791857", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356538", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356538/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.dlink.com/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-09T22:16:37.873", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00019, "epss_percentile": 0.0481, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5988", "description": "A vulnerability was detected in Tenda F451 1.0.0.7. This impacts the function formWrlsafeset of the file /goform/AdvSetWrlsafeset. Performing a manipulation of the argument mit_ssid results in stack-based buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-119", "CWE-121"], "affected_products": [], "references": [{"url": "https://github.com/Jimi-Lab/cve/issues/4", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/792857", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356542", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356542/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.tenda.com.cn/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-09T23:17:02.343", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00046, "epss_percentile": 0.14172, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5989", "description": "A flaw has been found in Tenda F451 1.0.0.7. Affected is the function fromRouteStatic of the file /goform/RouteStatic. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and may be used.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-119", "CWE-121"], "affected_products": [], "references": [{"url": "https://github.com/Jimi-Lab/cve/issues/5", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/792858", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356543", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356543/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.tenda.com.cn/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-10T00:16:36.170", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00046, "epss_percentile": 0.14172, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5990", "description": "A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this vulnerability is the function fromSafeEmailFilter of the file /goform/SafeEmailFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-119", "CWE-121"], "affected_products": [], "references": [{"url": "https://github.com/Jimi-Lab/cve/issues/8", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/792861", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356544", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356544/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.tenda.com.cn/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-10T00:16:36.363", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00046, "epss_percentile": 0.14172, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5991", "description": "A vulnerability was found in Tenda F451 1.0.0.7. Affected by this issue is the function formWrlExtraSet of the file /goform/WrlExtraSet. The manipulation of the argument GO results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been made public and could be used.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-119", "CWE-121"], "affected_products": [], "references": [{"url": "https://github.com/Jimi-Lab/cve/issues/9", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/792862", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356545", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356545/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.tenda.com.cn/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-10T00:16:36.557", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00046, "epss_percentile": 0.14172, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5992", "description": "A vulnerability was determined in Tenda F451 1.0.0.7. This affects the function fromP2pListFilter of the file /goform/P2pListFilter. This manipulation of the argument page causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-119", "CWE-121"], "affected_products": [], "references": [{"url": "https://github.com/Jimi-Lab/cve/issues/10", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/792863", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356546", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356546/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.tenda.com.cn/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-10T00:16:36.750", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00046, "epss_percentile": 0.14172, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6012", "description": "A security vulnerability has been detected in D-Link DIR-513 1.10. This affects the function formSetPassword of the file /goform/formSetPassword of the component POST Request Handler. The manipulation of the argument curTime leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. This vulnerability only affects products that are no longer supported by the maintainer.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-119", "CWE-120"], "affected_products": [], "references": [{"url": "https://lavender-bicycle-a5a.notion.site/D-Link-DIR-513-formSetPassword-33153a41781f806e9a3cf63a5a9091ac?source=copy_link", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/791858", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356568", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356568/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.dlink.com/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-10T05:16:07.027", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00045, "epss_percentile": 0.13505, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6013", "description": "A vulnerability was detected in D-Link DIR-513 1.10. This vulnerability affects the function formSetRoute of the file /goform/formSetRoute of the component POST Request Handler. The manipulation of the argument curTime results in buffer overflow. The attack may be performed from remote. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-119", "CWE-120"], "affected_products": [], "references": [{"url": "https://lavender-bicycle-a5a.notion.site/D-Link-DIR-513-formSetRoute-33153a41781f80f7aed1d3614c199d85?source=copy_link", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/791859", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356569", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356569/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.dlink.com/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-10T05:16:07.303", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00045, "epss_percentile": 0.13505, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6014", "description": "A flaw has been found in D-Link DIR-513 1.10. This issue affects the function formAdvanceSetup of the file /goform/formAdvanceSetup of the component POST Request Handler. This manipulation of the argument webpage causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been published and may be used. This vulnerability only affects products that are no longer supported by the maintainer.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-119", "CWE-120"], "affected_products": [], "references": [{"url": "https://lavender-bicycle-a5a.notion.site/D-Link-DIR-513-formAdvanceSetup-33153a41781f80829d47ec9b86dd8abf?source=copy_link", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/791860", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356570", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356570/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.dlink.com/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-10T05:16:07.510", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00045, "epss_percentile": 0.13505, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6015", "description": "A vulnerability has been found in Tenda AC9 15.03.02.13. Impacted is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. Such manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-119", "CWE-121"], "affected_products": [], "references": [{"url": "https://lavender-bicycle-a5a.notion.site/Tenda-AC9-QuickIndex-33153a41781f80458940f212f150a4fb?source=copy_link", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/791828", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356571", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356571/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.tenda.com.cn/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-10T06:16:06.510", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00046, "epss_percentile": 0.14172, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6016", "description": "A vulnerability was found in Tenda AC9 15.03.02.13. The affected element is the function decodePwd of the file /goform/WizardHandle of the component POST Request Handler. Performing a manipulation of the argument WANS results in stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made public and could be used.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-119", "CWE-121"], "affected_products": [], "references": [{"url": "https://lavender-bicycle-a5a.notion.site/Tenda-AC9-WizardHandle-33153a41781f808480f9e3b78ce438e0?source=copy_link", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/791829", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356572", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356572/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.tenda.com.cn/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-10T06:16:06.780", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00046, "epss_percentile": 0.14172, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40217", "description": "LiteLLM through 2026-04-08 allows remote attackers to execute arbitrary code via bytecode rewriting at the /guardrails/test_custom_code URI.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-420"], "affected_products": [], "references": [{"url": "https://www.x41-dsec.de/lab/advisories/x41-2026-001-litellm/", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-10T14:16:36.307", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00188, "epss_percentile": 0.40669, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-23780", "description": "An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A SQL injection vulnerability in the MFT API's debug interface allows an authenticated attacker to inject malicious queries due to improper input validation and unsafe dynamic SQL handling. Successful exploitation can enable arbitrary file read/write operations and potentially lead to remote code execution.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-89"], "affected_products": [], "references": [{"url": "https://docs.bmc.com/xwiki/bin/view/Control-M-Orchestration/Control-M/ctm9022/Patches/Control-M-MFT-PAAFP-9-0-22-025/", "source": "cve@mitre.org", "tags": []}, {"url": "https://www.bmc.com/support/resources/issue-defect-management.html", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-10T15:16:23.083", "last_modified": "2026-04-14T15:16:26.000", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00042, "epss_percentile": 0.12773, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35643", "description": "OpenClaw before 2026.3.22 contains an unvalidated WebView JavascriptInterface vulnerability allowing attackers to inject arbitrary instructions. Untrusted pages can invoke the canvas bridge to execute malicious code within the Android application context.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-940"], "affected_products": [{"vendor": "openclaw", "product": "openclaw", "cpe": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*"}], "references": [{"url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87", "source": "disclosure@vulncheck.com", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/commit/8b02ef133275be96d8aac2283100016c8a7f32e5", "source": "disclosure@vulncheck.com", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-cxmw-p77q-wchg", "source": "disclosure@vulncheck.com", "tags": ["Vendor Advisory"]}, {"url": "https://www.vulncheck.com/advisories/openclaw-arbitrary-code-execution-via-unvalidated-webview-javascriptinterface", "source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"]}], "published": "2026-04-10T17:17:04.887", "last_modified": "2026-04-13T19:59:22.613", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00039, "epss_percentile": 0.11446, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35663", "description": "OpenClaw before 2026.3.25 contains a privilege escalation vulnerability allowing non-admin operators to self-request broader scopes during backend reconnect. Attackers can bypass pairing requirements to reconnect as operator.admin, gaining unauthorized administrative privileges.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-648"], "affected_products": [{"vendor": "openclaw", "product": "openclaw", "cpe": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*"}], "references": [{"url": "https://github.com/openclaw/openclaw/commit/d3d8e316bd819d3c7e34253aeb7eccb2510f5f48", "source": "disclosure@vulncheck.com", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-9hjh-fr4f-gxc4", "source": "disclosure@vulncheck.com", "tags": ["Vendor Advisory"]}, {"url": "https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-backend-reconnect-scope-self-claim", "source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"]}], "published": "2026-04-10T17:17:08.047", "last_modified": "2026-04-13T20:39:05.993", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00039, "epss_percentile": 0.11579, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35666", "description": "OpenClaw before 2026.3.22 contains an allowlist bypass vulnerability in system.run approvals that fails to unwrap /usr/bin/time wrappers. Attackers can bypass executable binding restrictions by using an unregistered time wrapper to reuse approval state for inner commands.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-706"], "affected_products": [{"vendor": "openclaw", "product": "openclaw", "cpe": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*"}], "references": [{"url": "https://github.com/openclaw/openclaw/commit/39409b6a6dd4239deea682e626bac9ba547bfb14", "source": "disclosure@vulncheck.com", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87", "source": "disclosure@vulncheck.com", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-qm9x-v7cx-7rq4", "source": "disclosure@vulncheck.com", "tags": ["Vendor Advisory"]}, {"url": "https://www.vulncheck.com/advisories/openclaw-allowlist-bypass-via-unregistered-time-dispatch-wrapper", "source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"]}], "published": "2026-04-10T17:17:08.680", "last_modified": "2026-04-13T20:42:58.517", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00046, "epss_percentile": 0.13914, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35669", "description": "OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in gateway-authenticated plugin HTTP routes that incorrectly mint operator.admin runtime scope regardless of caller-granted scopes. Attackers can exploit this scope boundary bypass to gain elevated privileges and perform unauthorized administrative actions.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-648"], "affected_products": [{"vendor": "openclaw", "product": "openclaw", "cpe": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*"}], "references": [{"url": "https://github.com/openclaw/openclaw/commit/ec2dbcff9afd8a52e00de054b506c91726d9fbbe", "source": "disclosure@vulncheck.com", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-qm2m-28pf-hgjw", "source": "disclosure@vulncheck.com", "tags": ["Vendor Advisory"]}, {"url": "https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-gateway-plugin-http-authentication-scope", "source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"]}], "published": "2026-04-10T17:17:09.240", "last_modified": "2026-04-13T21:06:24.390", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00039, "epss_percentile": 0.11579, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40158", "description": "PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI's AST-based Python sandbox can be bypassed using type.__getattribute__ trampoline, allowing arbitrary code execution when running untrusted agent code. The _execute_code_direct function in praisonaiagents/tools/python_tools.py uses AST filtering to block dangerous Python attributes like __subclasses__, __globals__, and __bases__. However, the filter only checks ast.Attribute nodes, allowing a bypass. The sandbox relies on AST-based filtering of attribute access but fails to account for dynamic attribute resolution via built-in methods such as type.getattribute, resulting in incomplete enforcement of security restrictions. The string '__subclasses__' is an ast.Constant, not an ast.Attribute, so it is never checked against the blocked list. This vulnerability is fixed in 4.5.128.", "cvss_score": 8.6, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-94", "CWE-693"], "affected_products": [], "references": [{"url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-3c4r-6p77-xwr7", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-10T17:17:13.603", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00031, "epss_percentile": 0.08603, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 25.8, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5483", "description": "A flaw was found in odh-dashboard in Red Hat Openshift AI. This vulnerability in the `odh-dashboard` component of Red Hat OpenShift AI (RHOAI) allows for the disclosure of Kubernetes Service Account tokens through a NodeJS endpoint. This could enable an attacker to gain unauthorized access to Kubernetes resources.", "cvss_score": 8.5, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-201"], "affected_products": [], "references": [{"url": "https://access.redhat.com/errata/RHSA-2026:7397", "source": "secalert@redhat.com", "tags": []}, {"url": "https://access.redhat.com/errata/RHSA-2026:7398", "source": "secalert@redhat.com", "tags": []}, {"url": "https://access.redhat.com/errata/RHSA-2026:7403", "source": "secalert@redhat.com", "tags": []}, {"url": "https://access.redhat.com/errata/RHSA-2026:7404", "source": "secalert@redhat.com", "tags": []}, {"url": "https://access.redhat.com/security/cve/CVE-2026-5483", "source": "secalert@redhat.com", "tags": []}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454764", "source": "secalert@redhat.com", "tags": []}], "published": "2026-04-10T18:16:46.567", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00064, "epss_percentile": 0.19689, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 25.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33618", "description": "Chamilo LMS is a learning management system. Prior to .0.0-RC.3, the PlatformConfigurationController::decodeSettingArray() method uses PHP's eval() to parse platform settings from the database. An attacker with admin access (obtainable via Advisory 1) can inject arbitrary PHP code into the settings, which is then executed when any user (including unauthenticated) requests /platform-config/list. This vulnerability is fixed in 2.0.0-RC.3.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-95"], "affected_products": [], "references": [{"url": "https://github.com/chamilo/chamilo-lms/commit/f2c382c94a3f153a4d7e5ce5686c5a219fd09b3b", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-hp4w-jmwc-pg7w", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-10T19:16:22.853", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00047, "epss_percentile": 0.14458, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5144", "description": "The BuddyPress Groupblog plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.3. This is due to the group blog settings handler accepting the `groupblog-blogid`, `default-member`, and `groupblog-silent-add` parameters from user input without proper authorization checks. The `groupblog-blogid` parameter allows any group admin (including Subscribers who create their own group) to associate their group with any blog on the Multisite network, including the main site (blog ID 1). The `default-member` parameter accepts any WordPress role, including `administrator`, without validation against a whitelist. When combined with `groupblog-silent-add`, any user who joins the attacker's group is automatically added to the targeted blog with the injected role. This makes it possible for authenticated attackers, with Subscriber-level access and above, to escalate any user (including themselves via a second account) to Administrator on the main site of the Multisite network.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-269"], "affected_products": [], "references": [{"url": "https://github.com/boonebgorges/bp-groupblog/commit/b824593add9e2c53ef4f0d2e0824d4de0785411f", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/bp-groupblog/tags/1.9.3/bp-groupblog.php#L190", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/bp-groupblog/tags/1.9.3/bp-groupblog.php#L220", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/bp-groupblog/tags/1.9.3/bp-groupblog.php#L450", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/bp-groupblog/trunk/bp-groupblog.php#L190", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/bp-groupblog/trunk/bp-groupblog.php#L220", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/bp-groupblog/trunk/bp-groupblog.php#L450", "source": "security@wordfence.com", "tags": []}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8129046a-5aa5-4644-babc-0eca9aa524d2?source=cve", "source": "security@wordfence.com", "tags": []}], "published": "2026-04-11T02:16:02.633", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00049, "epss_percentile": 0.14879, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6120", "description": "A vulnerability was detected in Tenda F451 1.0.0.7. Affected is the function fromDhcpListClient of the file /goform/DhcpListClient of the component httpd. The manipulation of the argument page results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-119", "CWE-121"], "affected_products": [], "references": [{"url": "https://github.com/Jimi-Lab/cve/issues/11", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/792864", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356983", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356983/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.tenda.com.cn/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-12T06:16:22.187", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00046, "epss_percentile": 0.14172, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6121", "description": "A flaw has been found in Tenda F451 1.0.0.7. Affected by this vulnerability is the function WrlclientSet of the file /goform/WrlclientSet of the component httpd. This manipulation of the argument GO causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been published and may be used.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-119", "CWE-121"], "affected_products": [], "references": [{"url": "https://github.com/Jimi-Lab/cve/issues/12", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/792865", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356984", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356984/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.tenda.com.cn/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-12T08:16:36.467", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00046, "epss_percentile": 0.14172, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6122", "description": "A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this issue is the function frmL7ProtForm of the file /goform/L7Prot of the component httpd. Such manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-119", "CWE-121"], "affected_products": [], "references": [{"url": "https://github.com/Jimi-Lab/cve/issues/14", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/792872", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356985", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356985/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.tenda.com.cn/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-12T08:16:37.700", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00046, "epss_percentile": 0.14172, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6123", "description": "A vulnerability was found in Tenda F451 1.0.0.7. This affects the function fromAddressNat of the file /goform/addressNat of the component httpd. Performing a manipulation of the argument entrys results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-119", "CWE-121"], "affected_products": [], "references": [{"url": "https://github.com/Jimi-Lab/cve/issues/15", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/792873", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/792879", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356986", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356986/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.tenda.com.cn/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-12T09:16:17.060", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00088, "epss_percentile": 0.25077, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6124", "description": "A vulnerability was determined in Tenda F451 1.0.0.7. This vulnerability affects the function fromSafeMacFilter of the file /goform/SafeMacFilter of the component httpd. Executing a manipulation of the argument page/menufacturer can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-119", "CWE-121"], "affected_products": [], "references": [{"url": "https://github.com/Jimi-Lab/cve/issues/16", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/792874", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356987", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356987/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.tenda.com.cn/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-12T09:16:18.163", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00046, "epss_percentile": 0.14172, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6133", "description": "A vulnerability was identified in Tenda F451 1.0.0.7_cn_svn7958. This affects the function fromSafeUrlFilter of the file /goform/SafeUrlFilter. Such manipulation of the argument page leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-119", "CWE-121"], "affected_products": [], "references": [{"url": "https://github.com/Jimi-Lab/cve/issues/17", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/792875", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356997", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356997/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.tenda.com.cn/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-12T23:16:26.117", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00046, "epss_percentile": 0.14172, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6134", "description": "A security flaw has been discovered in Tenda F451 1.0.0.7_cn_svn7958. This vulnerability affects the function fromqossetting of the file /goform/qossetting. Performing a manipulation of the argument qos results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-119", "CWE-121"], "affected_products": [], "references": [{"url": "https://github.com/Jimi-Lab/cve/issues/18", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/792876", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356998", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356998/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.tenda.com.cn/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-12T23:16:26.320", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00017, "epss_percentile": 0.04081, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6135", "description": "A weakness has been identified in Tenda F451 1.0.0.7_cn_svn7958. This issue affects the function fromSetIpBind of the file /goform/SetIpBind. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-119", "CWE-121"], "affected_products": [], "references": [{"url": "https://github.com/Jimi-Lab/cve/issues/19", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/792877", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356999", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356999/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.tenda.com.cn/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-13T00:16:20.880", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00046, "epss_percentile": 0.14172, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6136", "description": "A security vulnerability has been detected in Tenda F451 1.0.0.7_cn_svn7958. Impacted is the function frmL7ImForm of the file /goform/L7Im. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-119", "CWE-121"], "affected_products": [], "references": [{"url": "https://github.com/Jimi-Lab/cve/issues/21", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/792880", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357000", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357000/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.tenda.com.cn/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-13T00:16:21.097", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00046, "epss_percentile": 0.14172, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6137", "description": "A vulnerability was detected in Tenda F451 1.0.0.7_cn_svn7958. The affected element is the function fromAdvSetWan of the file /goform/AdvSetWan. The manipulation of the argument wanmode/PPPOEPassword results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be used.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-119", "CWE-121"], "affected_products": [], "references": [{"url": "https://github.com/Jimi-Lab/cve/issues/22", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/792881", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357001", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357001/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.tenda.com.cn/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-13T00:16:21.300", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00046, "epss_percentile": 0.14172, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6157", "description": "A vulnerability was detected in Totolink A800R 4.1.2cu.5137_B20200730. This impacts the function setAppEasyWizardConfig in the library /lib/cste_modules/app.so. The manipulation of the argument apcliSsid results in buffer overflow. The attack can be executed remotely. The exploit is now public and may be used.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-119", "CWE-120"], "affected_products": [], "references": [{"url": "https://github.com/xyh4ck/iot_poc/blob/main/TOTOLINK/A800R/01_Buffer_Overflow_setAppEasyWizardConfig.md", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/793114", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357037", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357037/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.totolink.net/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-13T04:16:16.817", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00077, "epss_percentile": 0.22868, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-3830", "description": "The Product Filter for WooCommerce by WBW WordPress plugin before 3.1.3 does not sanitize and escape a parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks", "cvss_score": 8.6, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-89"], "affected_products": [], "references": [{"url": "https://wpscan.com/vulnerability/768014fd-0403-4182-b19e-3d46c92d8755/", "source": "contact@wpscan.com", "tags": []}], "published": "2026-04-13T07:16:50.270", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00064, "epss_percentile": 0.1989, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 25.8, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5936", "description": "An attacker can control a server-side HTTP request by supplying a crafted URL, causing the server to initiate requests to arbitrary destinations. This behavior may be exploited to probe internal network services, access otherwise unreachable endpoints (e.g., cloud metadata services), or bypass network access controls, potentially leading to sensitive information disclosure and further compromise of the internal environment.", "cvss_score": 8.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-918"], "affected_products": [], "references": [{"url": "https://www.foxit.com/support/security-bulletins.html", "source": "14984358-7092-470d-8f34-ade47a7658a2", "tags": []}], "published": "2026-04-13T07:16:50.710", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00028, "epss_percentile": 0.07905, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1090", "name": "Proxy", "tactic": "Command and Control"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 25.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6168", "description": "A flaw has been found in TOTOLINK A7000R up to 9.1.0u.6115. The affected element is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument ssid5g causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-119", "CWE-121"], "affected_products": [], "references": [{"url": "https://github.com/zhuchan770/vulnerability/blob/main/A7000R/setWiFiEasyGuestCfg/ToToLink%20A7000R%20setWiFiEasyGuestCfg%20338996b67c9780b89829d0ea70058788.md", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/797193", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357056", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357056/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.totolink.net/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-13T07:16:51.283", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00077, "epss_percentile": 0.22868, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35337", "description": "Deserialization of Untrusted Data vulnerability in Apache Storm.\n\nVersions Affected:\nbefore 2.8.6.\n\n\nDescription:\nWhen processing topology credentials submitted via the Nimbus Thrift API, Storm deserializes the base64-encoded TGT blob using ObjectInputStream.readObject() without any class filtering or validation. An authenticated user with topology submission rights could supply a crafted serialized object in the \"TGT\" credential field, leading to remote code execution in both the Nimbus and Worker JVMs.\n\n\nMitigation:\n2.x users should upgrade to 2.8.6.\n\n\nUsers who cannot upgrade immediately should monkey-patch an ObjectInputFilter allow-list to ClientAuthUtils.deserializeKerberosTicket() restricting deserialized classes to javax.security.auth.kerberos.KerberosTicket and its known dependencies. A guide on how to do this is available in the release notes of 2.8.6.\n\nCredit: This issue was discovered by K.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-502"], "affected_products": [], "references": [{"url": "https://storm.apache.org/2026/04/12/storm286-released.html", "source": "security@apache.org", "tags": []}, {"url": "http://www.openwall.com/lists/oss-security/2026/04/12/6", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2026-04-13T10:16:11.610", "last_modified": "2026-04-13T15:17:33.750", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00416, "epss_percentile": 0.61705, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-1462", "description": "A vulnerability in the `TFSMLayer` class of the `keras` package, version 3.13.0, allows attacker-controlled TensorFlow SavedModels to be loaded during deserialization of `.keras` models, even when `safe_mode=True`. This bypasses the security guarantees of `safe_mode` and enables arbitrary attacker-controlled code execution during model inference under the victim's privileges. The issue arises due to the unconditional loading of external SavedModels, serialization of attacker-controlled file paths, and the lack of validation in the `from_config()` method.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-502"], "affected_products": [], "references": [{"url": "https://github.com/keras-team/keras/commit/b6773d3decaef1b05d8e794458e148cb362f163f", "source": "security@huntr.dev", "tags": []}, {"url": "https://huntr.com/bounties/7e78d6f1-6977-4300-b595-e81bdbda331c", "source": "security@huntr.dev", "tags": []}], "published": "2026-04-13T15:17:18.967", "last_modified": "2026-04-13T15:17:18.967", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0006, "epss_percentile": 0.18735, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33858", "description": "Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low.\n\n\nUsers are recommended to upgrade to Apache Airflow 3.2.0, which resolves this issue.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-502"], "affected_products": [], "references": [{"url": "https://github.com/apache/airflow/pull/64148", "source": "security@apache.org", "tags": []}, {"url": "https://lists.apache.org/thread/1npt3o2x81s0gw9tmfcv4n7p1z9hdmy0", "source": "security@apache.org", "tags": []}, {"url": "http://www.openwall.com/lists/oss-security/2026/04/13/7", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2026-04-13T15:17:33.343", "last_modified": "2026-04-13T17:16:28.600", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0007, "epss_percentile": 0.21359, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6186", "description": "A security vulnerability has been detected in UTT HiPER 1200GW up to 2.5.3-170306. This vulnerability affects the function strcpy of the file /goform/formNatStaticMap. The manipulation of the argument NatBind leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-119", "CWE-120"], "affected_products": [], "references": [{"url": "https://github.com/lin-3-start/lin-cve/blob/main/Amao/1.md", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/797304", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357108", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357108/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-13T16:16:35.827", "last_modified": "2026-04-13T16:16:35.827", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00041, "epss_percentile": 0.12348, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6194", "description": "A weakness has been identified in Totolink A3002MU B20211125.1046. Affected by this vulnerability is the function sub_410188 of the file /boafrm/formWlanSetup of the component HTTP Request Handler. This manipulation of the argument wan-url causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-119", "CWE-121"], "affected_products": [], "references": [{"url": "https://github.com/zhuchan770/vulnerability/blob/main/A3002MU/formWlanSetup/ToToLinkA3002MU%20formWlanSetup%20339996b67c9780caafb2d351dfd8a889.md", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/797452", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357116", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357116/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.totolink.net/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-13T18:16:32.107", "last_modified": "2026-04-13T18:16:32.107", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00077, "epss_percentile": 0.22868, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6196", "description": "A vulnerability was detected in Tenda F456 1.0.0.5. This affects the function fromexeCommand of the file /goform/exeCommand. Performing a manipulation of the argument cmdinput results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-119", "CWE-121"], "affected_products": [], "references": [{"url": "https://github.com/Litengzheng/vuldb_new/blob/main/F456/vul_113/README.md", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/797467", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357118", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357118/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.tenda.com.cn/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-13T18:16:32.560", "last_modified": "2026-04-13T18:16:32.560", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00046, "epss_percentile": 0.14172, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40040", "description": "Pachno 1.0.6 contains an unrestricted file upload vulnerability that allows authenticated users to upload arbitrary file types by bypassing ineffective extension filtering to the /uploadfile endpoint. Attackers can upload executable files .php5 scripts to web-accessible directories and execute them to achieve remote code execution on the server.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-434"], "affected_products": [], "references": [{"url": "https://www.vulncheck.com/advisories/pachno-unrestricted-file-upload-remote-code-execution", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5982.php", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-13T19:16:51.617", "last_modified": "2026-04-13T19:16:51.617", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00099, "epss_percentile": 0.2747, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1105", "name": "Ingress Tool Transfer", "tactic": "Command and Control"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6197", "description": "A flaw has been found in Tenda F456 1.0.0.5. This vulnerability affects the function formWrlsafeset of the file /goform/AdvSetWrlsafeset. Executing a manipulation of the argument mit_ssid can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-119", "CWE-121"], "affected_products": [], "references": [{"url": "https://github.com/Litengzheng/vuldb_new/blob/main/F456/vul_114/README.md", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/797468", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357119", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357119/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.tenda.com.cn/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/Litengzheng/vuldb_new/blob/main/F456/vul_114/README.md", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": []}], "published": "2026-04-13T19:16:57.610", "last_modified": "2026-04-13T21:16:31.737", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00046, "epss_percentile": 0.14172, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6198", "description": "A vulnerability has been found in Tenda F456 1.0.0.5. This issue affects the function fromNatStaticSetting of the file /goform/NatStaticSetting. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-119", "CWE-121"], "affected_products": [], "references": [{"url": "https://github.com/Litengzheng/vuldb_new/blob/main/F456/vul_115/README.md", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/797470", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357120", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357120/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.tenda.com.cn/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-13T19:16:57.817", "last_modified": "2026-04-13T19:16:57.817", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00046, "epss_percentile": 0.14172, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6199", "description": "A vulnerability was found in Tenda F456 1.0.0.5. Impacted is the function fromqossetting of the file /goform/qossetting. The manipulation of the argument page results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and could be used.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-119", "CWE-121"], "affected_products": [], "references": [{"url": "https://github.com/Litengzheng/vuldb_new/blob/main/F456/vul_116/README.md", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/797471", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357121", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357121/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.tenda.com.cn/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-13T19:16:58.033", "last_modified": "2026-04-13T19:16:58.033", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00046, "epss_percentile": 0.14172, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6200", "description": "A vulnerability was determined in Tenda F456 1.0.0.5. The affected element is the function formwebtypelibrary of the file /goform/webtypelibrary. This manipulation of the argument menufacturer/Go causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-119", "CWE-121"], "affected_products": [], "references": [{"url": "https://github.com/Litengzheng/vuldb_new/blob/main/F456/vul_117/README.md", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/797472", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357122", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357122/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.tenda.com.cn/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-13T19:16:58.240", "last_modified": "2026-04-13T19:16:58.240", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00046, "epss_percentile": 0.14172, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-25654", "description": "A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3). Affected products do not properly validate user authorization when processing password reset requests. This could allow an authenticated remote attacker to bypass authorization checks, leading to the ability to reset the password of any arbitrary user account.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-639"], "affected_products": [], "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-605717.html", "source": "productcert@siemens.com", "tags": []}], "published": "2026-04-14T09:16:35.150", "last_modified": "2026-04-14T09:16:35.150", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00045, "epss_percentile": 0.13521, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27668", "description": "A vulnerability has been identified in RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) (All versions < V5.8). User Administrators are allowed to administer groups they belong to. This could allow an authenticated User Administrator to escalate their own privileges and grant themselves access to any device group at any access level.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-266"], "affected_products": [], "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-741509.html", "source": "productcert@siemens.com", "tags": []}], "published": "2026-04-14T09:16:35.480", "last_modified": "2026-04-14T09:16:35.480", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00039, "epss_percentile": 0.11602, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-38527", "description": "A Server-Side Request Forgery (SSRF) in the /settings/webhooks/create component of Webkul Krayin CRM v2.2.x allows attackers to scan internal resources via supplying a crafted POST request.", "cvss_score": 8.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-918"], "affected_products": [], "references": [{"url": "https://github.com/TREXNEGRO/Security-Advisories/tree/main/CVE-2026-38527", "source": "cve@mitre.org", "tags": []}, {"url": "https://github.com/krayin/laravel-crm", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-14T16:16:43.270", "last_modified": "2026-04-14T18:17:37.553", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1090", "name": "Proxy", "tactic": "Command and Control"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 25.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-38529", "description": "A Broken Object-Level Authorization (BOLA) in the /Settings/UserController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily reset user passwords and perform a full account takeover via supplying a crafted HTTP request.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-269", "CWE-639"], "affected_products": [], "references": [{"url": "https://github.com/TREXNEGRO/Security-Advisories/tree/main/CVE-2026-38529", "source": "cve@mitre.org", "tags": []}, {"url": "https://github.com/krayin/laravel-crm", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-14T16:16:43.557", "last_modified": "2026-04-14T18:17:37.847", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39815", "description": "A improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiDDoS-F 7.2.1 through 7.2.2 may allow attacker to execute unauthorized code or commands via sending crafted HTTP requests", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-89"], "affected_products": [], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-119", "source": "psirt@fortinet.com", "tags": []}], "published": "2026-04-14T16:16:46.383", "last_modified": "2026-04-14T18:17:39.153", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34622", "description": "Acrobat Reader versions 26.001.21411, 24.001.30360, 24.001.30362 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "cvss_score": 8.6, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-1321"], "affected_products": [], "references": [{"url": "https://helpx.adobe.com/security/products/acrobat/apsb26-44.html", "source": "psirt@adobe.com", "tags": []}], "published": "2026-04-14T17:16:51.110", "last_modified": "2026-04-14T17:16:51.110", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 25.8, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-26167", "description": "Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-362", "CWE-416"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26167", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:16:50.297", "last_modified": "2026-04-14T18:16:50.297", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}, {"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-26178", "description": "Integer size truncation in Windows Advanced Rasterization Platform (WARP) allows an unauthorized attacker to elevate privileges locally.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-190", "CWE-681"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26178", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:16:53.690", "last_modified": "2026-04-14T18:16:53.690", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27928", "description": "Improper input validation in Windows Hello allows an unauthorized attacker to bypass a security feature over a network.", "cvss_score": 8.7, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-20"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27928", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:04.170", "last_modified": "2026-04-14T18:17:04.170", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32157", "description": "Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-416"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32157", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:17.033", "last_modified": "2026-04-14T18:17:17.033", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32171", "description": "Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-522"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32171", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:19.843", "last_modified": "2026-04-14T18:17:19.843", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32225", "description": "Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-693"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32225", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:30.850", "last_modified": "2026-04-14T18:17:30.850", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33120", "description": "Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network.", "cvss_score": 8.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-822"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33120", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:34.420", "last_modified": "2026-04-14T18:17:34.420", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34617", "description": "Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could result in privilege escalation. A low-privileged attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.", "cvss_score": 8.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://helpx.adobe.com/security/products/connect/apsb26-37.html", "source": "psirt@adobe.com", "tags": []}], "published": "2026-04-14T18:17:36.540", "last_modified": "2026-04-14T18:17:36.540", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 26, "ats_level": "LOW", "ats_breakdown": {"severity": 26.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-1943", "description": "Memory safety bugs present in Firefox 135 and Thunderbird 135. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 136 and Thunderbird 136.", "cvss_score": 8.2, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-122"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1869650%2C1938451%2C1940326%2C1944052%2C1944063%2C1947281", "source": "security@mozilla.org", "tags": ["Broken Link"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-14/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-17/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-03-04T14:15:39.260", "last_modified": "2026-04-13T15:16:54.107", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00363, "epss_percentile": 0.58362, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 25, "ats_level": "LOW", "ats_breakdown": {"severity": 24.6, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2024-56181", "description": "A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC IPC BX-21A (All versions < V31.01.07), SIMATIC IPC BX-32A (All versions < V29.01.07), SIMATIC IPC BX-39A (All versions < V29.01.07), SIMATIC IPC BX-59A (All versions < V32.01.04), SIMATIC IPC PX-32A (All versions < V29.01.07), SIMATIC IPC PX-39A (All versions < V29.01.07), SIMATIC IPC PX-39A PRO (All versions < V29.01.07), SIMATIC IPC RC-543A (All versions), SIMATIC IPC RC-543B (All versions < V35.01.12), SIMATIC IPC RW-543A (All versions < V1.1.4), SIMATIC IPC RW-543B (All versions < V35.02.10), SIMATIC IPC127E (All versions < V27.01.11), SIMATIC IPC227E (All versions), SIMATIC IPC227G (All versions < V28.01.14), SIMATIC IPC277E (All versions), SIMATIC IPC277G (All versions < V28.01.14), SIMATIC IPC277G PRO (All versions < V28.01.14), SIMATIC IPC3000 SMART V3 (All versions), SIMATIC IPC327G (All versions < V28.01.14), SIMATIC IPC347G (All versions), SIMATIC IPC377G (All versions < V28.01.14), SIMATIC IPC427E (All versions), SIMATIC IPC477E (All versions), SIMATIC IPC477E PRO (All versions), SIMATIC IPC527G (All versions), SIMATIC IPC627E (All versions < V25.02.15), SIMATIC IPC647E (All versions < V25.02.15), SIMATIC IPC677E (All versions < V25.02.15), SIMATIC IPC847E (All versions < V25.02.15), SIMATIC ITP1000 (All versions). The affected devices have insufficient protection mechanism for the EFI(Extensible Firmware Interface) variables stored on the device. This could allow an authenticated attacker to alter the secure boot configuration without proper authorization by directly communicate with the flash controller.", "cvss_score": 8.2, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-693"], "affected_products": [], "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-216014.html", "source": "productcert@siemens.com", "tags": []}], "published": "2025-03-11T10:15:15.597", "last_modified": "2026-04-14T09:16:34.050", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00012, "epss_percentile": 0.01837, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 25, "ats_level": "LOW", "ats_breakdown": {"severity": 24.6, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2024-56182", "description": "A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC Field PG M6 (All versions < V26.01.12), SIMATIC IPC BX-21A (All versions < V31.01.07), SIMATIC IPC BX-32A (All versions < V29.01.07), SIMATIC IPC BX-39A (All versions < V29.01.07), SIMATIC IPC BX-59A (All versions < V32.01.04), SIMATIC IPC PX-32A (All versions < V29.01.07), SIMATIC IPC PX-39A (All versions < V29.01.07), SIMATIC IPC PX-39A PRO (All versions < V29.01.07), SIMATIC IPC RC-543A (All versions), SIMATIC IPC RC-543B (All versions < V35.01.12), SIMATIC IPC RW-543A (All versions < V1.1.4), SIMATIC IPC RW-543B (All versions < V35.02.10), SIMATIC IPC127E (All versions < V27.01.11), SIMATIC IPC227E (All versions), SIMATIC IPC227G (All versions < V28.01.14), SIMATIC IPC277E (All versions), SIMATIC IPC277G (All versions < V28.01.14), SIMATIC IPC277G PRO (All versions < V28.01.14), SIMATIC IPC3000 SMART V3 (All versions), SIMATIC IPC327G (All versions < V28.01.14), SIMATIC IPC347G (All versions), SIMATIC IPC377G (All versions < V28.01.14), SIMATIC IPC427E (All versions), SIMATIC IPC477E (All versions), SIMATIC IPC477E PRO (All versions), SIMATIC IPC527G (All versions), SIMATIC IPC627E (All versions < V25.02.15), SIMATIC IPC647E (All versions < V25.02.15), SIMATIC IPC677E (All versions < V25.02.15), SIMATIC IPC847E (All versions < V25.02.15), SIMATIC ITP1000 (All versions). The affected devices have insufficient protection mechanism for the EFI(Extensible Firmware Interface) variables stored on the device. This could allow an authenticated attacker to disable the BIOS password without proper authorization by directly communicate with the flash controller.", "cvss_score": 8.2, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-693"], "affected_products": [], "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-216014.html", "source": "productcert@siemens.com", "tags": []}], "published": "2025-03-11T10:15:15.823", "last_modified": "2026-04-14T09:16:34.363", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0001, "epss_percentile": 0.01104, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 25, "ats_level": "LOW", "ats_breakdown": {"severity": 24.6, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27826", "description": "MCP Atlassian is a Model Context Protocol (MCP) server for Atlassian products (Confluence and Jira). Prior to version 0.17.0, an unauthenticated attacker who can reach the mcp-atlassian HTTP endpoint can force the server process to make outbound HTTP requests to an arbitrary attacker-controlled URL by supplying two custom HTTP headers without an `Authorization` header. No authentication is required. The vulnerability exists in the HTTP middleware and dependency injection layer — not in any MCP tool handler - making it invisible to tool-level code analysis. In cloud deployments, this could enable theft of IAM role credentials via the instance metadata endpoint (`169[.]254[.]169[.]254`). In any HTTP deployment it enables internal network reconnaissance and injection of attacker-controlled content into LLM tool results. Version 0.17.0 fixes the issue.", "cvss_score": 8.2, "cvss_vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-918"], "affected_products": [{"vendor": "sooperset", "product": "mcp_atlassian", "cpe": "cpe:2.3:a:sooperset:mcp_atlassian:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/sooperset/mcp-atlassian/commit/5cd697dfce9116ef330b8dc7a91291640e0528d9", "source": "security-advisories@github.com", "tags": ["Patch"]}, {"url": "https://github.com/sooperset/mcp-atlassian/security/advisories/GHSA-7r34-79r5-rcc9", "source": "security-advisories@github.com", "tags": ["Vendor Advisory", "Exploit"]}], "published": "2026-03-10T19:17:20.670", "last_modified": "2026-04-13T15:01:48.520", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00073, "epss_percentile": 0.22171, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1090", "name": "Proxy", "tactic": "Command and Control"}], "ats_score": 25, "ats_level": "LOW", "ats_breakdown": {"severity": 24.6, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32877", "description": "Botan is a C++ cryptography library. From version 2.3.0 to before version 3.11.0, during SM2 decryption, the code that checked the authentication code value (C3) failed to check that the encoded value was of the expected length prior to comparison. An invalid ciphertext can cause a heap over-read of up to 31 bytes, resulting in a crash or potentially other undefined behavior. This issue has been patched in version 3.11.0.", "cvss_score": 8.2, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-125"], "affected_products": [{"vendor": "botan_project", "product": "botan", "cpe": "cpe:2.3:a:botan_project:botan:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/randombit/botan/security/advisories/GHSA-7jj6-4r42-w9h6", "source": "security-advisories@github.com", "tags": ["Vendor Advisory"]}], "published": "2026-03-30T21:17:09.767", "last_modified": "2026-04-13T13:57:30.477", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00056, "epss_percentile": 0.17608, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 25, "ats_level": "LOW", "ats_breakdown": {"severity": 24.6, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32725", "description": "SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass when processing path-based scopes in tokens. The library normalizes the scope path from the token before authorization and collapses \"..\" path components instead of rejecting them. As a result, an attacker can use parent-directory traversal in the scope claim to broaden the effective authorization beyond the intended directory. This issue has been patched in version 1.4.1.", "cvss_score": 8.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-23"], "affected_products": [{"vendor": "scitokens", "product": "scitokens_cpp_library", "cpe": "cpe:2.3:a:scitokens:scitokens_cpp_library:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/scitokens/scitokens-cpp/commit/7951ed809967d88c00c20de414b1ff74df8c3e08", "source": "security-advisories@github.com", "tags": ["Patch"]}, {"url": "https://github.com/scitokens/scitokens-cpp/security/advisories/GHSA-rqcx-mc9w-pjxp", "source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"]}], "published": "2026-03-31T18:16:50.837", "last_modified": "2026-04-13T17:16:08.350", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00172, "epss_percentile": 0.38509, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 25, "ats_level": "LOW", "ats_breakdown": {"severity": 24.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34524", "description": "SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, a path traversal vulnerability in chat endpoints allows an authenticated attacker to read and delete arbitrary files under their user data root (for example secrets.json and settings.json) by supplying avatar_url=\"..\". This issue has been patched in version 1.17.0.", "cvss_score": 8.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-22"], "affected_products": [{"vendor": "sillytavern", "product": "sillytavern", "cpe": "cpe:2.3:a:sillytavern:sillytavern:*:*:*:*:*:node.js:*:*"}], "references": [{"url": "https://github.com/SillyTavern/SillyTavern/releases/tag/1.17.0", "source": "security-advisories@github.com", "tags": ["Release Notes"]}, {"url": "https://github.com/SillyTavern/SillyTavern/security/advisories/GHSA-vprr-q85p-79mf", "source": "security-advisories@github.com", "tags": ["Vendor Advisory", "Exploit"]}, {"url": "https://github.com/SillyTavern/SillyTavern/security/advisories/GHSA-vprr-q85p-79mf", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Vendor Advisory", "Exploit"]}], "published": "2026-04-02T18:16:29.763", "last_modified": "2026-04-13T18:43:05.203", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00056, "epss_percentile": 0.17469, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1083", "name": "File and Directory Discovery", "tactic": "Discovery"}], "ats_score": 25, "ats_level": "LOW", "ats_breakdown": {"severity": 24.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34780", "description": "Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From versions 39.0.0-alpha.1 to before 39.8.0, 40.0.0-alpha.1 to before 40.7.0, and 41.0.0-alpha.1 to before 41.0.0-beta.8, apps that pass VideoFrame objects (from the WebCodecs API) across the contextBridge are vulnerable to a context isolation bypass. An attacker who can execute JavaScript in the main world (for example, via XSS) can use a bridged VideoFrame to gain access to the isolated world, including any Node.js APIs exposed to the preload script. Apps are only affected if a preload script returns, resolves, or passes a VideoFrame object to the main world via contextBridge.exposeInMainWorld(). Apps that do not bridge VideoFrame objects are not affected. This issue has been patched in versions 39.8.0, 40.7.0, and 41.0.0-beta.8.", "cvss_score": 8.3, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-668", "CWE-1188"], "affected_products": [{"vendor": "electronjs", "product": "electron", "cpe": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:node.js:*:*"}, {"vendor": "electronjs", "product": "electron", "cpe": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:node.js:*:*"}, {"vendor": "electronjs", "product": "electron", "cpe": "cpe:2.3:a:electronjs:electron:41.0.0:alpha1:*:*:*:node.js:*:*"}, {"vendor": "electronjs", "product": "electron", "cpe": "cpe:2.3:a:electronjs:electron:41.0.0:alpha2:*:*:*:node.js:*:*"}, {"vendor": "electronjs", "product": "electron", "cpe": "cpe:2.3:a:electronjs:electron:41.0.0:alpha3:*:*:*:node.js:*:*"}, {"vendor": "electronjs", "product": "electron", "cpe": "cpe:2.3:a:electronjs:electron:41.0.0:alpha4:*:*:*:node.js:*:*"}, {"vendor": "electronjs", "product": "electron", "cpe": "cpe:2.3:a:electronjs:electron:41.0.0:alpha5:*:*:*:node.js:*:*"}, {"vendor": "electronjs", "product": "electron", "cpe": "cpe:2.3:a:electronjs:electron:41.0.0:alpha6:*:*:*:node.js:*:*"}, {"vendor": "electronjs", "product": "electron", "cpe": "cpe:2.3:a:electronjs:electron:41.0.0:beta1:*:*:*:node.js:*:*"}, {"vendor": "electronjs", "product": "electron", "cpe": "cpe:2.3:a:electronjs:electron:41.0.0:beta2:*:*:*:node.js:*:*"}, {"vendor": "electronjs", "product": "electron", "cpe": "cpe:2.3:a:electronjs:electron:41.0.0:beta3:*:*:*:node.js:*:*"}, {"vendor": "electronjs", "product": "electron", "cpe": "cpe:2.3:a:electronjs:electron:41.0.0:beta4:*:*:*:node.js:*:*"}, {"vendor": "electronjs", "product": "electron", "cpe": "cpe:2.3:a:electronjs:electron:41.0.0:beta5:*:*:*:node.js:*:*"}, {"vendor": "electronjs", "product": "electron", "cpe": "cpe:2.3:a:electronjs:electron:41.0.0:beta6:*:*:*:node.js:*:*"}, {"vendor": "electronjs", "product": "electron", "cpe": "cpe:2.3:a:electronjs:electron:41.0.0:beta7:*:*:*:node.js:*:*"}], "references": [{"url": "https://github.com/electron/electron/security/advisories/GHSA-jfqg-hf23-qpw2", "source": "security-advisories@github.com", "tags": ["Vendor Advisory"]}], "published": "2026-04-04T01:16:39.540", "last_modified": "2026-04-14T19:02:23.427", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00042, "epss_percentile": 0.1277, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 25, "ats_level": "LOW", "ats_breakdown": {"severity": 24.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2019-25662", "description": "ResourceSpace 8.6 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'ref' parameter. Attackers can send GET requests to the watched_searches.php endpoint with crafted SQL payloads to extract sensitive database information including usernames and credentials.", "cvss_score": 8.2, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-89"], "affected_products": [{"vendor": "montala", "product": "resourcespace", "cpe": "cpe:2.3:a:montala:resourcespace:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://www.exploit-db.com/exploits/46308", "source": "disclosure@vulncheck.com", "tags": ["Exploit", "VDB Entry"]}, {"url": "https://www.resourcespace.com/", "source": "disclosure@vulncheck.com", "tags": ["Product"]}, {"url": "https://www.resourcespace.com/get", "source": "disclosure@vulncheck.com", "tags": ["Product"]}, {"url": "https://www.vulncheck.com/advisories/resourcespace-sql-injection-via-watched-searches-php", "source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"]}], "published": "2026-04-05T21:16:43.223", "last_modified": "2026-04-14T16:16:55.097", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0009, "epss_percentile": 0.2538, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 25, "ats_level": "LOW", "ats_breakdown": {"severity": 24.6, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35020", "description": "Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the command lookup helper and deep-link terminal launcher that allows local attackers to execute arbitrary commands by manipulating the TERMINAL environment variable. Attackers can inject shell metacharacters into the TERMINAL variable which are interpreted by /bin/sh when the command lookup helper constructs and executes shell commands with shell=true. The vulnerability can be triggered during normal CLI execution as well as via the deep-link handler path, resulting in arbitrary command execution with the privileges of the user running the CLI.", "cvss_score": 8.4, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-78"], "affected_products": [], "references": [{"url": "https://phoenix.security/critical-ci-cd-nightmare-3-command-injection-flaws-in-claude-code-cli-allow-credential-exfiltration/", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/anthropic-claude-code-agent-sdk-os-command-injection-via-terminal-environment-variable", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-06T20:16:24.863", "last_modified": "2026-04-13T20:16:34.313", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00091, "epss_percentile": 0.25582, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 25, "ats_level": "LOW", "ats_breakdown": {"severity": 25.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34578", "description": "OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.6, OPNsense's LDAP authentication connector passes the login username directly into an LDAP search filter without calling ldap_escape(). An unauthenticated attacker can inject LDAP filter metacharacters into the username field of the WebGUI login page to enumerate valid LDAP usernames in the configured directory. When the LDAP server configuration includes an Extended Query to restrict login to members of a specific group, the same injection can be used to bypass that group membership restriction and authenticate as any LDAP user whose password is known, regardless of group membership. This vulnerability is fixed in 26.1.6.", "cvss_score": 8.2, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-90"], "affected_products": [{"vendor": "opnsense", "product": "opnsense", "cpe": "cpe:2.3:a:opnsense:opnsense:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/opnsense/core/commit/016f66cb4620cd48183fa97843f343bb71813c6e", "source": "security-advisories@github.com", "tags": ["Patch"]}, {"url": "https://github.com/opnsense/core/security/advisories/GHSA-jpm7-f59c-mp54", "source": "security-advisories@github.com", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}, {"url": "https://github.com/opnsense/core/security/advisories/GHSA-jpm7-f59c-mp54", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}], "published": "2026-04-09T15:16:10.777", "last_modified": "2026-04-14T20:14:24.660", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00202, "epss_percentile": 0.42274, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 25, "ats_level": "LOW", "ats_breakdown": {"severity": 24.6, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2023-54359", "description": "WordPress adivaha Travel Plugin 2.3 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'pid' GET parameter. Attackers can send requests to the /mobile-app/v3/ endpoint with crafted 'pid' values using XOR-based payloads to extract sensitive database information or cause denial of service.", "cvss_score": 8.2, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-89"], "affected_products": [], "references": [{"url": "https://wordpress.org/plugins/adiaha-hotel/", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.adivaha.com/", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.exploit-db.com/exploits/51655", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/wordpress-adivaha-travel-plugin-sql-injection-via-pid", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-09T21:16:05.153", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00064, "epss_percentile": 0.197, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 25, "ats_level": "LOW", "ats_breakdown": {"severity": 24.6, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40113", "description": "PraisonAI is a multi-agent teams system. Prior to 4.5.128, deploy.py constructs a single comma-delimited string for the gcloud run\ndeploy --set-env-vars argument by directly interpolating openai_model, openai_key, and openai_base without validating that these values do not contain commas. gcloud uses a comma as the key-value pair separator for --set-env-vars. A comma in any of the three values causes gcloud to parse the trailing text as additional KEY=VALUE definitions, injecting arbitrary environment variables into the deployed Cloud Run service. This vulnerability is fixed in 4.5.128.", "cvss_score": 8.4, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-88"], "affected_products": [], "references": [{"url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-fvxx-ggmx-3cjg", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-09T22:16:34.853", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00019, "epss_percentile": 0.0494, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 25, "ats_level": "LOW", "ats_breakdown": {"severity": 25.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35595", "description": "Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the CanUpdate check at pkg/models/project_permissions.go:139-148 only requires CanWrite on the new parent project when changing parent_project_id. However, Vikunja's permission model uses a recursive CTE that walks up the project hierarchy to compute permissions. Moving a project under a different parent changes the permission inheritance chain. When a user has inherited Write access (from a parent project share) and reparents the child project under their own project tree, the CTE resolves their ownership of the new parent as Admin (permission level 2) on the moved project. This vulnerability is fixed in 2.3.0.", "cvss_score": 8.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-269"], "affected_products": [], "references": [{"url": "https://github.com/go-vikunja/vikunja/commit/c03d682f48aff890eeb3c8b41d38226069722827", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/go-vikunja/vikunja/pull/2583", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/go-vikunja/vikunja/releases/tag/v2.3.0", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/go-vikunja/vikunja/security/advisories/GHSA-2vq4-854f-5c72", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-10T17:17:02.910", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00028, "epss_percentile": 0.07976, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}], "ats_score": 25, "ats_level": "LOW", "ats_breakdown": {"severity": 24.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-31939", "description": "Chamilo LMS is a learning management system. Prior to 1.11.38, there is a path traversal in main/exercise/savescores.php leading to arbitrary file feletion. User input from $_REQUEST['test'] is concatenated directly into filesystem path without canonicalization or traversal checks. This vulnerability is fixed in 1.11.38.", "cvss_score": 8.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-22", "CWE-73"], "affected_products": [], "references": [{"url": "https://github.com/chamilo/chamilo-lms/commit/4dddcc19d36119da27b7c49eb84a035800abae78", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/chamilo/chamilo-lms/releases/tag/v1.11.38", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-8q8c-v75x-q2hx", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-8q8c-v75x-q2hx", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": []}], "published": "2026-04-10T18:16:41.313", "last_modified": "2026-04-13T16:16:26.450", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00041, "epss_percentile": 0.12334, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1083", "name": "File and Directory Discovery", "tactic": "Discovery"}], "ats_score": 25, "ats_level": "LOW", "ats_breakdown": {"severity": 24.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40163", "description": "Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.5, 1.5.5, and 1.6.0-beta.4, the POST /sync/offline_changes endpoint allows an unauthenticated attacker to create arbitrary directories and write a changes.json file with attacker-controlled JSON content anywhere on the server filesystem. The GET /sync/upload_finished endpoint allows an unauthenticated attacker to list arbitrary directory contents and read specific JSON files. This vulnerability is fixed in 1.4.5, 1.5.5, and 1.6.0-beta.4.", "cvss_score": 8.2, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-22"], "affected_products": [], "references": [{"url": "https://github.com/saltcorn/saltcorn/security/advisories/GHSA-32pv-mpqg-h292", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-10T18:16:46.233", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00078, "epss_percentile": 0.23162, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1083", "name": "File and Directory Discovery", "tactic": "Discovery"}], "ats_score": 25, "ats_level": "LOW", "ats_breakdown": {"severity": 24.6, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40168", "description": "Postiz is an AI social media scheduling tool. Prior to 2.21.5, the /api/public/stream endpoint is vulnerable to SSRF. Although the application validates the initially supplied URL and blocks direct private/internal hosts, it does not re-validate the final destination after HTTP redirects. As a result, an attacker can supply a public HTTPS URL that passes validation and then redirects the server-side request to an internal resource.", "cvss_score": 8.2, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-918"], "affected_products": [{"vendor": "gitroom", "product": "postiz", "cpe": "cpe:2.3:a:gitroom:postiz:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/gitroomhq/postiz-app/commit/30e8b777098157362769226d1b46d83ad616cb06", "source": "security-advisories@github.com", "tags": ["Patch"]}, {"url": "https://github.com/gitroomhq/postiz-app/releases/tag/v2.21.5", "source": "security-advisories@github.com", "tags": ["Product", "Release Notes"]}, {"url": "https://github.com/gitroomhq/postiz-app/security/advisories/GHSA-34w8-5j2v-h6ww", "source": "security-advisories@github.com", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}, {"url": "https://github.com/gitroomhq/postiz-app/security/advisories/GHSA-34w8-5j2v-h6ww", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}], "published": "2026-04-10T20:16:22.643", "last_modified": "2026-04-14T20:09:03.727", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0004, "epss_percentile": 0.1214, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1090", "name": "Proxy", "tactic": "Command and Control"}], "ats_score": 25, "ats_level": "LOW", "ats_breakdown": {"severity": 24.6, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-1116", "description": "A Cross-site Scripting (XSS) vulnerability was identified in the `from_dict` method of the `AppLollmsMessage` class in parisneo/lollms prior to version 2.2.0. The vulnerability arises from the lack of sanitization or HTML encoding of the `content` field when deserializing user-provided data. This allows an attacker to inject malicious HTML or JavaScript payloads, which can be executed in the context of another user's browser. Exploitation of this vulnerability can lead to account takeover, session hijacking, or wormable attacks.", "cvss_score": 8.2, "cvss_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://github.com/parisneo/lollms/commit/9767b882dbc893c388a286856beeaead69b8292a", "source": "security@huntr.dev", "tags": []}, {"url": "https://huntr.com/bounties/d3d076a7-2a51-4e07-8d0e-91e28e76788e", "source": "security@huntr.dev", "tags": []}], "published": "2026-04-12T03:16:07.600", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00012, "epss_percentile": 0.01464, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 25, "ats_level": "LOW", "ats_breakdown": {"severity": 24.6, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2018-25258", "description": "RGui 3.5.0 contains a local buffer overflow vulnerability in the GUI preferences dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers can craft malicious input in the Language for menus and messages field to trigger a stack-based buffer overflow, execute a ROP chain for VirtualAlloc allocation, and achieve arbitrary code execution.", "cvss_score": 8.4, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-434"], "affected_products": [], "references": [{"url": "https://cran.r-project.org/bin/windows/base/old/3.5.0/R-3.5.0-win.exe", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.exploit-db.com/exploits/46107", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.r-project.org/", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/rgui-local-buffer-overflow-seh-dep-bypass", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-12T13:16:31.740", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00013, "epss_percentile": 0.02286, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1105", "name": "Ingress Tool Transfer", "tactic": "Command and Control"}], "ats_score": 25, "ats_level": "LOW", "ats_breakdown": {"severity": 25.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2019-25689", "description": "HTML5 Video Player 1.2.5 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized key code string. Attackers can craft a malicious payload exceeding 997 bytes and paste it into the KEY CODE field in the Help Register dialog to trigger code execution and spawn a calculator process.", "cvss_score": 8.4, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-787"], "affected_products": [], "references": [{"url": "http://www.html5videoplayer.net/download.html", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.exploit-db.com/exploits/46279", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/html5-video-player-local-buffer-overflow-non-seh", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-12T13:16:31.923", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00013, "epss_percentile": 0.02143, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 25, "ats_level": "LOW", "ats_breakdown": {"severity": 25.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2019-25691", "description": "Faleemi Desktop Software 1.8 contains a local buffer overflow vulnerability in the System Setup dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers can inject a crafted payload into the Save Path for Snapshot and Record file field to trigger a buffer overflow and execute arbitrary code via ROP chain gadgets.", "cvss_score": 8.4, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-787"], "affected_products": [], "references": [{"url": "https://www.exploit-db.com/exploits/46269", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.faleemi.com/", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/faleemi-desktop-software-local-buffer-overflow-seh-dep-bypass", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-12T13:16:32.103", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00013, "epss_percentile": 0.02143, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 25, "ats_level": "LOW", "ats_breakdown": {"severity": 25.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2019-25695", "description": "R 3.4.4 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by injecting malicious input into the GUI Preferences language field. Attackers can craft a payload with a 292-byte offset and JMP ESP instruction to execute commands like calc.exe when the payload is pasted into the Language for menus and messages field.", "cvss_score": 8.4, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-787"], "affected_products": [], "references": [{"url": "https://cloud.r-project.org/bin/windows/", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.exploit-db.com/exploits/46265", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/r-local-buffer-overflow-windows-xp-sp3", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-12T13:16:32.443", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00013, "epss_percentile": 0.02013, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 25, "ats_level": "LOW", "ats_breakdown": {"severity": 25.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2019-25697", "description": "CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cat_id parameter. Attackers can send GET requests to category.php with malicious cat_id values to extract sensitive database information including usernames and credentials.", "cvss_score": 8.2, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-89"], "affected_products": [], "references": [{"url": "https://github.com/VictorAlagwu/CMSsite/archive/master.zip", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.exploit-db.com/exploits/46259", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/cmssite-sql-injection-via-category-php", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-12T13:16:32.603", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00065, "epss_percentile": 0.20154, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 25, "ats_level": "LOW", "ats_breakdown": {"severity": 24.6, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2019-25701", "description": "Easy Video to iPod Converter 1.6.20 contains a local buffer overflow vulnerability in the user registration field that allows local attackers to overwrite the structured exception handler. Attackers can input a crafted payload exceeding 996 bytes in the username field to trigger SEH overwrite and execute arbitrary code with user privileges.", "cvss_score": 8.4, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-787"], "affected_products": [], "references": [{"url": "http://www.divxtodvd.net/", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "http://www.divxtodvd.net/easy_video_to_ipod.exe", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.exploit-db.com/exploits/46255", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/easy-video-to-ipod-converter-local-buffer-overflow-seh", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-12T13:16:32.940", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00013, "epss_percentile": 0.02286, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 25, "ats_level": "LOW", "ats_breakdown": {"severity": 25.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2019-25705", "description": "Echo Mirage 3.1 contains a stack buffer overflow vulnerability that allows local attackers to crash the application or execute arbitrary code by supplying an oversized string in the Rules action field. Attackers can create a malicious text file with a crafted payload exceeding buffer boundaries and paste it into the action field through the Rules dialog to trigger the overflow and overwrite the return address.", "cvss_score": 8.4, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-787"], "affected_products": [], "references": [{"url": "http://initd.sh/", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://sourceforge.net/projects/echomirage.oldbutgold.p/", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.exploit-db.com/exploits/46216", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/echo-mirage-stack-buffer-overflow-via-rules-action-field", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-12T13:16:33.303", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00013, "epss_percentile": 0.02286, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 25, "ats_level": "LOW", "ats_breakdown": {"severity": 25.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2019-25710", "description": "Dolibarr ERP-CRM 8.0.4 contains an SQL injection vulnerability in the rowid parameter of the admin dict.php endpoint that allows attackers to execute arbitrary SQL queries. Attackers can inject malicious SQL code through the rowid POST parameter to extract sensitive database information using error-based SQL injection techniques.", "cvss_score": 8.2, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-89"], "affected_products": [], "references": [{"url": "https://sourceforge.net/projects/dolibarr/files/Dolibarr%20ERP-CRM/8.0.4/dolibarr-8.0.4.zip", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.dolibarr.org/", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.exploit-db.com/exploits/46095", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/dolibarr-erp-crm-sql-injection-via-rowid-parameter", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-12T13:16:34.127", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0003, "epss_percentile": 0.08491, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 25, "ats_level": "LOW", "ats_breakdown": {"severity": 24.6, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-69627", "description": "Nitro PDF Pro for Windows 14.41.1.4 contains a heap use-after-free vulnerability in the implementation of the JavaScript method this.mailDoc(). During execution, an internal XID object is allocated and then freed prematurely, after which the freed pointer is still passed into UI and logging helper functions. Because the freed memory region may contain unpredictable heap data or remnants of attacker-controlled JavaScript strings, downstream routines such as wcscmp() may process invalid or stale pointers. This can result in access violations and non-deterministic crashes.", "cvss_score": 8.4, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-416"], "affected_products": [], "references": [{"url": "http://nitro.com", "source": "cve@mitre.org", "tags": []}, {"url": "https://jeroscope.com/advisories/2025/jero-2025-016/", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-13T16:16:24.867", "last_modified": "2026-04-14T17:16:26.630", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 6e-05, "epss_percentile": 0.00373, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 25, "ats_level": "LOW", "ats_breakdown": {"severity": 25.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32316", "description": "jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1 within the jvp_string_append() and jvp_string_copy_replace_bad functions, where concatenating strings with a combined length exceeding 2^31 bytes causes a 32-bit unsigned integer overflow in the buffer allocation size calculation, resulting in a drastically undersized heap buffer. Subsequent memory copy operations then write the full string data into this undersized buffer, causing a heap buffer overflow classified as CWE-190 (Integer Overflow) leading to CWE-122 (Heap-based Buffer Overflow). Any system evaluating untrusted jq queries is affected, as an attacker can crash the process or potentially achieve further exploitation through heap corruption by crafting queries that produce extremely large strings. The root cause is the absence of string size bounds checking, unlike arrays and objects which already have size limits. The issue has been addressed in commit e47e56d226519635768e6aab2f38f0ab037c09e5.", "cvss_score": 8.2, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-122", "CWE-190"], "affected_products": [], "references": [{"url": "https://github.com/jqlang/jq/commit/e47e56d226519635768e6aab2f38f0ab037c09e5", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/jqlang/jq/security/advisories/GHSA-q3h9-m34w-h76f", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-13T18:16:29.420", "last_modified": "2026-04-13T18:16:29.420", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0004, "epss_percentile": 0.11987, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 25, "ats_level": "LOW", "ats_breakdown": {"severity": 24.6, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40287", "description": "PraisonAI is a multi-agent teams system. Versions 4.5.138 and below are vulnerable to arbitrary code execution through automatic, unsanitized import of a tools.py file from the current working directory. Components including call.py (import_tools_from_file()), tool_resolver.py (_load_local_tools()), and CLI tool-loading paths blindly import ./tools.py at startup without any validation, sandboxing, or user confirmation. An attacker who can place a malicious tools.py in the directory where PraisonAI is launched (such as through a shared project, cloned repository, or writable workspace) achieves immediate arbitrary Python code execution in the host environment. This compromises the full PraisonAI process, the host system, and any connected data or credentials. This issue has been fixed in version 4.5.139.", "cvss_score": 8.4, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-94", "CWE-426"], "affected_products": [], "references": [{"url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-g985-wjh9-qxxc", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-g985-wjh9-qxxc", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": []}], "published": "2026-04-14T04:17:11.977", "last_modified": "2026-04-14T14:16:14.887", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00023, "epss_percentile": 0.06212, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 25, "ats_level": "LOW", "ats_breakdown": {"severity": 25.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32091", "description": "Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.", "cvss_score": 8.4, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-362", "CWE-416"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32091", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:14.080", "last_modified": "2026-04-14T18:17:14.080", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}, {"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 25, "ats_level": "LOW", "ats_breakdown": {"severity": 25.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32162", "description": "Acceptance of extraneous untrusted data with trusted data in Windows COM allows an unauthorized attacker to elevate privileges locally.", "cvss_score": 8.4, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-349"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32162", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:18.223", "last_modified": "2026-04-14T18:17:18.223", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 25, "ats_level": "LOW", "ats_breakdown": {"severity": 25.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32190", "description": "Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.", "cvss_score": 8.4, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-416"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32190", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:25.490", "last_modified": "2026-04-14T18:17:25.490", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 25, "ats_level": "LOW", "ats_breakdown": {"severity": 25.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32221", "description": "Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code locally.", "cvss_score": 8.4, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-122"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32221", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:30.087", "last_modified": "2026-04-14T18:17:30.087", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 25, "ats_level": "LOW", "ats_breakdown": {"severity": 25.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33114", "description": "Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.", "cvss_score": 8.4, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-822"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33114", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:33.510", "last_modified": "2026-04-14T18:17:33.510", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 25, "ats_level": "LOW", "ats_breakdown": {"severity": 25.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33115", "description": "Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.", "cvss_score": 8.4, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-416"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33115", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:33.707", "last_modified": "2026-04-14T18:17:33.707", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 25, "ats_level": "LOW", "ats_breakdown": {"severity": 25.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-1932", "description": "An inconsistent comparator in xslt/txNodeSorter could have resulted in potentially exploitable out-of-bounds access. Only affected version 122 and later. This vulnerability was fixed in Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.", "cvss_score": 8.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-125"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1944313", "source": "security@mozilla.org", "tags": ["Issue Tracking"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-14/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-16/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-17/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-18/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00006.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-03-04T14:15:38.053", "last_modified": "2026-04-13T15:16:51.987", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00183, "epss_percentile": 0.40008, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-3030", "description": "Memory safety bugs present in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 137, Firefox ESR 128.9, Thunderbird 137, and Thunderbird 128.9.", "cvss_score": 8.1, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-416"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1850615%2C1932468%2C1942551%2C1951017%2C1951494", "source": "security@mozilla.org", "tags": ["Broken Link", "Issue Tracking"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-20/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-22/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-23/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-24/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00005.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-04-01T13:15:41.390", "last_modified": "2026-04-13T15:16:56.637", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00436, "epss_percentile": 0.63, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.3, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-4091", "description": "Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 138, Firefox ESR 128.10, Thunderbird 138, and Thunderbird 128.10.", "cvss_score": 8.1, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-119"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1951161%2C1952105", "source": "security@mozilla.org", "tags": ["Broken Link"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-28/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-29/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-31/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-32/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00024.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-04-29T14:15:35.717", "last_modified": "2026-04-13T15:17:00.890", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00436, "epss_percentile": 0.63, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.3, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-4093", "description": "Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox ESR 128.10 and Thunderbird 128.10.", "cvss_score": 8.1, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-119"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1894100", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-29/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-32/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00024.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-04-29T14:15:35.907", "last_modified": "2026-04-13T15:17:01.237", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00427, "epss_percentile": 0.62301, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.3, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-3909", "description": "Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment (message/rfc822) and setting its content type to application/pdf, Thunderbird may incorrectly render it as HTML when opened, allowing the embedded JavaScript to run without requiring a file download. This behavior relies on Thunderbird auto-saving the attachment to /tmp and linking to it via the file:/// protocol, potentially enabling JavaScript execution as part of the HTML. This vulnerability was fixed in Thunderbird 128.10.1 and Thunderbird 138.0.1.", "cvss_score": 8.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-356"], "affected_products": [{"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1958376", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-34/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-35/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00022.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-05-14T17:15:48.660", "last_modified": "2026-04-13T15:16:58.560", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00422, "epss_percentile": 0.62092, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.3, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-6435", "description": "If a user saved a response from the Network tab in Devtools using the Save As context menu option, that file may not have been saved with the `.download` file extension. This could have led to the user inadvertently running a malicious executable. This vulnerability was fixed in Firefox 140 and Thunderbird 140.", "cvss_score": 8.1, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-434"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1950056", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1961777", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-51/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-54/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-06-24T13:15:24.560", "last_modified": "2026-04-13T15:17:08.143", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00139, "epss_percentile": 0.34033, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1105", "name": "Ingress Tool Transfer", "tactic": "Command and Control"}], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-6436", "description": "Memory safety bugs present in Firefox 139 and Thunderbird 139. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 140 and Thunderbird 140.", "cvss_score": 8.1, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-119"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1941377%2C1960948%2C1966187%2C1966505%2C1970764%2C1942930", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-51/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-54/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-06-24T13:15:24.677", "last_modified": "2026-04-13T15:17:08.313", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00141, "epss_percentile": 0.34226, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-8029", "description": "Thunderbird executed `javascript:` URLs when used in `object` and `embed` tags. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.", "cvss_score": 8.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-80"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1928021", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-56/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-58/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-59/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-61/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-62/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-63/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00016.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-07-22T21:15:50.057", "last_modified": "2026-04-13T15:17:08.957", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00063, "epss_percentile": 0.19485, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-8030", "description": "Insufficient escaping in the “Copy as cURL” feature could potentially be used to trick a user into executing unexpected code. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.", "cvss_score": 8.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-94"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1968414", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-56/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-58/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-59/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-61/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-62/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-63/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00016.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-07-22T21:15:50.157", "last_modified": "2026-04-13T15:17:09.197", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00063, "epss_percentile": 0.19485, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-8032", "description": "XSLT document loading did not correctly propagate the source document which bypassed its CSP. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.", "cvss_score": 8.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-693"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1974407", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-56/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-58/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-59/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-61/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-62/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-63/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00016.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-07-22T21:15:50.360", "last_modified": "2026-04-13T15:17:09.650", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00073, "epss_percentile": 0.22229, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-8036", "description": "Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1.", "cvss_score": 8.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-350"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1960834", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-56/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-59/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-61/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-63/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.kb.cert.org/vuls/id/652514", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-07-22T21:15:50.760", "last_modified": "2026-04-13T15:17:10.650", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00068, "epss_percentile": 0.20846, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-8039", "description": "In some cases search terms persisted in the URL bar even after navigating away from the search page. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1.", "cvss_score": 8.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-200"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1970997", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-56/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-59/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-61/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-63/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-07-22T21:15:51.060", "last_modified": "2026-04-13T15:17:11.200", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0007, "epss_percentile": 0.21283, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1005", "name": "Data from Local System", "tactic": "Collection"}], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-9180", "description": "Same-origin policy bypass in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 142, Firefox ESR 115.27, Firefox ESR 128.14, Firefox ESR 140.2, Thunderbird 142, Thunderbird 128.14, and Thunderbird 140.2.", "cvss_score": 8.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-346"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1979782", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-64/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-65/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-66/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-67/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-70/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-71/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-72/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00016.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00018.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-08-19T21:15:30.390", "last_modified": "2026-04-13T15:17:13.590", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00031, "epss_percentile": 0.08833, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-9184", "description": "Memory safety bugs present in Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 142, Firefox ESR 140.2, Thunderbird 142, and Thunderbird 140.2.", "cvss_score": 8.1, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-119"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1929482%2C1976376%2C1979163%2C1979955", "source": "security@mozilla.org", "tags": ["Broken Link"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-64/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-67/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-70/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-72/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-08-19T21:15:30.903", "last_modified": "2026-04-13T15:17:14.297", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00068, "epss_percentile": 0.20941, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-9185", "description": "Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 142, Firefox ESR 115.27, Firefox ESR 128.14, Firefox ESR 140.2, Thunderbird 142, Thunderbird 128.14, and Thunderbird 140.2.", "cvss_score": 8.1, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-119"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1970154%2C1976782%2C1977166", "source": "security@mozilla.org", "tags": ["Broken Link"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-64/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-65/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-66/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-67/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-70/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-71/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-72/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00016.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00018.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-08-19T21:15:31.037", "last_modified": "2026-04-13T15:17:14.473", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00087, "epss_percentile": 0.24952, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-10534", "description": "Spoofing issue in the Site Permissions component. This vulnerability was fixed in Firefox 143 and Thunderbird 143.", "cvss_score": 8.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-79"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1665334", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-73/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-77/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-09-16T13:15:48.007", "last_modified": "2026-04-13T15:16:37.050", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00035, "epss_percentile": 0.10056, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-11713", "description": "Insufficient escaping in the “Copy as cURL” feature could have been used to trick a user into executing unexpected code on Windows. This did not affect the application when running on other operating systems. This vulnerability was fixed in Firefox 144, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4.", "cvss_score": 8.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-116"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1986142", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-81/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-83/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-84/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-85/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-10-14T13:15:37.567", "last_modified": "2026-04-13T15:16:40.177", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00038, "epss_percentile": 0.11113, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-11720", "description": "The Firefox and Firefox Focus UI for the Android custom tab feature only showed the \"site\" that was loaded, not the full hostname. User supplied content hosted on a subdomain of a site could have been used to fool a user into thinking it was content from a different subdomain of that site. This vulnerability was fixed in Firefox 144.", "cvss_score": 8.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-451"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1979534", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1984370", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-81/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-10-14T13:15:38.400", "last_modified": "2026-04-13T15:16:41.423", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00043, "epss_percentile": 0.13135, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-13017", "description": "Same-origin policy bypass in the DOM: Notifications component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5.", "cvss_score": 8.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-942"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1980904", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-87/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-88/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-90/", "source": "security@mozilla.org", "tags": []}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-91/", "source": "security@mozilla.org", "tags": []}], "published": "2025-11-11T16:15:38.793", "last_modified": "2026-04-13T15:16:42.840", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00025, "epss_percentile": 0.06918, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-13018", "description": "Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5.", "cvss_score": 8.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-288"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1984940", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-87/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-88/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-90/", "source": "security@mozilla.org", "tags": []}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-91/", "source": "security@mozilla.org", "tags": []}], "published": "2025-11-11T16:15:38.900", "last_modified": "2026-04-13T15:16:43.020", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00025, "epss_percentile": 0.06918, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-13019", "description": "Same-origin policy bypass in the DOM: Workers component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5.", "cvss_score": 8.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-942"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1988412", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-87/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-88/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-90/", "source": "security@mozilla.org", "tags": []}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-91/", "source": "security@mozilla.org", "tags": []}], "published": "2025-11-11T16:15:39.000", "last_modified": "2026-04-13T15:16:43.183", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00025, "epss_percentile": 0.06918, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-13027", "description": "Memory safety bugs present in Firefox 144 and Thunderbird 144. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 145 and Thunderbird 145.", "cvss_score": 8.1, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-119"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1987237%2C1990079%2C1991715%2C1994994", "source": "security@mozilla.org", "tags": ["Broken Link"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-87/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-90/", "source": "security@mozilla.org", "tags": []}], "published": "2025-11-11T16:15:39.820", "last_modified": "2026-04-13T15:16:44.647", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00044, "epss_percentile": 0.13389, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-64759", "description": "Homarr is an open-source dashboard. Prior to version 1.43.3, stored XSS vulnerability exists, allowing the execution of arbitrary JavaScript in a user's browser, with minimal or no user interaction required, due to the rendering of a malicious uploaded SVG file. This could be abused to add an attacker's account to the \"credentials-admin\" group, giving them full administrative access, if a user logged in as an administrator was to view the page which renders or redirects to the SVG. This issue has been patched in version 1.43.3.", "cvss_score": 8.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-20", "CWE-434", "CWE-434"], "affected_products": [{"vendor": "homarr", "product": "homarr", "cpe": "cpe:2.3:a:homarr:homarr:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/homarr-labs/homarr/commit/aaa23f37321be1e110f722b36889b2fd3bea2059", "source": "security-advisories@github.com", "tags": ["Patch", "Permissions Required"]}, {"url": "https://github.com/homarr-labs/homarr/security/advisories/GHSA-wj62-c5gr-2x53", "source": "security-advisories@github.com", "tags": ["Patch", "Vendor Advisory"]}], "published": "2025-11-19T19:15:49.963", "last_modified": "2026-04-14T15:42:45.563", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00095, "epss_percentile": 0.26432, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1105", "name": "Ingress Tool Transfer", "tactic": "Command and Control"}], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-14322", "description": "Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.", "cvss_score": 8.0, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-754"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1996473", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-92/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-93/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-94/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-95/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-96/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-12-09T16:17:39.523", "last_modified": "2026-04-13T15:16:45.033", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00063, "epss_percentile": 0.19438, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-14333", "description": "Memory safety bugs present in Firefox ESR 140.5, Thunderbird ESR 140.5, Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.", "cvss_score": 8.1, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-787", "CWE-119"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1966501%2C1997639", "source": "security@mozilla.org", "tags": ["Broken Link", "Issue Tracking"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-92/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-94/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-95/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-96/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-12-09T16:17:40.990", "last_modified": "2026-04-13T15:16:47.033", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00086, "epss_percentile": 0.24811, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-40898", "description": "A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. An authenticated user with limited privileges, by uploading a specifically-crafted Arc data archive, can potentially write arbitrary files in arbitrary paths, altering the device configuration and/or affecting its availability.", "cvss_score": 8.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-22"], "affected_products": [{"vendor": "nozominetworks", "product": "cmc", "cpe": "cpe:2.3:a:nozominetworks:cmc:*:*:*:*:*:*:*:*"}, {"vendor": "nozominetworks", "product": "guardian", "cpe": "cpe:2.3:a:nozominetworks:guardian:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://security.nozominetworks.com/NN-2025:15-01", "source": "prodsec@nozominetworks.com", "tags": ["Mitigation", "Vendor Advisory"]}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-827968.html", "source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e", "tags": []}], "published": "2025-12-18T14:15:59.780", "last_modified": "2026-04-14T10:16:27.820", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00108, "epss_percentile": 0.29015, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1083", "name": "File and Directory Discovery", "tactic": "Discovery"}], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-14279", "description": "MLFlow versions up to and including 3.4.0 are vulnerable to DNS rebinding attacks due to a lack of Origin header validation in the MLFlow REST server. This vulnerability allows malicious websites to bypass Same-Origin Policy protections and execute unauthorized calls against REST endpoints. An attacker can query, update, and delete experiments via the affected endpoints, leading to potential data exfiltration, destruction, or manipulation. The issue is resolved in version 3.5.0.", "cvss_score": 8.1, "cvss_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-346"], "affected_products": [{"vendor": "lfprojects", "product": "mlflow", "cpe": "cpe:2.3:a:lfprojects:mlflow:*:-:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/mlflow/mlflow/commit/b0ffd289e9b0d0cc32c9e3a9b9f3843ae83dbec3", "source": "security@huntr.dev", "tags": ["Patch"]}, {"url": "https://huntr.com/bounties/ef478f72-2e4f-44dc-8055-fc06bef03108", "source": "security@huntr.dev", "tags": ["Third Party Advisory", "Exploit"]}], "published": "2026-01-12T09:15:50.577", "last_modified": "2026-04-14T15:05:13.430", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00023, "epss_percentile": 0.06059, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-0877", "description": "Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.", "cvss_score": 8.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-693"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1999257", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-02/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-03/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-05/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-01-13T14:16:38.270", "last_modified": "2026-04-13T15:17:15.810", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00024, "epss_percentile": 0.06258, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-0878", "description": "Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.", "cvss_score": 8.0, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-20", "CWE-119"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2003989", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-03/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-05/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-01-13T14:16:38.367", "last_modified": "2026-04-13T15:17:16.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00028, "epss_percentile": 0.07722, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-0891", "description": "Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.", "cvss_score": 8.1, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-119"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1964722%2C2000981%2C2003100%2C2003278", "source": "security@mozilla.org", "tags": ["Broken Link"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-03/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-05/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-01-13T14:16:39.627", "last_modified": "2026-04-13T15:17:18.613", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00025, "epss_percentile": 0.06658, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33010", "description": "mcp-memory-service is an open-source memory backend for multi-agent systems. Prior to version 10.25.1, when the HTTP server is enabled (MCP_HTTP_ENABLED=true), the application configures FastAPI's CORSMiddleware with allow_origins=['*'], allow_credentials=True, allow_methods=[\"*\"], and allow_headers=[\"*\"]. The wildcard Access-Control-Allow-Origin: * header permits any website to read API responses cross-origin. When combined with anonymous access (MCP_ALLOW_ANONYMOUS_ACCESS=true) - the simplest way to get the HTTP dashboard working without OAuth - no credentials are needed, so any malicious website can silently read, modify, and delete all stored memories. This issue has been patched in version 10.25.1.", "cvss_score": 8.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-942"], "affected_products": [{"vendor": "doobidoo", "product": "mcp-memory-service", "cpe": "cpe:2.3:a:doobidoo:mcp-memory-service:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/doobidoo/mcp-memory-service/security/advisories/GHSA-g9rg-8vq5-mpwm", "source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"]}, {"url": "https://github.com/doobidoo/mcp-memory-service/security/advisories/GHSA-g9rg-8vq5-mpwm", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"]}], "published": "2026-03-20T19:16:17.813", "last_modified": "2026-04-14T18:12:23.217", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00032, "epss_percentile": 0.09252, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4718", "description": "Undefined behavior in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.", "cvss_score": 8.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-758"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014864", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-03-24T13:16:07.700", "last_modified": "2026-04-13T15:17:43.610", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00012, "epss_percentile": 0.0166, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2024-14030", "description": "Sereal::Decoder versions from 4.000 through 4.009_002 for Perl embeds a vulnerable version of the Zstandard library.\n\nSereal::Decoder embeds a version of the Zstandard (zstd) library that is vulnerable to CVE-2019-11922.  This is a race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used.", "cvss_score": 8.1, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-787"], "affected_products": [{"vendor": "yves", "product": "sereal\\", "cpe": "cpe:2.3:a:yves:sereal\\:\\:decoder:*:*:*:*:*:perl:*:*"}], "references": [{"url": "https://github.com/advisories/GHSA-w77f-wv46-4vcx", "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "tags": ["Not Applicable"]}, {"url": "https://metacpan.org/release/YVES/Sereal-Decoder-4.010/changes", "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "tags": ["Release Notes"]}, {"url": "https://www.cve.org/CVERecord?id=CVE-2019-11922", "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "tags": ["Not Applicable"]}], "published": "2026-03-31T12:16:26.153", "last_modified": "2026-04-13T14:07:54.600", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00053, "epss_percentile": 0.16557, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2024-14031", "description": "Sereal::Encoder versions from 4.000 through 4.009_002 for Perl embeds a vulnerable version of the Zstandard library.\n\nSereal::Encoder embeds a version of the Zstandard (zstd) library that is vulnerable to CVE-2019-11922.  This is a race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used.", "cvss_score": 8.1, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-787"], "affected_products": [{"vendor": "yves", "product": "sereal\\", "cpe": "cpe:2.3:a:yves:sereal\\:\\:encoder:*:*:*:*:*:perl:*:*"}], "references": [{"url": "https://github.com/advisories/GHSA-w77f-wv46-4vcx", "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "tags": ["Not Applicable"]}, {"url": "https://metacpan.org/release/YVES/Sereal-Encoder-4.010/changes", "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "tags": ["Release Notes"]}, {"url": "https://www.cve.org/CVERecord?id=CVE-2019-11922", "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "tags": ["Not Applicable"]}], "published": "2026-03-31T12:16:26.310", "last_modified": "2026-04-13T12:53:12.687", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00053, "epss_percentile": 0.16557, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-0596", "description": "A command injection vulnerability exists in mlflow/mlflow when serving a model with `enable_mlserver=True`. The `model_uri` is embedded directly into a shell command executed via `bash -c` without proper sanitization. If the `model_uri` contains shell metacharacters, such as `$()` or backticks, it allows for command substitution and execution of attacker-controlled commands. This vulnerability affects the latest version of mlflow/mlflow and can lead to privilege escalation if a higher-privileged service serves models from a directory writable by lower-privileged users.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-78"], "affected_products": [{"vendor": "lfprojects", "product": "mlflow", "cpe": "cpe:2.3:a:lfprojects:mlflow:-:*:*:*:*:*:*:*"}], "references": [{"url": "https://huntr.com/bounties/2e905add-f9f5-4309-a3db-b17de5981285", "source": "security@huntr.dev", "tags": ["Third Party Advisory", "Exploit"]}], "published": "2026-03-31T15:16:10.843", "last_modified": "2026-04-14T16:01:29.660", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00352, "epss_percentile": 0.57658, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32726", "description": "SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass in path-based scope validation. The enforcer used a simple string-prefix comparison when checking whether a requested resource path was covered by a token's authorized scope path. Because the check did not require a path-segment boundary, a token scoped to one path could incorrectly authorize access to sibling paths that merely started with the same prefix. This issue has been patched in version 1.4.1.", "cvss_score": 8.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-863"], "affected_products": [{"vendor": "scitokens", "product": "scitokens_cpp_library", "cpe": "cpe:2.3:a:scitokens:scitokens_cpp_library:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/scitokens/scitokens-cpp/commit/decfe2f00cb9cabbf1e17a3bb2cd4ea1bbbd8a73", "source": "security-advisories@github.com", "tags": ["Patch"]}, {"url": "https://github.com/scitokens/scitokens-cpp/security/advisories/GHSA-q5fm-fgvx-32jq", "source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"]}, {"url": "https://github.com/scitokens/scitokens-cpp/security/advisories/GHSA-q5fm-fgvx-32jq", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"]}], "published": "2026-03-31T18:16:50.997", "last_modified": "2026-04-13T17:03:28.610", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00033, "epss_percentile": 0.09521, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34522", "description": "SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, a path traversal vulnerability in /api/chats/import allows an authenticated attacker to write attacker-controlled files outside the intended chats directory by injecting traversal sequences into character_name. This issue has been patched in version 1.17.0.", "cvss_score": 8.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-22", "CWE-73"], "affected_products": [{"vendor": "sillytavern", "product": "sillytavern", "cpe": "cpe:2.3:a:sillytavern:sillytavern:*:*:*:*:*:node.js:*:*"}], "references": [{"url": "https://github.com/SillyTavern/SillyTavern/releases/tag/1.17.0", "source": "security-advisories@github.com", "tags": ["Release Notes"]}, {"url": "https://github.com/SillyTavern/SillyTavern/security/advisories/GHSA-xvww-xhx6-22pf", "source": "security-advisories@github.com", "tags": ["Vendor Advisory", "Exploit"]}], "published": "2026-04-02T18:16:29.453", "last_modified": "2026-04-13T18:34:46.317", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00065, "epss_percentile": 0.20113, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1083", "name": "File and Directory Discovery", "tactic": "Discovery"}], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34759", "description": "OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, multiple notification API endpoints are registered without authentication middleware, while sibling endpoints in the same codebase correctly use ClusterKeyAuthorization.isAuthorizedServiceMiddleware. These endpoints are externally reachable via the Nginx proxy at /notification/. Combined with a projectId leak from the public Status Page API, an unauthenticated attacker can purchase phone numbers on the victim's Twilio account and delete all existing alerting numbers. This issue has been patched in version 10.0.42.", "cvss_score": 8.1, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-862"], "affected_products": [{"vendor": "hackerbay", "product": "oneuptime", "cpe": "cpe:2.3:a:hackerbay:oneuptime:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/OneUptime/oneuptime/commit/9adbd04538714740506708d6fa610e433be4d2a4", "source": "security-advisories@github.com", "tags": ["Patch"]}, {"url": "https://github.com/OneUptime/oneuptime/releases/tag/10.0.42", "source": "security-advisories@github.com", "tags": ["Product", "Release Notes"]}, {"url": "https://github.com/OneUptime/oneuptime/security/advisories/GHSA-6wc5-rhvj-cx7f", "source": "security-advisories@github.com", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}], "published": "2026-04-02T19:21:33.833", "last_modified": "2026-04-13T18:45:18.940", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00254, "epss_percentile": 0.48794, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.3, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34840", "description": "OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, OneUptime's SAML SSO implementation (App/FeatureSet/Identity/Utils/SSO.ts) has decoupled signature verification and identity extraction. isSignatureValid() verifies the first <Signature> element in the XML DOM using xml-crypto, while getEmail() always reads from assertion[0] via xml2js. An attacker can prepend an unsigned assertion containing an arbitrary identity before a legitimately signed assertion, resulting in authentication bypass. This issue has been patched in version 10.0.42.", "cvss_score": 8.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-347"], "affected_products": [{"vendor": "hackerbay", "product": "oneuptime", "cpe": "cpe:2.3:a:hackerbay:oneuptime:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/OneUptime/oneuptime/commit/2fd7ede52f60444710628d6c1b34dee2ef9e57d1", "source": "security-advisories@github.com", "tags": ["Patch"]}, {"url": "https://github.com/OneUptime/oneuptime/releases/tag/10.0.42", "source": "security-advisories@github.com", "tags": ["Product", "Release Notes"]}, {"url": "https://github.com/OneUptime/oneuptime/security/advisories/GHSA-5w5c-766x-265g", "source": "security-advisories@github.com", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}], "published": "2026-04-02T20:16:28.357", "last_modified": "2026-04-13T18:46:00.960", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0006, "epss_percentile": 0.18662, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-25726", "description": "Cloudreve is a self-hosted file management and sharing system. Prior to version 4.13.0, the application uses the weak pseudo-random number generator math/rand seeded with time.Now().UnixNano() to generate critical security secrets, including the secret_key, and hash_id_salt. These secrets are generated upon first startup and persisted in the database. An attacker can exploit this by obtaining the administrator's account creation time (via public API endpoints) to narrow the search window for the PRNG seed, and use known hashid to validate the seed. By brute-forcing the seed (demonstrated to take <3 hours on general consumer PC), an attacker can predict the secret_key. This allows them to forge valid JSON Web Tokens (JWTs) for any user, including administrators, leading to full account takeover and privilege escalation. This issue has been patched in version 4.13.0.", "cvss_score": 8.1, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-338"], "affected_products": [{"vendor": "cloudreve", "product": "cloudreve", "cpe": "cpe:2.3:a:cloudreve:cloudreve:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/cloudreve/cloudreve/releases/tag/4.13.0", "source": "security-advisories@github.com", "tags": ["Product", "Release Notes"]}, {"url": "https://github.com/cloudreve/cloudreve/security/advisories/GHSA-f8xp-wvcx-p6f4", "source": "security-advisories@github.com", "tags": ["Mitigation", "Vendor Advisory"]}], "published": "2026-04-03T20:16:02.263", "last_modified": "2026-04-13T18:31:43.283", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00063, "epss_percentile": 0.19352, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-22661", "description": "prompts.chat prior to commit 0f8d4c3 contains a path traversal vulnerability in skill file handling that allows attackers to write arbitrary files to the client system by crafting malicious ZIP archives with unsanitized filenames containing path traversal sequences. Attackers can exploit missing server-side filename validation to inject path traversal sequences ../ into skill file archives, which when extracted by vulnerable tools write files outside the intended directory and overwrite shell initialization files to achieve code execution.", "cvss_score": 8.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-22"], "affected_products": [{"vendor": "fka", "product": "prompts.chat", "cpe": "cpe:2.3:a:fka:prompts.chat:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/f/prompts.chat/commit/0f8d4c381abd7b2d7478c9fdee9522149c2d65e5", "source": "disclosure@vulncheck.com", "tags": ["Patch"]}, {"url": "https://github.com/f/prompts.chat/pull/1101", "source": "disclosure@vulncheck.com", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"]}, {"url": "https://www.vulncheck.com/advisories/prompts-chat-path-traversal-via-skill-file-handling", "source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"]}], "published": "2026-04-03T21:17:08.970", "last_modified": "2026-04-13T18:23:32.647", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00078, "epss_percentile": 0.23197, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1083", "name": "File and Directory Discovery", "tactic": "Discovery"}], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-22665", "description": "prompts.chat prior to commit 1464475 contains an identity confusion vulnerability due to inconsistent case-sensitive and case-insensitive handling of usernames across write and read paths, allowing attackers to create case-variant usernames that bypass uniqueness checks. Attackers can exploit non-deterministic username resolution to impersonate victim accounts, replace profile content on canonical URLs, and inject attacker-controlled metadata and content across the platform.", "cvss_score": 8.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-178"], "affected_products": [{"vendor": "fka", "product": "prompts.chat", "cpe": "cpe:2.3:a:fka:prompts.chat:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/f/prompts.chat/commit/1464475df2698fb7ccd0cdbc382b0750466f891d", "source": "disclosure@vulncheck.com", "tags": ["Patch"]}, {"url": "https://github.com/f/prompts.chat/pull/1098", "source": "disclosure@vulncheck.com", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"]}, {"url": "https://www.vulncheck.com/advisories/prompts-chat-identity-confusion-via-case-sensitive-username-handling", "source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"]}], "published": "2026-04-03T21:17:09.693", "last_modified": "2026-04-13T18:10:46.217", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00032, "epss_percentile": 0.09004, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34783", "description": "Ferret is a declarative system for working with web data. Prior to 2.0.0-alpha.4, a path traversal vulnerability in Ferret's IO::FS::WRITE standard library function allows a malicious website to write arbitrary files to the filesystem of the machine running Ferret. When an operator scrapes a website that returns filenames containing ../ sequences, and uses those filenames to construct output paths (a standard scraping pattern), the attacker controls both the destination path and the file content. This can lead to remote code execution via cron jobs, SSH authorized_keys, shell profiles, or web shells. This vulnerability is fixed in 2.0.0-alpha.4.", "cvss_score": 8.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-22", "CWE-73"], "affected_products": [{"vendor": "montferret", "product": "ferret", "cpe": "cpe:2.3:a:montferret:ferret:*:*:*:*:*:go:*:*"}, {"vendor": "montferret", "product": "ferret", "cpe": "cpe:2.3:a:montferret:ferret:2.0.0:alpha1:*:*:*:go:*:*"}, {"vendor": "montferret", "product": "ferret", "cpe": "cpe:2.3:a:montferret:ferret:2.0.0:alpha2:*:*:*:go:*:*"}, {"vendor": "montferret", "product": "ferret", "cpe": "cpe:2.3:a:montferret:ferret:2.0.0:alpha3:*:*:*:go:*:*"}], "references": [{"url": "https://github.com/MontFerret/ferret/commit/160ebad6bd50f153453e120f6d909f5b83322917", "source": "security-advisories@github.com", "tags": ["Patch"]}, {"url": "https://github.com/MontFerret/ferret/security/advisories/GHSA-j6v5-g24h-vg4j", "source": "security-advisories@github.com", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}, {"url": "https://github.com/MontFerret/ferret/security/advisories/GHSA-j6v5-g24h-vg4j", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}], "published": "2026-04-06T17:17:10.430", "last_modified": "2026-04-14T20:28:17.990", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00169, "epss_percentile": 0.38069, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1083", "name": "File and Directory Discovery", "tactic": "Discovery"}], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-30814", "description": "A stack-based buffer overflow in the tmpServer module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to trigger a segmentation fault and potentially execute arbitrary code via a specially crafted configuration file. Successful exploitation may cause a crash and could allow arbitrary code execution, enabling modification of device state, exposure of sensitive data, or further compromise of device integrity.\n\nThis issue affects AX53 v1.0: before 1.7.1 Build 20260213.", "cvss_score": 8.0, "cvss_vector": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-121", "CWE-787"], "affected_products": [{"vendor": "tp-link", "product": "archer_ax53_firmware", "cpe": "cpe:2.3:o:tp-link:archer_ax53_firmware:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://talosintelligence.com/vulnerability_reports/", "source": "f23511db-6c3e-4e32-a477-6aa17d310630", "tags": ["Third Party Advisory"]}, {"url": "https://www.tp-link.com/en/support/download/archer-ax53/v1/#Firmware", "source": "f23511db-6c3e-4e32-a477-6aa17d310630", "tags": ["Product"]}, {"url": "https://www.tp-link.com/my/support/download/archer-ax53/v1/#Firmware", "source": "f23511db-6c3e-4e32-a477-6aa17d310630", "tags": ["Product"]}, {"url": "https://www.tp-link.com/us/support/faq/5055/", "source": "f23511db-6c3e-4e32-a477-6aa17d310630", "tags": ["Vendor Advisory"]}], "published": "2026-04-08T19:25:20.140", "last_modified": "2026-04-14T16:19:31.173", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00024, "epss_percentile": 0.06287, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-30815", "description": "An OS command injection vulnerability in the OpenVPN module\nof TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to execute system commands when a specially crafted configuration file is processed due to insufficient input validation. Successful exploitation may allow modification of configuration files, disclosure of sensitive information, or further compromise of device integrity.\n\nThis issue affects AX53 v1.0: before 1.7.1 Build 20260213.", "cvss_score": 8.0, "cvss_vector": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-78"], "affected_products": [{"vendor": "tp-link", "product": "archer_ax53_firmware", "cpe": "cpe:2.3:o:tp-link:archer_ax53_firmware:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://talosintelligence.com/vulnerability_reports/", "source": "f23511db-6c3e-4e32-a477-6aa17d310630", "tags": ["Third Party Advisory"]}, {"url": "https://www.tp-link.com/en/support/download/archer-ax53/v1/#Firmware", "source": "f23511db-6c3e-4e32-a477-6aa17d310630", "tags": ["Product"]}, {"url": "https://www.tp-link.com/my/support/download/archer-ax53/v1/#Firmware", "source": "f23511db-6c3e-4e32-a477-6aa17d310630", "tags": ["Product"]}, {"url": "https://www.tp-link.com/us/support/faq/5055/", "source": "f23511db-6c3e-4e32-a477-6aa17d310630", "tags": ["Vendor Advisory"]}], "published": "2026-04-08T19:25:20.320", "last_modified": "2026-04-14T16:19:40.307", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00445, "epss_percentile": 0.63436, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.0, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-30818", "description": "An OS command injection vulnerability in the dnsmasq module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to execute arbitrary code when a specially crafted configuration file is processed due to insufficient input validation. Successful exploitation may allow the attacker to modify device configuration, access sensitive information, or further compromise system integrity.\n\nThis issue affects AX53 v1.0: before 1.7.1 Build 20260213.", "cvss_score": 8.0, "cvss_vector": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-78"], "affected_products": [{"vendor": "tp-link", "product": "archer_ax53_firmware", "cpe": "cpe:2.3:o:tp-link:archer_ax53_firmware:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://talosintelligence.com/vulnerability_reports/", "source": "f23511db-6c3e-4e32-a477-6aa17d310630", "tags": ["Third Party Advisory"]}, {"url": "https://www.tp-link.com/en/support/download/archer-ax53/v1/#Firmware", "source": "f23511db-6c3e-4e32-a477-6aa17d310630", "tags": ["Product"]}, {"url": "https://www.tp-link.com/my/support/download/archer-ax53/v1/#Firmware", "source": "f23511db-6c3e-4e32-a477-6aa17d310630", "tags": ["Product"]}, {"url": "https://www.tp-link.com/us/support/faq/5055/", "source": "f23511db-6c3e-4e32-a477-6aa17d310630", "tags": ["Vendor Advisory"]}], "published": "2026-04-08T19:25:20.770", "last_modified": "2026-04-14T16:20:09.600", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00563, "epss_percentile": 0.68378, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.0, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5907", "description": "Insufficient data validation in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory read via a crafted video file. (Chromium security severity: Low)", "cvss_score": 8.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-125"], "affected_products": [{"vendor": "google", "product": "chrome", "cpe": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html", "source": "chrome-cve-admin@google.com", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://issues.chromium.org/issues/484665123", "source": "chrome-cve-admin@google.com", "tags": ["Permissions Required"]}], "published": "2026-04-08T22:16:30.580", "last_modified": "2026-04-14T14:46:10.033", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00073, "epss_percentile": 0.22161, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5913", "description": "Out of bounds read in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Low)", "cvss_score": 8.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-125", "CWE-125"], "affected_products": [{"vendor": "google", "product": "chrome", "cpe": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html", "source": "chrome-cve-admin@google.com", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://issues.chromium.org/issues/487195286", "source": "chrome-cve-admin@google.com", "tags": ["Permissions Required"]}], "published": "2026-04-08T22:16:31.220", "last_modified": "2026-04-14T14:11:14.140", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00073, "epss_percentile": 0.22161, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5915", "description": "Insufficient validation of untrusted input in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Low)", "cvss_score": 8.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-20", "CWE-20"], "affected_products": [{"vendor": "google", "product": "chrome", "cpe": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html", "source": "chrome-cve-admin@google.com", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://issues.chromium.org/issues/494341335", "source": "chrome-cve-admin@google.com", "tags": ["Permissions Required"]}], "published": "2026-04-08T22:16:31.460", "last_modified": "2026-04-14T14:09:24.603", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00059, "epss_percentile": 0.18461, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40070", "description": "BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.3.1 to before 0.8.2, BSV::Wallet::WalletClient#acquire_certificate persists certificate records to storage without verifying the certifier's signature over the certificate contents. In acquisition_protocol: 'direct', the caller supplies all certificate fields (including signature:) and the record is written to storage verbatim. In acquisition_protocol: 'issuance', the client POSTs to a certifier URL and writes whatever signature the response body contains, also without verification. An attacker who can reach either API (or who controls a certifier endpoint targeted by the issuance path) can forge identity certificates that subsequently appear authentic to list_certificates and prove_certificate.", "cvss_score": 8.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-347"], "affected_products": [], "references": [{"url": "https://brc.dev/52", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/sgbett/bsv-ruby-sdk/commit/4992e8a265fd914a7eeb0405c69d1ff0122a84cc", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/sgbett/bsv-ruby-sdk/issues/305", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/sgbett/bsv-ruby-sdk/pull/306", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/sgbett/bsv-ruby-sdk/security/advisories/GHSA-hc36-c89j-5f4j", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/sgbett/bsv-ruby-sdk/security/advisories/GHSA-hc36-c89j-5f4j", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": []}], "published": "2026-04-09T18:17:03.203", "last_modified": "2026-04-13T16:16:31.350", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00013, "epss_percentile": 0.01948, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40093", "description": "nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In 1.3.0 and earlier, block timestamp validation enforces that timestamp >= parent.timestamp for non-skip blocks and timestamp == parent.timestamp + MIN_PRODUCER_TIMEOUT for skip blocks, but there is no visible upper bound check against the wall clock. A malicious block-producing validator can set block timestamps arbitrarily far in the future. This directly affects reward calculations via Policy::supply_at() and batch_delay() in blockchain/src/reward.rs, inflating the monetary supply beyond the intended emission schedule.", "cvss_score": 8.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-1284"], "affected_products": [], "references": [{"url": "https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-49xc-52mp-cc9j", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-09T21:16:11.937", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00059, "epss_percentile": 0.18276, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34512", "description": "OpenClaw before 2026.3.25 contains an improper access control vulnerability in the HTTP /sessions/:sessionKey/kill route that allows any bearer-authenticated user to invoke admin-level session termination functions without proper scope validation. Attackers can exploit this by sending authenticated requests to kill arbitrary subagent sessions via the killSubagentRunAdmin function, bypassing ownership and operator scope restrictions.", "cvss_score": 8.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-863"], "affected_products": [], "references": [{"url": "https://github.com/openclaw/openclaw/commit/02cf12371f9353a16455da01cc02e6c4ecfc4152", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-9p93-7j67-5pc2", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/openclaw-improper-access-control-in-sessions-sessionkey-kill-endpoint", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-09T22:16:29.757", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00034, "epss_percentile": 0.1004, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35645", "description": "OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in the gateway plugin subagent fallback deleteSession function that uses a synthetic operator.admin runtime scope. Attackers can exploit this by triggering session deletion without a request-scoped client to execute privileged operations with unintended administrative scope.", "cvss_score": 8.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-648"], "affected_products": [], "references": [{"url": "https://github.com/openclaw/openclaw/commit/b5d785f1a59a56c3471f2cef328f7c9a6c15f3e7", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-h4jx-hjr3-fhgc", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-synthetic-operator-admin-in-deletesession", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-09T22:16:34.050", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00034, "epss_percentile": 0.1004, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40149", "description": "PraisonAI is a multi-agent teams system. Prior to 4.5.128, the gateway's /api/approval/allow-list endpoint permits unauthenticated modification of the tool approval allowlist when no auth_token is configured (the default). By adding dangerous tool names (e.g., shell_exec, file_write) to the allowlist, an attacker can cause the ExecApprovalManager to auto-approve all future agent invocations of those tools, bypassing the human-in-the-loop safety mechanism that the approval system is specifically designed to enforce. This vulnerability is fixed in 4.5.128.", "cvss_score": 7.9, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-396"], "affected_products": [], "references": [{"url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-4wr3-f4p3-5wjh", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-4wr3-f4p3-5wjh", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": []}], "published": "2026-04-09T22:16:35.750", "last_modified": "2026-04-13T16:16:31.887", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00012, "epss_percentile": 0.01582, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 23.7, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4351", "description": "The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in all versions up to, and including, 2.5.9. This is due to the `PMCS::action_handler()` method processing the bulk action `activate`/`deactivate` handlers without any authorization check or nonce verification. The `$_GET['snippets'][]` values are passed unsanitized to `Snippet::activate()`/`Snippet::deactivate()` which call `Snippet::update()` then `file_put_contents()` with the traversed path. This makes it possible for authenticated attackers, with Subscriber-level access and above, to overwrite arbitrary files on the server with a fixed PHP docblock content, potentially causing denial of service by corrupting critical files like `.htaccess` or `index.php`.", "cvss_score": 8.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-22"], "affected_products": [], "references": [{"url": "https://perfmatters.io/docs/changelog/", "source": "security@wordfence.com", "tags": []}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c172ab2b-ce1f-4a0d-b31f-b75ff2f03506?source=cve", "source": "security@wordfence.com", "tags": []}], "published": "2026-04-10T02:16:03.553", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00055, "epss_percentile": 0.17084, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1083", "name": "File and Directory Discovery", "tactic": "Discovery"}], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2021-47961", "description": "A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access or influence the user's PIN code due to insecure storage. This may lead to unauthorized VPN configuration and potential interception of subsequent VPN traffic when combined with user interaction.", "cvss_score": 8.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-256"], "affected_products": [], "references": [{"url": "https://www.synology.com/en-global/security/advisory/Synology_SA_26_05", "source": "security@synology.com", "tags": []}], "published": "2026-04-10T10:16:03.913", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00041, "epss_percentile": 0.12262, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-58913", "description": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CactusThemes VideoPro allows PHP Local File Inclusion.This issue affects VideoPro: from n/a through 2.3.8.1.", "cvss_score": 8.1, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-98"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/wordpress/theme/videopro/vulnerability/wordpress-videopro-theme-2-3-8-1-local-file-inclusion-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-10T14:16:25.127", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00115, "epss_percentile": 0.30058, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35653", "description": "OpenClaw before 2026.3.24 contains an incorrect authorization vulnerability in the POST /reset-profile endpoint that allows authenticated callers with operator.write access to browser.request to bypass profile mutation restrictions. Attackers can invoke POST /reset-profile through the browser.request surface to stop the running browser, close Playwright connections, and move profile directories to Trash, crossing intended privilege boundaries.", "cvss_score": 8.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-863"], "affected_products": [{"vendor": "openclaw", "product": "openclaw", "cpe": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*"}], "references": [{"url": "https://github.com/openclaw/openclaw/commit/4dcc39c25c6cc63fedfd004f52d173716576fcf0", "source": "disclosure@vulncheck.com", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/commit/e7d11f6c33e223a0dd8a21cfe01076bd76cef87a", "source": "disclosure@vulncheck.com", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-xp9r-prpg-373r", "source": "disclosure@vulncheck.com", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}, {"url": "https://www.vulncheck.com/advisories/openclaw-incorrect-authorization-in-post-reset-profile-via-browser-request", "source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"]}], "published": "2026-04-10T17:17:06.170", "last_modified": "2026-04-13T21:06:38.420", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0005, "epss_percentile": 0.15322, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35660", "description": "OpenClaw before 2026.3.23 contains an insufficient access control vulnerability in the Gateway agent /reset endpoint that allows callers with operator.write permission to reset admin sessions. Attackers with operator.write privileges can invoke /reset or /new messages with an explicit sessionKey to bypass operator.admin requirements and reset arbitrary sessions.", "cvss_score": 8.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-862"], "affected_products": [{"vendor": "openclaw", "product": "openclaw", "cpe": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*"}], "references": [{"url": "https://github.com/openclaw/openclaw/commit/50f6a2f136fed85b58548a38f7a3dbb98d2cd1a0", "source": "disclosure@vulncheck.com", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87", "source": "disclosure@vulncheck.com", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-wq58-2pvg-5h4f", "source": "disclosure@vulncheck.com", "tags": ["Vendor Advisory"]}, {"url": "https://www.vulncheck.com/advisories/openclaw-insufficient-access-control-in-gateway-agent-session-reset", "source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"]}], "published": "2026-04-10T17:17:07.493", "last_modified": "2026-04-13T20:32:00.390", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0004, "epss_percentile": 0.12059, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40200", "description": "An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms (or the 64th Leonardo number on 64-bit platforms, which is not practical).", "cvss_score": 8.1, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-670"], "affected_products": [], "references": [{"url": "https://musl.libc.org/releases.html", "source": "cve@mitre.org", "tags": []}, {"url": "https://www.openwall.com/lists/oss-security/2026/04/10/13", "source": "cve@mitre.org", "tags": []}, {"url": "http://www.openwall.com/lists/oss-security/2026/04/10/13", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2026-04-10T17:17:14.107", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00014, "epss_percentile": 0.02481, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40393", "description": "In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party, and is then used for alloca.", "cvss_score": 8.1, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-787"], "affected_products": [], "references": [{"url": "https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/39866", "source": "cve@mitre.org", "tags": []}, {"url": "https://lists.freedesktop.org/archives/mesa-dev/2026-February/226597.html", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-12T19:16:20.797", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00043, "epss_percentile": 0.12876, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-25208", "description": "Integer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335.", "cvss_score": 8.1, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-190"], "affected_products": [], "references": [{"url": "https://github.com/Samsung/escargot/pull/1554", "source": "PSIRT@samsung.com", "tags": []}], "published": "2026-04-13T05:16:02.800", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00043, "epss_percentile": 0.12876, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-31281", "description": "Totara LMS v19.1.5 and before is vulnerable to HTLM Injection. An attacker can inject malicious HTLM code in a message and send it to all the users in the application, resulting in executing the code and may lead to session hijacking and executing commands on the victim's browser.", "cvss_score": 8.0, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://github.com/saykino/CVE-2026-31281", "source": "cve@mitre.org", "tags": []}, {"url": "https://www.totara.com/", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-13T15:17:32.973", "last_modified": "2026-04-14T17:16:49.860", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00018, "epss_percentile": 0.04749, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-28291", "description": "simple-git enables running native Git commands from JavaScript. Versions up to and including 3.31.1 allow execution of arbitrary commands through Git option manipulation, bypassing safety checks meant to block dangerous options like -u and --upload-pack. The flaw stems from an incomplete fix for CVE-2022-25860, as Git's flexible option parsing allows numerous character combinations (e.g., -vu, -4u, -nu) to circumvent the regular-expression-based blocklist in the unsafe operations plugin. Due to the virtually infinite number of valid option variants that Git accepts, a complete blocklist-based mitigation may be infeasible without fully emulating Git's option parsing behavior. This issue has been fixed in version 3.32.0.", "cvss_score": 8.1, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-78"], "affected_products": [], "references": [{"url": "https://github.com/steveukx/git-js/blob/789c13ebabcf18ebe0b3a0c88ebb4037dede42e3/simple-git/src/lib/plugins/block-unsafe-operations-plugin.ts#L26", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/steveukx/git-js/commit/1effd8e5012a5da05a9776512fac3e39b11f2d2d", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/steveukx/git-js/releases/tag/simple-git%403.32.0", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/steveukx/git-js/security/advisories/GHSA-jcxm-m3jx-f287", "source": "security-advisories@github.com", "tags": []}, {"url": "https://www.cve.org/CVERecord?id=CVE-2022-25860", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/steveukx/git-js/security/advisories/GHSA-jcxm-m3jx-f287", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": []}], "published": "2026-04-13T18:16:28.760", "last_modified": "2026-04-14T17:16:48.767", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00095, "epss_percentile": 0.26379, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-22828", "description": "A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer Cloud 7.6.2 through 7.6.4, FortiManager Cloud 7.6.2 through 7.6.4 may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. Successful exploitation would require a large amount of effort in preparation because of ASLR and network segmentation", "cvss_score": 8.1, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-122"], "affected_products": [], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-121", "source": "psirt@fortinet.com", "tags": []}], "published": "2026-04-14T16:16:37.110", "last_modified": "2026-04-14T16:16:37.110", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-38530", "description": "A Broken Object-Level Authorization (BOLA) in the /Controllers/Lead/LeadController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily read, modify, and permanently delete any lead owned by other users via supplying a crafted GET request.", "cvss_score": 8.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-639"], "affected_products": [], "references": [{"url": "https://github.com/TREXNEGRO/Security-Advisories/tree/main/CVE-2026-38530", "source": "cve@mitre.org", "tags": []}, {"url": "https://github.com/krayin/laravel-crm", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-14T16:16:43.697", "last_modified": "2026-04-14T18:17:37.993", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-38532", "description": "A Broken Object-Level Authorization (BOLA) in the /Contact/Persons/PersonController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily read, modify, and permanently delete any contact owned by other users via supplying a crafted GET request.", "cvss_score": 8.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-639"], "affected_products": [], "references": [{"url": "https://github.com/TREXNEGRO/Security-Advisories/tree/main/CVE-2026-38532", "source": "cve@mitre.org", "tags": []}, {"url": "https://github.com/krayin/laravel-crm", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-14T16:16:43.830", "last_modified": "2026-04-14T18:17:38.140", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27912", "description": "Improper authorization in Windows Kerberos allows an authorized attacker to elevate privileges over an adjacent network.", "cvss_score": 8.0, "cvss_vector": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-285"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27912", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:16:58.600", "last_modified": "2026-04-14T18:16:58.600", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33826", "description": "Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent network.", "cvss_score": 8.0, "cvss_vector": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-20"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33826", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:35.267", "last_modified": "2026-04-14T18:17:35.267", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33827", "description": "Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over a network.", "cvss_score": 8.1, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-362"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33827", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:35.510", "last_modified": "2026-04-14T18:17:35.510", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}], "ats_score": 24, "ats_level": "LOW", "ats_breakdown": {"severity": 24.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2022-36324", "description": "Affected devices do not properly handle the renegotiation of SSL/TLS parameters. This could allow an unauthenticated remote attacker to bypass the TCP brute force prevention and lead to a denial of service condition for the duration of the attack.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-770", "CWE-770"], "affected_products": [{"vendor": "siemens", "product": "scalance_m-800_firmware", "cpe": "cpe:2.3:o:siemens:scalance_m-800_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_s615_firmware", "cpe": "cpe:2.3:o:siemens:scalance_s615_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_w700_ieee_802.11ax_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w700_ieee_802.11ax_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_w700_ieee_802.11n_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w700_ieee_802.11n_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_w700_ieee_802.11ac_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w700_ieee_802.11ac_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xb-200_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xb-200_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xb205-3_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xb205-3_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xb205-3ld_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xb205-3ld_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xb208_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xb208_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xb213-3_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xb213-3_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xb213-3ld_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xb213-3ld_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xb216_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xb216_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc-200_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc-200_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc206-2_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc206-2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc206-2g_poe__firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc206-2g_poe__firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc206-2g_poe_eec_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc206-2g_poe_eec_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc206-2sfp_eec_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc206-2sfp_eec_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc206-2sfp_g_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc206-2sfp_g_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc206-2sfp_g_\\(e\\/ip\\)_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc206-2sfp_g_\\(e\\/ip\\)_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc206-2sfp_g_eec_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc206-2sfp_g_eec_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc208_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc208_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc208eec_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc208eec_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc208g_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc208g_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc208g_\\(e\\/ip\\)_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc208g_\\(e\\/ip\\)_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc208g_eec_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc208g_eec_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc208g_poe_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc208g_poe_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc216_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc216_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc216-4c_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc216-4c_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc216-4c_g_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc216-4c_g_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc216-4c_g_\\(e\\/ip\\)_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc216-4c_g_\\(e\\/ip\\)_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc216-4c_g_eec_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc216-4c_g_eec_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc216eec_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc216eec_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc224__firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc224__firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc224-4c_g__firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc224-4c_g__firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc224-4c_g_\\(e\\/ip\\)_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc224-4c_g_\\(e\\/ip\\)_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc224-4c_g_eec_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc224-4c_g_eec_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xf-200ba_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xf-200ba_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xf204-2ba_dna_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xf204-2ba_dna_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xf204-2ba_irt_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xf204-2ba_irt_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xm400_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xm400_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xm408-4c_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xm408-4c_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xm408-4c_l3_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xm408-4c_l3_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xm408-8c_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xm408-8c_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xm408-8c_l3_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xm408-8c_l3_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xm416-4c_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xm416-4c_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xm416-4c_l3_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xm416-4c_l3_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xp-200_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xp-200_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xp208_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xp208_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xp208_\\(eip\\)_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xp208_\\(eip\\)_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xp208eec_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xp208eec_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xp208poe_eec_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xp208poe_eec_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xp216_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xp216_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xp216_\\(eip\\)_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xp216_\\(eip\\)_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xp216eec_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xp216eec_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xp216poe_eec_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xp216poe_eec_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr-300_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr-300_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr-300eec_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr-300eec_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr-300poe_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr-300poe_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr-300wg_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr-300wg_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr324-12m_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr324-12m_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr324-12m_ts_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr324-12m_ts_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr324-4m_eec_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr324-4m_eec_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr324-4m_poe_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr324-4m_poe_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr324-4m_poe_ts_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr324-4m_poe_ts_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr324wg_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr324wg_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr326-2c_poe_wg_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr326-2c_poe_wg_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr328-4c_wg_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr328-4c_wg_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr500_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr500_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr524_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr524_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr524-8c_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr524-8c_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr524-8c_l3_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr524-8c_l3_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr526_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr526_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr526-8c_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr526-8c_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr526-8c_l3_firmware", "cpe": "cpe:2.3:h:siemens:scalance_xr526-8c_l3_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr528_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr528_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr528-6m_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr528-6m_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr528-6m_2hr2_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr528-6m_2hr2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr528-6m_2hr2_l3_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr528-6m_2hr2_l3_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr528-6m_l3_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr528-6m_l3_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr552_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr552_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr552-12_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr552-12_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr552-12m_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr552-12m_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr552-12m_2hr2_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr552-12m_2hr2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr552-12m_2hr2_l3_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr552-12m_2hr2_l3_firmware:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-019200.html", "source": "productcert@siemens.com", "tags": []}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-710008.html", "source": "productcert@siemens.com", "tags": []}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-710008.pdf", "source": "productcert@siemens.com", "tags": ["Mitigation", "Vendor Advisory"]}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-710008.pdf", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Vendor Advisory"]}], "published": "2022-08-10T12:15:12.930", "last_modified": "2026-04-14T09:16:30.903", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.01536, "epss_percentile": 0.81343, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.4, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2022-38767", "description": "An issue was discovered in Wind River VxWorks 6.9 and 7, that allows a specifically crafted packet sent by a Radius server, may cause Denial of Service during the IP Radius access procedure.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": [], "affected_products": [{"vendor": "windriver", "product": "vxworks", "cpe": "cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*"}, {"vendor": "windriver", "product": "vxworks", "cpe": "cpe:2.3:o:windriver:vxworks:6.9.4.12:-:*:*:*:*:*:*"}, {"vendor": "windriver", "product": "vxworks", "cpe": "cpe:2.3:o:windriver:vxworks:6.9.4.12:rolling_cumulative_patch_layer1:*:*:*:*:*:*"}, {"vendor": "windriver", "product": "vxworks", "cpe": "cpe:2.3:o:windriver:vxworks:6.9.4.12:rolling_cumulative_patch_layer2:*:*:*:*:*:*"}, {"vendor": "windriver", "product": "vxworks", "cpe": "cpe:2.3:o:windriver:vxworks:6.9.4.12:rolling_cumulative_patch_layer3:*:*:*:*:*:*"}, {"vendor": "windriver", "product": "vxworks", "cpe": "cpe:2.3:o:windriver:vxworks:6.9.4.12:rolling_cumulative_patch_layer4:*:*:*:*:*:*"}, {"vendor": "windriver", "product": "vxworks", "cpe": "cpe:2.3:o:windriver:vxworks:6.9.4.12:rolling_cumulative_patch_layer5:*:*:*:*:*:*"}, {"vendor": "windriver", "product": "vxworks", "cpe": "cpe:2.3:o:windriver:vxworks:7.0:*:*:*:*:*:*:*"}], "references": [{"url": "https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2022-38767", "source": "cve@mitre.org", "tags": ["Vendor Advisory"]}, {"url": "https://windriver.com", "source": "cve@mitre.org", "tags": ["Vendor Advisory"]}, {"url": "https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2022-38767", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"]}, {"url": "https://windriver.com", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"]}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-726834.html", "source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e", "tags": []}], "published": "2022-11-25T15:15:10.453", "last_modified": "2026-04-14T10:16:25.027", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00405, "epss_percentile": 0.61052, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-0241", "description": "When segmenting specially crafted text, segmentation would corrupt memory leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6.", "cvss_score": 7.7, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-401"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1933023", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-01/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-02/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-04/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-05/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00004.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-01-07T16:15:38.767", "last_modified": "2026-04-13T15:16:32.930", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00074, "epss_percentile": 0.22378, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-1012", "description": "A race during concurrent delazification could have led to a use-after-free. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-416", "CWE-416"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1939710", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-07/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-08/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-09/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-10/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-11/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00005.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00006.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-02-04T14:15:32.000", "last_modified": "2026-04-13T15:16:49.693", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00427, "epss_percentile": 0.62407, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-1931", "description": "It was possible to cause a use-after-free in the content process side of a WebTransport connection, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-416"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1944126", "source": "security@mozilla.org", "tags": ["Issue Tracking"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-14/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-15/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-16/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-17/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-18/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00006.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-03-04T14:15:37.963", "last_modified": "2026-04-13T15:16:51.800", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00322, "epss_percentile": 0.55278, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-1933", "description": "On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. This can potentially cause them to be treated as a different type. This vulnerability was fixed in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.", "cvss_score": 7.6, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "cvss_severity": "HIGH", "cwes": [], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1946004", "source": "security@mozilla.org", "tags": ["Issue Tracking"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-14/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-15/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-16/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-17/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-18/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00006.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-03-04T14:15:38.170", "last_modified": "2026-04-13T15:16:52.223", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00406, "epss_percentile": 0.61085, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 22.8, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-1937", "description": "Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-1260"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1938471%2C1940716", "source": "security@mozilla.org", "tags": ["Exploit"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-14/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-15/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-16/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-17/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-18/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2025/03/10/6", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00006.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-03-04T14:15:38.610", "last_modified": "2026-04-13T15:16:53.020", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00213, "epss_percentile": 0.4384, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-3033", "description": "After selecting a malicious Windows `.url` shortcut from the local filesystem, an unexpected file could be uploaded.  \n*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability was fixed in Firefox 137 and Thunderbird 137.", "cvss_score": 7.7, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-73"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1950056", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-20/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-23/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-04-01T13:15:41.697", "last_modified": "2026-04-13T15:16:57.157", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00076, "epss_percentile": 0.22806, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-3875", "description": "Thunderbird parses addresses in a way that can allow sender spoofing in case the server allows an invalid From address to be used. For example, if the From header contains an (invalid) value \"Spoofed Name  \", Thunderbird treats spoofed@example.com as the actual address. This vulnerability was fixed in Thunderbird 128.10.1 and Thunderbird 138.0.1.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-290"], "affected_products": [{"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1950629", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-34/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-35/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00022.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-05-14T17:15:48.470", "last_modified": "2026-04-13T15:16:58.377", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00375, "epss_percentile": 0.59166, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-5687", "description": "A vulnerability in Mozilla VPN on macOS allows privilege escalation from a normal user to root.\n*This bug only affects Mozilla VPN on macOS. Other operating systems are unaffected.*. This vulnerability was fixed in Mozilla VPN 2.28.0 (macOS).", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-269"], "affected_products": [{"vendor": "mozilla", "product": "vpn", "cpe": "cpe:2.3:a:mozilla:vpn:*:*:*:*:*:macos:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1953736", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-48/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-06-11T12:15:29.023", "last_modified": "2026-04-13T15:17:05.593", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00066, "epss_percentile": 0.2033, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-49795", "description": "A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-825"], "affected_products": [], "references": [{"url": "https://access.redhat.com/errata/RHSA-2025:10630", "source": "secalert@redhat.com", "tags": []}, {"url": "https://access.redhat.com/errata/RHSA-2025:19020", "source": "secalert@redhat.com", "tags": []}, {"url": "https://access.redhat.com/security/cve/CVE-2025-49795", "source": "secalert@redhat.com", "tags": []}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372379", "source": "secalert@redhat.com", "tags": []}, {"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/932", "source": "secalert@redhat.com", "tags": []}], "published": "2025-06-16T16:15:19.203", "last_modified": "2026-04-14T10:16:28.617", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00566, "epss_percentile": 0.68466, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-25656", "description": "A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3), User Management Component (UMC) (All versions < V2.15.2.1). The affected application permits improper modification of a configuration file by a low-privileged user.\r\nThis could allow an attacker to load malicious DLLs, potentially leading to arbitrary code execution with SYSTEM privileges.(ZDI-CAN-28108)", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-427"], "affected_products": [{"vendor": "siemens", "product": "sinec_nms", "cpe": "cpe:2.3:a:siemens:sinec_nms:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "user_management_component", "cpe": "cpe:2.3:a:siemens:user_management_component:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-311973.html", "source": "productcert@siemens.com", "tags": ["Vendor Advisory"]}], "published": "2026-02-10T10:15:59.880", "last_modified": "2026-04-14T09:16:35.313", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0001, "epss_percentile": 0.01025, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-3223", "description": "Arbitrary file write & potential privilege escalation exploiting zip slip vulnerability in Google Web Designer.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-22"], "affected_products": [{"vendor": "google", "product": "web_designer", "cpe": "cpe:2.3:a:google:web_designer:14.2.2.0:*:*:*:*:*:*:*"}], "references": [{"url": "https://bughunters.google.com/reports/vrp/FJMQGy8oo", "source": "cve-coordination@google.com", "tags": ["Exploit", "Vendor Advisory"]}], "published": "2026-02-27T14:16:30.923", "last_modified": "2026-04-14T00:33:21.800", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 4e-05, "epss_percentile": 0.00157, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1083", "name": "File and Directory Discovery", "tactic": "Discovery"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2017-20222", "description": "Telesquare SKT LTE Router SDT-CS3B1 software version 1.2.0 contains an unauthenticated remote reboot vulnerability that allows attackers to trigger device reboot without authentication. Attackers can send POST requests to the lte.cgi endpoint with the Command=Reboot parameter to cause denial of service by forcing the router to restart.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-306"], "affected_products": [{"vendor": "telesquare", "product": "sdt-cs3b1_firmware", "cpe": "cpe:2.3:o:telesquare:sdt-cs3b1_firmware:1.2.0:*:*:*:*:*:*:*"}], "references": [{"url": "https://cxsecurity.com/issue/WLB-2017120300", "source": "disclosure@vulncheck.com", "tags": ["Exploit", "Issue Tracking"]}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/136825", "source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"]}, {"url": "https://packetstormsecurity.com/files/145555", "source": "disclosure@vulncheck.com", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://www.exploit-db.com/exploits/43401/", "source": "disclosure@vulncheck.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"]}, {"url": "https://www.vulncheck.com/advisories/telesquare-skt-lte-router-sdt-cs3b1-unauthenticated-remote-reboot", "source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"]}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5444.php", "source": "disclosure@vulncheck.com", "tags": ["Exploit", "Third Party Advisory"]}], "published": "2026-03-16T14:17:52.137", "last_modified": "2026-04-14T17:00:24.713", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00217, "epss_percentile": 0.44316, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5121", "description": "A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for arbitrary code execution on the affected system.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-190", "CWE-190"], "affected_products": [{"vendor": "libarchive", "product": "libarchive", "cpe": "cpe:2.3:a:libarchive:libarchive:-:*:*:*:*:*:*:*"}, {"vendor": "redhat", "product": "hardened_images", "cpe": "cpe:2.3:a:redhat:hardened_images:-:*:*:*:*:*:*:*"}, {"vendor": "redhat", "product": "openshift_container_platform", "cpe": "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*"}, {"vendor": "redhat", "product": "enterprise_linux", "cpe": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*"}, {"vendor": "redhat", "product": "enterprise_linux", "cpe": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*"}, {"vendor": "redhat", "product": "enterprise_linux", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*"}, {"vendor": "redhat", "product": "enterprise_linux", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*"}, {"vendor": "redhat", "product": "enterprise_linux", "cpe": "cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*"}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-5121", "source": "secalert@redhat.com", "tags": ["Third Party Advisory"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452945", "source": "secalert@redhat.com", "tags": []}, {"url": "https://github.com/advisories/GHSA-2vwv-vqpv-v8vc", "source": "secalert@redhat.com", "tags": ["Third Party Advisory"]}, {"url": "https://github.com/libarchive/libarchive/pull/2934", "source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch"]}], "published": "2026-03-30T08:16:18.780", "last_modified": "2026-04-14T17:16:52.727", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00243, "epss_percentile": 0.47569, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-30309", "description": "InfCode's terminal auto-execution module contains a critical command filtering vulnerability that renders its blacklist security mechanism completely ineffective. The predefined blocklist fails to cover native high-risk commands in Windows PowerShell (such as powershell), and the matching algorithm lacks dynamic semantic parsing unable to recognize string concatenation, variable assignment, or double-quote interpolation in Shell syntax. Malicious commands can bypass interception through simple syntax obfuscation. An attacker can construct a file containing malicious instructions for remote code injection. When a user imports and views such a file in the IDE, the Agent executes dangerous PowerShell commands outside the blacklist without user confirmation, resulting in arbitrary command execution or sensitive data leakage.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-78"], "affected_products": [{"vendor": "tokfinity", "product": "infcode", "cpe": "cpe:2.3:a:tokfinity:infcode:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/Secsys-FDU/LLM-Tool-Calling-CVEs/issues/11", "source": "cve@mitre.org", "tags": ["Third Party Advisory", "Issue Tracking"]}, {"url": "https://www.tokfinity.com/infcode", "source": "cve@mitre.org", "tags": ["Product"]}], "published": "2026-03-31T15:16:12.863", "last_modified": "2026-04-14T15:49:43.420", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00051, "epss_percentile": 0.15699, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-3775", "description": "The application's update service, when checking for updates, loads certain system libraries from a search path that includes directories writable by low‑privileged users and is not strictly restricted to trusted system locations. Because these libraries may be resolved and loaded from user‑writable locations, a local attacker can place a malicious library there and have it loaded with SYSTEM privileges, resulting in local privilege escalation and arbitrary code execution.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-427"], "affected_products": [{"vendor": "foxit", "product": "pdf_editor", "cpe": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*"}, {"vendor": "foxit", "product": "pdf_editor", "cpe": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*"}, {"vendor": "foxit", "product": "pdf_editor", "cpe": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*"}, {"vendor": "foxit", "product": "pdf_editor", "cpe": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*"}, {"vendor": "foxit", "product": "pdf_editor", "cpe": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*"}, {"vendor": "foxit", "product": "pdf_reader", "cpe": "cpe:2.3:a:foxit:pdf_reader:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://www.foxit.com/support/security-bulletins.html", "source": "14984358-7092-470d-8f34-ade47a7658a2", "tags": ["Vendor Advisory"]}], "published": "2026-04-01T02:16:02.440", "last_modified": "2026-04-14T17:56:31.173", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00015, "epss_percentile": 0.02762, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34746", "description": "Payload is a free and open source headless content management system. Prior to version 3.79.1, an authenticated Server-Side Request Forgery (SSRF) vulnerability exists in the upload functionality. Authenticated users with create or update access to an upload-enabled collection could cause the server to make outbound HTTP requests to arbitrary URLs. This issue has been patched in version 3.79.1.", "cvss_score": 7.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-918"], "affected_products": [{"vendor": "payloadcms", "product": "payload", "cpe": "cpe:2.3:a:payloadcms:payload:*:*:*:*:*:node.js:*:*"}], "references": [{"url": "https://github.com/payloadcms/payload/releases/tag/v3.79.1", "source": "security-advisories@github.com", "tags": ["Product", "Release Notes"]}, {"url": "https://github.com/payloadcms/payload/security/advisories/GHSA-6r7f-q7f5-wpx8", "source": "security-advisories@github.com", "tags": ["Vendor Advisory", "Mitigation"]}], "published": "2026-04-01T20:16:26.727", "last_modified": "2026-04-13T18:52:39.340", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00035, "epss_percentile": 0.10242, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1090", "name": "Proxy", "tactic": "Command and Control"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-22664", "description": "prompts.chat prior to commit 30a8f04 contains a server-side request forgery vulnerability in Fal.ai media status polling that allows authenticated users to perform arbitrary outbound requests by supplying attacker-controlled URLs in the token parameter. Attackers can exploit the lack of URL validation to disclose the FAL_API_KEY in the Authorization header, enabling credential theft, internal network probing, and abuse of the victim's Fal.ai account.", "cvss_score": 7.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-918"], "affected_products": [{"vendor": "fka", "product": "prompts.chat", "cpe": "cpe:2.3:a:fka:prompts.chat:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://gist.github.com/mdisec/27c0cac0ec6a8f3c8f85a18987ddb942", "source": "disclosure@vulncheck.com", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://github.com/f/prompts.chat/commit/30a8f0470e0ba45e6be9c9f55220f4a9a6b91c99", "source": "disclosure@vulncheck.com", "tags": ["Patch"]}, {"url": "https://www.vulncheck.com/advisories/prompts-chat-ssrf-via-fal-ai-media-status-polling", "source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"]}, {"url": "https://gist.github.com/mdisec/27c0cac0ec6a8f3c8f85a18987ddb942", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory"]}], "published": "2026-04-03T21:17:09.513", "last_modified": "2026-04-13T18:13:53.827", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0003, "epss_percentile": 0.0839, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1090", "name": "Proxy", "tactic": "Command and Control"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35558", "description": "Improper neutralization of special elements in the authentication components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to execute arbitrary code or redirect authentication flows by using specially crafted connection parameters that are processed by the driver during user-initiated authentication.\n\nTo remediate this issue, users should upgrade to version 2.1.0.0.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-77"], "affected_products": [{"vendor": "amazon", "product": "athena_odbc", "cpe": "cpe:2.3:a:amazon:athena_odbc:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://aws.amazon.com/security/security-bulletins/2026-013-aws/", "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "tags": ["Vendor Advisory"]}, {"url": "https://docs.aws.amazon.com/athena/latest/ug/odbc-v2-driver-release-notes.html", "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "tags": ["Release Notes"]}, {"url": "https://downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Linux/AmazonAthenaODBC-2.1.0.0.rpm", "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "tags": ["Patch", "Product"]}, {"url": "https://downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Mac/Intel/AmazonAthenaODBC-2.1.0.0_x86.pkg", "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "tags": ["Patch", "Product"]}, {"url": "https://downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Mac/arm/AmazonAthenaODBC-2.1.0.0_arm.pkg", "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "tags": ["Patch", "Product"]}, {"url": "https://downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Windows/AmazonAthenaODBC-2.1.0.0.msi", "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "tags": ["Patch", "Product"]}], "published": "2026-04-03T21:17:11.710", "last_modified": "2026-04-14T16:17:04.143", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0004, "epss_percentile": 0.12137, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5485", "description": "OS command injection in the browser-based authentication component in Amazon Athena ODBC driver before 2.0.5.1 on Linux might allow a threat actor to execute arbitrary code by using specially crafted connection parameters that are loaded by the driver during a local user-initiated connection.\n\nTo remediate this issue, users should upgrade to version 2.0.5.1 or later.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-78"], "affected_products": [{"vendor": "amazon", "product": "athena_odbc", "cpe": "cpe:2.3:a:amazon:athena_odbc:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://aws.amazon.com/security/security-bulletins/2026-013-aws/", "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "tags": ["Vendor Advisory"]}, {"url": "https://docs.aws.amazon.com/athena/latest/ug/odbc-v2-driver-release-notes.html", "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "tags": ["Release Notes"]}, {"url": "https://downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Linux/AmazonAthenaODBC-2.1.0.0.rpm", "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "tags": ["Patch", "Product"]}, {"url": "https://downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Mac/Intel/AmazonAthenaODBC-2.1.0.0_x86.pkg", "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "tags": ["Patch", "Product"]}, {"url": "https://downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Mac/arm/AmazonAthenaODBC-2.1.0.0_arm.pkg", "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "tags": ["Patch", "Product"]}, {"url": "https://downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Windows/AmazonAthenaODBC-2.1.0.0.msi", "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "tags": ["Patch", "Product"]}], "published": "2026-04-03T21:17:12.603", "last_modified": "2026-04-14T16:14:49.373", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0003, "epss_percentile": 0.08356, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34936", "description": "PraisonAI is a multi-agent teams system. Prior to version 4.5.90, passthrough() and apassthrough() in praisonai accept a caller-controlled api_base parameter that is concatenated with endpoint and passed directly to httpx.Client.request() when the litellm primary path raises AttributeError. No URL scheme validation, private IP filtering, or domain allowlist is applied, allowing requests to any host reachable from the server. This issue has been patched in version 4.5.90.", "cvss_score": 7.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-918"], "affected_products": [{"vendor": "praison", "product": "praisonai", "cpe": "cpe:2.3:a:praison:praisonai:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-x6m9-gxvr-7jpv", "source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"]}, {"url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-x6m9-gxvr-7jpv", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"]}], "published": "2026-04-03T23:17:05.853", "last_modified": "2026-04-14T18:14:29.880", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00032, "epss_percentile": 0.08939, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1090", "name": "Proxy", "tactic": "Command and Control"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34937", "description": "PraisonAI is a multi-agent teams system. Prior to version 1.5.90, run_python() in praisonai constructs a shell command string by interpolating user-controlled code into python3 -c \"<code>\" and passing it to subprocess.run(..., shell=True). The escaping logic only handles \\ and \", leaving $() and backtick substitutions unescaped, allowing arbitrary OS command execution before Python is invoked. This issue has been patched in version 1.5.90.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-78"], "affected_products": [{"vendor": "praison", "product": "praisonaiagents", "cpe": "cpe:2.3:a:praison:praisonaiagents:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-w37c-qqfp-c67f", "source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"]}, {"url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-w37c-qqfp-c67f", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"]}], "published": "2026-04-03T23:17:06.020", "last_modified": "2026-04-14T18:09:51.993", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0003, "epss_percentile": 0.0854, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2016-20055", "description": "IObit Advanced SystemCare 10.0.2 contains an unquoted service path vulnerability in the AdvancedSystemCareService10 service that allows local attackers to escalate privileges. Attackers can place a malicious executable in the service path and trigger privilege escalation when the service restarts or the system reboots, executing code with LocalSystem privileges.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-428"], "affected_products": [{"vendor": "iobit", "product": "advanced_system_care", "cpe": "cpe:2.3:a:iobit:advanced_system_care:*:*:*:*:free:*:*:*"}], "references": [{"url": "http://www.iobit.com/en/advancedsystemcarefree.php#", "source": "disclosure@vulncheck.com", "tags": ["Product"]}, {"url": "http://www.iobit.com/en/index.php", "source": "disclosure@vulncheck.com", "tags": ["Product"]}, {"url": "https://www.exploit-db.com/exploits/40577", "source": "disclosure@vulncheck.com", "tags": ["Exploit", "VDB Entry"]}, {"url": "https://www.vulncheck.com/advisories/iobit-advanced-systemcare-unquoted-service-path-privilege-escalation", "source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"]}], "published": "2026-04-04T14:16:17.863", "last_modified": "2026-04-14T19:09:27.900", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00013, "epss_percentile": 0.0226, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2024-14032", "description": "Twitch Studio version 0.114.8 and prior contain a privilege escalation vulnerability in its privileged helper tool that allows local attackers to execute arbitrary code as root by exploiting an unprotected XPC service. Attackers can invoke the installFromPath:toPath:withReply: method to overwrite system files and privileged binaries, achieving full system compromise. Twitch Studio was discontinued in May 2024.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-862"], "affected_products": [{"vendor": "twitch", "product": "twitch_studio", "cpe": "cpe:2.3:a:twitch:twitch_studio:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://help.twitch.tv/s/article/recommended-software-for-broadcasting", "source": "disclosure@vulncheck.com", "tags": ["Product"]}, {"url": "https://help.twitch.tv/s/topic/0TO3a000000kZfYGAU/twitch-studio", "source": "disclosure@vulncheck.com", "tags": ["Product"]}, {"url": "https://www.iru.com/blog/twitch-privileged-helper", "source": "disclosure@vulncheck.com", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://www.vulncheck.com/advisories/twitch-studio-launcherhelper-xpc-missing-authorization-to-root-file-write", "source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"]}], "published": "2026-04-06T16:16:26.470", "last_modified": "2026-04-14T02:01:12.537", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0001, "epss_percentile": 0.01152, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35021", "description": "Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the prompt editor invocation utility that allows attackers to execute arbitrary commands by crafting malicious file paths. Attackers can inject shell metacharacters such as $() or backtick expressions into file paths that are interpolated into shell commands executed via execSync. Although the file path is wrapped in double quotes, POSIX shell semantics (POSIX §2.2.3) do not prevent command substitution within double quotes, allowing injected expressions to be evaluated and resulting in arbitrary command execution with the privileges of the user running the CLI.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-78"], "affected_products": [], "references": [{"url": "https://phoenix.security/critical-ci-cd-nightmare-3-command-injection-flaws-in-claude-code-cli-allow-credential-exfiltration/", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/anthropic-claude-code-agent-sdk-os-command-injection-via-prompteditor-ts", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-06T20:16:25.067", "last_modified": "2026-04-13T20:16:34.557", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00033, "epss_percentile": 0.09598, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32860", "description": "There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted LVLIB file in NI LabVIEW.  This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .lvlib file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-787"], "affected_products": [{"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2023:q1:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2023:q3:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2023:q3_patch1:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2023:q3_patch2:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2023:q3_patch3:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2023:q3_patch4:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2023:q3_patch5:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2023:q3_patch6:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2023:q3_patch7:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2023:q3_patch8:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2024:-:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2024:q1:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2024:q1_patch1:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2024:q3:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2024:q3_patch1:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2024:q3_patch2:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2024:q3_patch3:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2024:q3_patch4:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2024:q3_patch5:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2025:q1:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2025:q1_patch1:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2025:q1_patch2:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2025:q1_patch3:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2025:q3:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2025:q3_patch1:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2025:q3_patch2:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2025:q3_patch3:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2026:q1:*:*:*:*:*:*"}], "references": [{"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/lv-project-library-file-parsing-memory-corruption-vulnerability-in-ni-labview.html", "source": "security@ni.com", "tags": ["Vendor Advisory"]}], "published": "2026-04-07T20:16:24.040", "last_modified": "2026-04-13T14:55:52.147", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0002, "epss_percentile": 0.05409, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32861", "description": "There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted LVCLASS file in NI LabVIEW.  This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .lvclass file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-787"], "affected_products": [{"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2023:q1:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2023:q3:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2023:q3_patch1:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2023:q3_patch2:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2023:q3_patch3:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2023:q3_patch4:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2023:q3_patch5:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2023:q3_patch6:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2023:q3_patch7:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2023:q3_patch8:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2024:-:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2024:q1:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2024:q1_patch1:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2024:q3:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2024:q3_patch1:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2024:q3_patch2:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2024:q3_patch3:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2024:q3_patch4:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2024:q3_patch5:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2025:q1:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2025:q1_patch1:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2025:q1_patch2:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2025:q1_patch3:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2025:q3:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2025:q3_patch1:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2025:q3_patch2:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2025:q3_patch3:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2026:q1:*:*:*:*:*:*"}], "references": [{"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/lv-class-file-parsing-memory-corruption-vulnerability-in-ni-labview.html", "source": "security@ni.com", "tags": ["Vendor Advisory"]}], "published": "2026-04-07T20:16:24.363", "last_modified": "2026-04-13T14:55:18.227", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0002, "epss_percentile": 0.05409, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32862", "description": "There is a memory corruption vulnerability due to an out-of-bounds write in ResFileFactory::InitResourceMgr() in NI LabVIEW.  This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-787"], "affected_products": [{"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2023:q1:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2023:q3:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2023:q3_patch1:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2023:q3_patch2:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2023:q3_patch3:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2023:q3_patch4:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2023:q3_patch5:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2023:q3_patch6:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2023:q3_patch7:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2023:q3_patch8:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2024:-:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2024:q1:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2024:q1_patch1:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2024:q3:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2024:q3_patch1:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2024:q3_patch2:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2024:q3_patch3:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2024:q3_patch4:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2024:q3_patch5:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2025:q1:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2025:q1_patch1:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2025:q1_patch2:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2025:q1_patch3:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2025:q3:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2025:q3_patch1:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2025:q3_patch2:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2025:q3_patch3:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2026:q1:*:*:*:*:*:*"}], "references": [{"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/memory-corruption-vulnerabilities-in-ni-labview.html", "source": "security@ni.com", "tags": ["Vendor Advisory"]}], "published": "2026-04-07T20:16:24.883", "last_modified": "2026-04-13T14:54:08.713", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0002, "epss_percentile": 0.05409, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32863", "description": "There is a memory corruption vulnerability due to an out-of-bounds read in sentry_transaction_context_set_operation() in NI LabVIEW.  This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-125"], "affected_products": [{"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2023:q1:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2023:q3:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2023:q3_patch1:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2023:q3_patch2:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2023:q3_patch3:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2023:q3_patch4:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2023:q3_patch5:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2023:q3_patch6:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2023:q3_patch7:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2023:q3_patch8:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2024:-:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2024:q1:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2024:q1_patch1:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2024:q3:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2024:q3_patch1:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2024:q3_patch2:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2024:q3_patch3:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2024:q3_patch4:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2024:q3_patch5:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2025:q1:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2025:q1_patch1:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2025:q1_patch2:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2025:q1_patch3:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2025:q3:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2025:q3_patch1:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2025:q3_patch2:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2025:q3_patch3:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2026:q1:*:*:*:*:*:*"}], "references": [{"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/memory-corruption-vulnerabilities-in-ni-labview.html", "source": "security@ni.com", "tags": ["Vendor Advisory"]}], "published": "2026-04-07T20:16:26.220", "last_modified": "2026-04-13T14:53:21.223", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00016, "epss_percentile": 0.03627, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32864", "description": "There is a memory corruption vulnerability due to an out-of-bounds read in mgcore_SH_25_3!aligned_free() in NI LabVIEW.  This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-125"], "affected_products": [{"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2023:q1:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2023:q3:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2023:q3_patch1:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2023:q3_patch2:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2023:q3_patch3:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2023:q3_patch4:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2023:q3_patch5:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2023:q3_patch6:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2023:q3_patch7:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2023:q3_patch8:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2024:-:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2024:q1:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2024:q1_patch1:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2024:q3:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2024:q3_patch1:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2024:q3_patch2:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2024:q3_patch3:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2024:q3_patch4:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2024:q3_patch5:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2025:q1:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2025:q1_patch1:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2025:q1_patch2:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2025:q1_patch3:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2025:q3:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2025:q3_patch1:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2025:q3_patch2:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2025:q3_patch3:*:*:*:*:*:*"}, {"vendor": "ni", "product": "labview", "cpe": "cpe:2.3:a:ni:labview:2026:q1:*:*:*:*:*:*"}], "references": [{"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/memory-corruption-vulnerabilities-in-ni-labview.html", "source": "security@ni.com", "tags": ["Vendor Advisory"]}], "published": "2026-04-07T20:16:26.460", "last_modified": "2026-04-13T14:52:36.727", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00016, "epss_percentile": 0.03627, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39361", "description": "OpenObserve is a cloud-native observability platform. In 0.70.3 and earlier, the validate_enrichment_url function in src/handler/http/request/enrichment_table/mod.rs fails to block IPv6 addresses because Rust's url crate returns them with surrounding brackets (e.g. \"[::1]\" not \"::1\"). An authenticated attacker can reach internal services blocked from external access. On cloud deployments this enables retrieval of IAM credentials via AWS IMDSv1 (169.254.169.254), GCP metadata, or Azure IMDS. On self-hosted deployments it allows probing internal network services.", "cvss_score": 7.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-918"], "affected_products": [{"vendor": "openobserve", "product": "openobserve", "cpe": "cpe:2.3:a:openobserve:openobserve:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/openobserve/openobserve/commit/d1a5d8f65b432e2e82f83231390dec7f107e8d75", "source": "security-advisories@github.com", "tags": ["Patch"]}, {"url": "https://github.com/openobserve/openobserve/security/advisories/GHSA-gcwf-3p7h-wm79", "source": "security-advisories@github.com", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}, {"url": "https://github.com/openobserve/openobserve/security/advisories/GHSA-gcwf-3p7h-wm79", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}], "published": "2026-04-07T20:16:29.837", "last_modified": "2026-04-14T20:28:05.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00032, "epss_percentile": 0.08939, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1090", "name": "Proxy", "tactic": "Command and Control"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5726", "description": "ASDA-Soft Stack-based Buffer Overflow Vulnerability", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-121", "CWE-787"], "affected_products": [{"vendor": "deltaww", "product": "asda_soft", "cpe": "cpe:2.3:a:deltaww:asda_soft:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2026-00007_ASDA-Soft%20Stack-based%20Buffer%20Overflow%20Vulnerability%20(CVE-2026-5726).pdf", "source": "759f5e80-c8e1-4224-bead-956d7b33c98b", "tags": ["Vendor Advisory"]}], "published": "2026-04-08T03:16:07.700", "last_modified": "2026-04-13T12:49:03.307", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 5e-05, "epss_percentile": 0.00254, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39466", "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPMU DEV - Your All-in-One WordPress Platform Broken Link Checker broken-link-checker allows Blind SQL Injection.This issue affects Broken Link Checker: from n/a through <= 2.4.7.", "cvss_score": 7.6, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-89"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/broken-link-checker/vulnerability/wordpress-broken-link-checker-plugin-2-4-7-sql-injection-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:21.830", "last_modified": "2026-04-13T17:16:29.350", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00036, "epss_percentile": 0.10499, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 22.8, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39479", "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Brainstorm Force OttoKit suretriggers allows Blind SQL Injection.This issue affects OttoKit: from n/a through <= 1.1.20.", "cvss_score": 7.6, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-89"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/suretriggers/vulnerability/wordpress-ottokit-plugin-1-1-20-sql-injection-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:22.670", "last_modified": "2026-04-13T17:16:29.900", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00036, "epss_percentile": 0.10499, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 22.8, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39496", "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce YayMail yaymail allows Blind SQL Injection.This issue affects YayMail: from n/a through <= 4.3.3.", "cvss_score": 7.6, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-89"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/yaymail/vulnerability/wordpress-yaymail-plugin-4-3-3-sql-injection-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:23.953", "last_modified": "2026-04-13T20:16:35.757", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00036, "epss_percentile": 0.10499, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 22.8, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-28261", "description": "Dell Elastic Cloud Storage, version 3.8.1.7 and prior, and Dell ObjectScale, versions prior to 4.1.0.3 and version 4.2.0.0, contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to secret exposure. The attacker may be able to use the exposed secret to access the vulnerable system with privileges of the compromised account.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-532"], "affected_products": [{"vendor": "dell", "product": "elastic_cloud_storage", "cpe": "cpe:2.3:a:dell:elastic_cloud_storage:*:*:*:*:*:*:*:*"}, {"vendor": "dell", "product": "objectscale", "cpe": "cpe:2.3:a:dell:objectscale:*:*:*:*:*:*:*:*"}, {"vendor": "dell", "product": "objectscale", "cpe": "cpe:2.3:a:dell:objectscale:4.2.0.0:*:*:*:*:*:*:*"}], "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000449325/dsa-2026-143-security-update-for-dell-objectscale-prior-to-4-1-0-3-and-4-2-0-0-insertion-of-sensitive-information-into-log-file-vulnerability", "source": "security_alert@emc.com", "tags": ["Vendor Advisory"]}], "published": "2026-04-08T13:16:41.533", "last_modified": "2026-04-13T18:20:21.650", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00014, "epss_percentile": 0.02368, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1005", "name": "Data from Local System", "tactic": "Collection"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4498", "description": "Execution with Unnecessary Privileges (CWE-250) in Kibana’s Fleet plugin debug route handlers can lead reading index data beyond their direct Elasticsearch RBAC scope via Privilege Abuse (CAPEC-122). This requires an authenticated Kibana user with Fleet sub-feature privileges (such as agents, agent policies, and settings management).", "cvss_score": 7.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-250"], "affected_products": [{"vendor": "elastic", "product": "kibana", "cpe": "cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*"}, {"vendor": "elastic", "product": "kibana", "cpe": "cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*"}, {"vendor": "elastic", "product": "kibana", "cpe": "cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://discuss.elastic.co/t/kibana-8-19-14-9-2-8-9-3-3-security-update-esa-2026-21/385811", "source": "security@elastic.co", "tags": ["Vendor Advisory"]}], "published": "2026-04-08T17:21:24.300", "last_modified": "2026-04-13T18:22:55.253", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00054, "epss_percentile": 0.16973, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27806", "description": "Fleet is open source device management software. Prior to 4.81.1, the Orbit agent's FileVault disk encryption key rotation flow on collects a local user's password via a GUI dialog and interpolates it directly into a Tcl/expect script executed via exec.Command(\"expect\", \"-c\", script). Because the password is inserted into Tcl brace-quoted send {%s}, a password containing } terminates the literal and injects arbitrary Tcl commands. Since Orbit runs as root, this allows a local unprivileged user to escalate to root privileges. This vulnerability is fixed in 4.81.1.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-78"], "affected_products": [{"vendor": "fleetdm", "product": "fleet", "cpe": "cpe:2.3:a:fleetdm:fleet:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/fleetdm/fleet/security/advisories/GHSA-rphv-h674-5hp2", "source": "security-advisories@github.com", "tags": ["Vendor Advisory"]}], "published": "2026-04-08T19:25:13.543", "last_modified": "2026-04-14T19:31:32.380", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00014, "epss_percentile": 0.02441, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40029", "description": "parseusbs before 1.9 contains an OS command injection vulnerability in parseUSBs.py where LNK file paths are passed unsanitized into an os.popen() shell command, allowing arbitrary command execution via crafted .lnk filenames containing shell metacharacters. An attacker can craft a .lnk filename with embedded shell metacharacters that execute arbitrary commands on the forensic examiner's machine during USB artifact parsing.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-78"], "affected_products": [{"vendor": "khyrenz", "product": "parseusbs", "cpe": "cpe:2.3:a:khyrenz:parseusbs:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/khyrenz/parseusbs/commit/99f05996494e7e41ea0c7e13145ba20eb793e46b", "source": "disclosure@vulncheck.com", "tags": ["Patch"]}, {"url": "https://github.com/khyrenz/parseusbs/pull/10", "source": "disclosure@vulncheck.com", "tags": ["Issue Tracking"]}, {"url": "https://mobasi.ai/sentinel", "source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"]}, {"url": "https://www.vulncheck.com/advisories/parseusbs-command-injection-via-crafted-lnk-filename", "source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"]}], "published": "2026-04-08T22:16:23.303", "last_modified": "2026-04-13T20:27:50.497", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00028, "epss_percentile": 0.07722, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40030", "description": "parseusbs before 1.9 contains an OS command injection vulnerability where the volume listing path argument (-v flag) is passed unsanitized into an os.popen() shell command with ls, allowing arbitrary command injection via crafted volume path arguments containing shell metacharacters. An attacker can provide a crafted volume path via the -v flag that injects arbitrary commands during volume content enumeration.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-78"], "affected_products": [{"vendor": "khyrenz", "product": "parseusbs", "cpe": "cpe:2.3:a:khyrenz:parseusbs:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/khyrenz/parseusbs/commit/99f05996494e7e41ea0c7e13145ba20eb793e46b", "source": "disclosure@vulncheck.com", "tags": ["Patch"]}, {"url": "https://github.com/khyrenz/parseusbs/pull/10", "source": "disclosure@vulncheck.com", "tags": ["Issue Tracking"]}, {"url": "https://mobasi.ai/sentinel", "source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"]}, {"url": "https://www.vulncheck.com/advisories/parseusbs-command-injection-via-volume-path-argument", "source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"]}], "published": "2026-04-08T22:16:23.483", "last_modified": "2026-04-13T20:27:37.820", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00026, "epss_percentile": 0.07111, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40031", "description": "MemProcFS before 5.17 contains multiple unsafe library-loading patterns that enable DLL and shared-library hijacking across six attack surfaces, including bare-name LoadLibraryU and dlopen calls without path qualification for vmmpyc, libMSCompression, and plugin DLLs. An attacker who places a malicious DLL or shared library in the working directory or manipulates LD_LIBRARY_PATH can achieve arbitrary code execution when MemProcFS loads.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-427"], "affected_products": [], "references": [{"url": "https://github.com/ufrisk/MemProcFS/commit/df80e6e83641f5004025ce661e6dd8139028d7b5", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://github.com/ufrisk/MemProcFS/releases/tag/v5.17", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://mobasi.ai/sentinel", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/memprocfs-dll-shared-library-hijacking", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-08T22:16:23.650", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00015, "epss_percentile": 0.02772, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40032", "description": "UAC (Unix-like Artifacts Collector) before 3.3.0-rc1 contains a command injection vulnerability in the placeholder substitution and command execution pipeline where the _run_command() function passes constructed command strings directly to eval without proper sanitization. Attackers can inject shell metacharacters or command substitutions through attacker-controlled inputs including %line% values from foreach iterators and %user% / %user_home% values derived from system files to achieve arbitrary command execution with the privileges of the UAC process.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-78"], "affected_products": [], "references": [{"url": "https://github.com/tclahr/uac/commit/50ace60e172e38feb78347bdf579311c23eff078", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://github.com/tclahr/uac/commit/cb95d7166cd47908e1189d9669e43f9a6d3d707f", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://github.com/tclahr/uac/commit/d0fca5e36d8d6a33a4404f0f6fe92b0424544589", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://github.com/tclahr/uac/issues/429", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://github.com/tclahr/uac/pull/443", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://mobasi.ai/sentinel", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/uac-rc1-command-injection-via-placeholder-substitution", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-08T22:16:23.827", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00021, "epss_percentile": 0.05595, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39843", "description": "Plane is an an open-source project management tool. From 0.28.0 to before 1.3.0, the remediation of GHSA-jcc6-f9v6-f7jw is incomplete which could lead to the same full read Server-Side Request Forgery when a normal html page contains a link tag with an href that redirects to a private IP address is supplied to Add link by an authenticated attacker with low privileges. Redirects for the main page URL are validated, but not the favicon fetch path. fetch_and_encode_favicon() still uses requests.get(favicon_url, ...) with the default redirect-following. This vulnerability is fixed in 1.3.0.", "cvss_score": 7.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-918"], "affected_products": [], "references": [{"url": "https://github.com/makeplane/plane/security/advisories/GHSA-9fr2-pprw-pp9j", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-09T16:16:31.087", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00028, "epss_percentile": 0.07905, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1090", "name": "Proxy", "tactic": "Command and Control"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39853", "description": "osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.12, A stack buffer overflow vulnerability exists in osslsigncode in several signature verification paths. During verification of a PKCS#7 signature, the code copies the digest value from a parsed SpcIndirectDataContent structure into a fixed-size stack buffer  (mdbuf[EVP_MAX_MD_SIZE], 64 bytes) without validating that the source length fits within the destination buffer. This pattern is present in the verification handlers for PE, MSI, CAB, and script files. An attacker can craft a malicious signed file with an oversized digest field in SpcIndirectDataContent. When a user verifies such a file with osslsigncode verify, the unbounded memcpy can overflow the stack buffer and corrupt adjacent stack state. This vulnerability is fixed in 2.12.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-121", "CWE-787"], "affected_products": [], "references": [{"url": "https://github.com/mtrojnar/osslsigncode/commit/cbee1e723c5a8547302bd841ad9943ed8144db68", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/mtrojnar/osslsigncode/releases/tag/2.12", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/mtrojnar/osslsigncode/security/advisories/GHSA-hx87-8754-xvh4", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-09T16:16:31.233", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00014, "epss_percentile": 0.02522, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34971", "description": "Wasmtime is a runtime for WebAssembly. From 32.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Cranelift compilation backend contains a bug on aarch64 when performing a certain shape of heap accesses which means that the wrong address is accessed. When combined with explicit bounds checks a guest WebAssembly module this can create a situation where there are two diverging computations for the same address: one for the address to bounds-check and one for the address to load. This difference in address being operated on means that a guest module can pass a bounds check but then load a different address. Combined together this enables an arbitrary read/write primitive for guest WebAssembly when accesssing host memory. This is a sandbox escape as guests are able to read/write arbitrary host memory. This vulnerability has a few ingredients, all of which must be met, for this situation to occur and bypass the sandbox restrictions. This miscompiled shape of load only occurs on 64-bit WebAssembly linear memories, or when Config::wasm_memory64 is enabled. 32-bit WebAssembly is not affected. Spectre mitigations or signals-based-traps must be disabled. When spectre mitigations are enabled then the offending shape of load is not generated. When signals-based-traps are disabled then spectre mitigations are also automatically disabled. The specific bug in Cranelift is a miscompile of a load of the shape load(iadd(base, ishl(index, amt))) where amt is a constant. The amt value is masked incorrectly to test if it's a certain value, and this incorrect mask means that Cranelift can pattern-match this lowering rule during instruction selection erroneously, diverging from WebAssembly's and Cranelift's semantics. This incorrect lowering would, for example, load an address much further away than intended as the correct address's computation would have wrapped around to a smaller value insetad. This vulnerability is fixed in 36.0.7, 42.0.2, and 43.0.1.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-125", "CWE-787"], "affected_products": [], "references": [{"url": "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-jhxm-h53p-jm7w", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-09T19:16:24.663", "last_modified": "2026-04-13T21:16:25.877", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00012, "epss_percentile": 0.01481, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-29923", "description": "The pstrip64.sys driver in EnTech Taiwan PowerStrip <=3.90.736 allows local users to escalate privileges to SYSTEM via a crafted IOCTL request enabling unprivileged users to map arbitrary physical memory into their address space and modify critical kernel structures.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-269"], "affected_products": [], "references": [{"url": "https://entechtaiwan.com/util/ps.shtm", "source": "cve@mitre.org", "tags": []}, {"url": "https://packetstorm.news/files/id/218394/", "source": "cve@mitre.org", "tags": []}, {"url": "https://packetstorm.news/files/id/218394/", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": []}], "published": "2026-04-09T20:16:24.693", "last_modified": "2026-04-14T17:16:48.907", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00018, "epss_percentile": 0.04749, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34734", "description": "HDF5 is software for managing data. In 1.14.1-2 and earlier, a heap-use-after-free was found in the h5dump helper utility. An attacker who can supply a malicious h5 file can trigger a heap use-after-free. The freed object is referenced in a memmove call from H5T__conv_struct. The original object was allocated by H5D__typeinfo_init_phase3 and freed by H5D__typeinfo_term.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-416"], "affected_products": [{"vendor": "hdfgroup", "product": "hdf5", "cpe": "cpe:2.3:a:hdfgroup:hdf5:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/HDFGroup/hdf5/security/advisories/GHSA-w7v2-9cmr-pwwj", "source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"]}, {"url": "https://github.com/HDFGroup/hdf5/security/advisories/GHSA-w7v2-9cmr-pwwj", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"]}], "published": "2026-04-09T20:16:25.437", "last_modified": "2026-04-14T20:09:51.313", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00013, "epss_percentile": 0.02102, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33788", "description": "A Missing Authentication for Critical Function vulnerability in the Flexible PIC Concentrators (FPCs) of Juniper Networks Junos OS Evolved on PTX Series allows a local, authenticated attacker with low privileges to gain direct access to FPCs installed in the device.\n\nA local user with low privileges can gain direct access to the installed FPCs as a high privileged user, which can potentially lead to a full compromise of the affected component.\n\nThis issue affects Junos OS Evolved on PTX10004, PTX10008, PTX100016, with JNP10K-LC1201 or JNP10K-LC1202:\n\n\n\n\n  *  All versions before 21.2R3-S8-EVO,\n  *  21.4-EVO versions before 21.4R3-S7-EVO,\n  *  22.2-EVO versions before 22.2R3-S4-EVO,\n  *  22.3-EVO versions before 22.3R3-S3-EVO,\n  *  22.4-EVO versions before 22.4R3-S2-EVO,\n  *  23.2-EVO versions before 23.2R2-EVO.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-306"], "affected_products": [], "references": [{"url": "https://kb.juniper.net/JSA107806", "source": "sirt@juniper.net", "tags": []}], "published": "2026-04-09T22:16:28.593", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00016, "epss_percentile": 0.03363, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33793", "description": "An Execution with Unnecessary Privileges vulnerability in the User Interface (UI) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to gain root privileges, thus compromising the system.\n\nWhen a configuration that allows unsigned Python op scripts is present on the device, a non-root user is able to execute malicious op scripts as a root-equivalent user, leading to privilege escalation. \n\nThis issue affects Junos OS: \n\n  *  All versions before 22.4R3-S7, \n  *  from 23.2 before 23.2R2-S4, \n  *  from 23.4 before 23.4R2-S6,\n  *  from 24.2 before 24.2R1-S2, 24.2R2, \n  *  from 24.4 before 24.4R1-S2, 24.4R2; \n\n\n\n\nJunos OS Evolved: \n\n\n\n  *  All versions before 22.4R3-S7-EVO, \n  *  from 23.2 before 23.2R2-S4-EVO, \n  *  from 23.4 before 23.4R2-S6-EVO,\n  *  from 24.2 before 24.2R2-EVO, \n  *  from 24.4 before 24.4R1-S1-EVO, 24.4R2-EVO.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-250"], "affected_products": [], "references": [{"url": "https://kb.juniper.net/JSA103142", "source": "sirt@juniper.net", "tags": []}], "published": "2026-04-09T22:16:29.297", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00014, "epss_percentile": 0.0235, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35625", "description": "OpenClaw before 2026.3.25 contains a privilege escalation vulnerability where silent local shared-auth reconnects auto-approve scope-upgrade requests, widening paired device permissions from operator.read to operator.admin. Attackers can exploit this by triggering local reconnection to silently escalate privileges and achieve remote code execution on the node.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-648"], "affected_products": [], "references": [{"url": "https://github.com/openclaw/openclaw/commit/81ebc7e0344fd19c85778e883bad45e2da972229", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-fqw4-mph7-2vr8", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-silent-local-shared-auth-reconnect", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-09T22:16:30.867", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00033, "epss_percentile": 0.09335, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40150", "description": "PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the web_crawl() function in praisonaiagents/tools/web_crawl_tools.py accepts arbitrary URLs from AI agents with zero validation. No scheme allowlisting, hostname/IP blocklisting, or private network checks are applied before fetching. This allows an attacker (or prompt injection in crawled content) to force the agent to fetch cloud metadata endpoints, internal services, or local files via file:// URLs. This vulnerability is fixed in 1.5.128.", "cvss_score": 7.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-918"], "affected_products": [], "references": [{"url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-8f4v-xfm9-3244", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-8f4v-xfm9-3244", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": []}], "published": "2026-04-09T22:16:35.900", "last_modified": "2026-04-14T15:16:37.700", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00028, "epss_percentile": 0.07769, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1090", "name": "Proxy", "tactic": "Command and Control"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-25203", "description": "Samsung MagicINFO 9 Server Incorrect Default Permissions Local Privilege Escalation Vulnerability\n\n\nThis issue affects MagicINFO 9 Server: less than 21.1091.1.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-276"], "affected_products": [], "references": [{"url": "https://security.samsungtv.com/securityUpdates", "source": "PSIRT@samsung.com", "tags": []}], "published": "2026-04-10T02:16:02.767", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0001, "epss_percentile": 0.01035, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-28704", "description": "Emocheck insecurely loads Dynamic Link Libraries (DLLs). If a crafted DLL file is placed to the same directory, an arbitrary code may be executed with the privilege of the user invoking EmoCheck.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-427"], "affected_products": [], "references": [{"url": "https://github.com/JPCERTCC/EmoCheck/", "source": "vultures@jpcert.or.jp", "tags": []}, {"url": "https://jvn.jp/en/jp/JVN00263243/", "source": "vultures@jpcert.or.jp", "tags": []}, {"url": "https://www.jpcert.or.jp/press/2026/PR20260410.html", "source": "vultures@jpcert.or.jp", "tags": []}], "published": "2026-04-10T07:16:21.023", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00013, "epss_percentile": 0.02003, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33092", "description": "Local privilege escalation due to improper handling of environment variables. The following products are affected: Acronis True Image OEM (macOS) before build 42571, Acronis True Image (macOS) before build 42902.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-15"], "affected_products": [], "references": [{"url": "https://security-advisory.acronis.com/advisories/SEC-9407", "source": "security@acronis.com", "tags": []}], "published": "2026-04-10T14:16:34.880", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00014, "epss_percentile": 0.02564, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35641", "description": "OpenClaw before 2026.3.24 contains an arbitrary code execution vulnerability in local plugin and hook installation that allows attackers to execute malicious code by crafting a .npmrc file with a git executable override. During npm install execution in the staged package directory, attackers can leverage git dependencies to trigger execution of arbitrary programs specified in the attacker-controlled .npmrc configuration file.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-349"], "affected_products": [{"vendor": "openclaw", "product": "openclaw", "cpe": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*"}], "references": [{"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-m3mh-3mpg-37hw", "source": "disclosure@vulncheck.com", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}, {"url": "https://www.vulncheck.com/advisories/openclaw-arbitrary-code-execution-via-npmrc-in-local-plugin-hook-installation", "source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"]}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-m3mh-3mpg-37hw", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}], "published": "2026-04-10T17:17:04.697", "last_modified": "2026-04-14T15:16:30.090", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 6e-05, "epss_percentile": 0.00375, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35668", "description": "OpenClaw before 2026.3.24 contains a path traversal vulnerability in sandbox enforcement allowing sandboxed agents to read arbitrary files from other agents' workspaces via unnormalized mediaUrl or fileUrl parameter keys. Attackers can exploit incomplete parameter validation in normalizeSandboxMediaParams and missing mediaLocalRoots context to access sensitive files including API keys and configuration data outside designated sandbox roots.", "cvss_score": 7.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-22"], "affected_products": [{"vendor": "openclaw", "product": "openclaw", "cpe": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*"}], "references": [{"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-hr5v-j9h9-xjhg", "source": "disclosure@vulncheck.com", "tags": ["Exploit", "Vendor Advisory"]}, {"url": "https://www.vulncheck.com/advisories/openclaw-sandbox-media-root-bypass-via-unnormalized-mediaurl-and-fileurl-parameters", "source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"]}], "published": "2026-04-10T17:17:09.060", "last_modified": "2026-04-13T20:43:10.547", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00041, "epss_percentile": 0.12387, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1083", "name": "File and Directory Discovery", "tactic": "Discovery"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40156", "description": "PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI automatically loads a file named tools.py from the current working directory to discover and register custom agent tools. This loading process uses importlib.util.spec_from_file_location and immediately executes module-level code via spec.loader.exec_module() without explicit user consent, validation, or sandboxing. The tools.py file is loaded implicitly, even when it is not referenced in configuration files or explicitly requested by the user. As a result, merely placing a file named tools.py in the working directory is sufficient to trigger code execution. This behavior violates the expected security boundary between user-controlled project files (e.g., YAML configurations) and executable code, as untrusted content in the working directory is treated as trusted and executed automatically. If an attacker can place a malicious tools.py file into a directory where a user or automated system (e.g., CI/CD pipeline) runs praisonai, arbitrary code execution occurs immediately upon startup, before any agent logic begins.  This vulnerability is fixed in 4.5.128.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-94", "CWE-426", "CWE-829"], "affected_products": [], "references": [{"url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-2g3w-cpc4-chr4", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-2g3w-cpc4-chr4", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": []}], "published": "2026-04-10T17:17:13.297", "last_modified": "2026-04-13T16:16:32.137", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00023, "epss_percentile": 0.06212, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-31941", "description": "Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains a Server-Side Request Forgery (SSRF) vulnerability in the Social Wall feature. The endpoint read_url_with_open_graph accepts a URL from the user via the social_wall_new_msg_main POST parameter and performs two server-side HTTP requests to that URL without validating whether the target is an internal or external resource. This allows an authenticated attacker to force the server to make arbitrary HTTP requests to internal services, scan internal ports, and access cloud instance metadata. This vulnerability is fixed in 1.11.38 and 2.0.0-RC.3.", "cvss_score": 7.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-918"], "affected_products": [], "references": [{"url": "https://github.com/chamilo/chamilo-lms/commit/e3790c5f0ff3b4dc547c2099fadf5c438c1bb265", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/chamilo/chamilo-lms/commit/ea6b7b7e90580c9b01dc4bcafe4ad737061e0ead", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-q74c-mx8x-489h", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-10T18:16:41.640", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00027, "epss_percentile": 0.07386, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1090", "name": "Proxy", "tactic": "Command and Control"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32252", "description": "Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.9.0, a cross-tenant authorization bypass exists in Chartbrew in GET /team/:team_id/template/generate/:project_id. The GET handler calls checkAccess(req, \"updateAny\", \"chart\") without awaiting the returned promise, and it does not verify that the supplied project_id belongs to req.params.team_id or to the caller's team. As a result, an authenticated attacker with valid template-generation permissions in their own team can request the template model for a project belonging to another team and receive victim project data. This vulnerability is fixed in 4.9.0.", "cvss_score": 7.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-285"], "affected_products": [{"vendor": "depomo", "product": "chartbrew", "cpe": "cpe:2.3:a:depomo:chartbrew:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/chartbrew/chartbrew/commit/bf5919043d3587fcbe76123aaabd9a0a9d1033f1", "source": "security-advisories@github.com", "tags": ["Patch"]}, {"url": "https://github.com/chartbrew/chartbrew/security/advisories/GHSA-mw4f-cf22-qpcj", "source": "security-advisories@github.com", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}, {"url": "https://github.com/chartbrew/chartbrew/security/advisories/GHSA-mw4f-cf22-qpcj", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}], "published": "2026-04-10T20:16:21.793", "last_modified": "2026-04-14T17:25:25.940", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00023, "epss_percentile": 0.06149, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40188", "description": "goshs is a SimpleHTTPServer written in Go. From 1.0.7 to before 2.0.0-beta.4, the SFTP command rename sanitizes only the source path and not the destination, so it is possible to write outside of the root directory of the SFTP. This vulnerability is fixed in 2.0.0-beta.4.", "cvss_score": 7.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-1314"], "affected_products": [{"vendor": "goshs", "product": "goshs", "cpe": "cpe:2.3:a:goshs:goshs:*:*:*:*:*:go:*:*"}, {"vendor": "goshs", "product": "goshs", "cpe": "cpe:2.3:a:goshs:goshs:2.0.0:beta1:*:*:*:go:*:*"}, {"vendor": "goshs", "product": "goshs", "cpe": "cpe:2.3:a:goshs:goshs:2.0.0:beta2:*:*:*:go:*:*"}, {"vendor": "goshs", "product": "goshs", "cpe": "cpe:2.3:a:goshs:goshs:2.0.0:beta3:*:*:*:go:*:*"}], "references": [{"url": "https://github.com/patrickhener/goshs/commit/141c188ce270ffbec087844a50e5e695b7da7744", "source": "security-advisories@github.com", "tags": ["Patch"]}, {"url": "https://github.com/patrickhener/goshs/releases/tag/v2.0.0-beta.4", "source": "security-advisories@github.com", "tags": ["Product", "Release Notes"]}, {"url": "https://github.com/patrickhener/goshs/security/advisories/GHSA-2943-crp8-38xx", "source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"]}, {"url": "https://github.com/patrickhener/goshs/security/advisories/GHSA-2943-crp8-38xx", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"]}], "published": "2026-04-10T20:16:23.733", "last_modified": "2026-04-14T20:15:28.567", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00025, "epss_percentile": 0.06814, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4150", "description": "GIMP PSD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28807.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-190"], "affected_products": [{"vendor": "gimp", "product": "gimp", "cpe": "cpe:2.3:a:gimp:gimp:3.0.8:*:*:*:*:*:*:*"}], "references": [{"url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/00afdabdadeb5457fd897878b1e5aebc3780af10", "source": "zdi-disclosures@trendmicro.com", "tags": ["Patch"]}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-26-217/", "source": "zdi-disclosures@trendmicro.com", "tags": ["Third Party Advisory"]}], "published": "2026-04-11T01:16:16.560", "last_modified": "2026-04-14T19:32:38.900", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00063, "epss_percentile": 0.19465, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4151", "description": "GIMP ANI File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of ANI files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28813.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-190"], "affected_products": [{"vendor": "gimp", "product": "gimp", "cpe": "cpe:2.3:a:gimp:gimp:3.0.8:*:*:*:*:*:*:*"}], "references": [{"url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/09e5459de913172fc51da3bd6b6adc533acd368e", "source": "zdi-disclosures@trendmicro.com", "tags": ["Patch"]}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-26-218/", "source": "zdi-disclosures@trendmicro.com", "tags": ["Third Party Advisory"]}], "published": "2026-04-11T01:16:16.697", "last_modified": "2026-04-14T19:32:53.477", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00063, "epss_percentile": 0.19465, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4152", "description": "GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28863.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-122", "CWE-787"], "affected_products": [{"vendor": "gimp", "product": "gimp", "cpe": "cpe:2.3:a:gimp:gimp:3.0.8:*:*:*:*:*:*:*"}], "references": [{"url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/f64c9c23ba3c37dc7b875a9fb477c23953b4666e", "source": "zdi-disclosures@trendmicro.com", "tags": ["Patch"]}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-26-219/", "source": "zdi-disclosures@trendmicro.com", "tags": ["Third Party Advisory"]}], "published": "2026-04-11T01:16:16.830", "last_modified": "2026-04-14T19:32:46.420", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00058, "epss_percentile": 0.17923, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4153", "description": "GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of PSP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28874.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-122", "CWE-787"], "affected_products": [{"vendor": "gimp", "product": "gimp", "cpe": "cpe:2.3:a:gimp:gimp:3.0.8:*:*:*:*:*:*:*"}], "references": [{"url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/98cb1371fd4e22cca75017ea3252dc32fc218712", "source": "zdi-disclosures@trendmicro.com", "tags": ["Patch"]}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-26-220/", "source": "zdi-disclosures@trendmicro.com", "tags": ["Third Party Advisory"]}], "published": "2026-04-11T01:16:16.963", "last_modified": "2026-04-14T19:33:01.767", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00058, "epss_percentile": 0.17923, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4154", "description": "GIMP XPM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of XPM files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28901.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-190"], "affected_products": [{"vendor": "gimp", "product": "gimp", "cpe": "cpe:2.3:a:gimp:gimp:3.0.8:*:*:*:*:*:*:*"}], "references": [{"url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/2e7ed91793792d9e980b2df4c829e9aa60459253", "source": "zdi-disclosures@trendmicro.com", "tags": ["Patch"]}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-26-221/", "source": "zdi-disclosures@trendmicro.com", "tags": ["Third Party Advisory"]}], "published": "2026-04-11T01:16:17.093", "last_modified": "2026-04-14T19:33:09.423", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00063, "epss_percentile": 0.19465, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4155", "description": "ChargePoint Home Flex Inclusion of Sensitive Information in Source Code Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the genpw script. The issue results from the inclusion of a secret cryptographic seed value within the script. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-26340.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-540"], "affected_products": [], "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-26-195/", "source": "zdi-disclosures@trendmicro.com", "tags": []}], "published": "2026-04-11T01:16:17.230", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00238, "epss_percentile": 0.46874, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5054", "description": "NoMachine External Control of File Path Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the handling of command line parameters. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-28630.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-73"], "affected_products": [], "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-26-248/", "source": "zdi-disclosures@trendmicro.com", "tags": []}], "published": "2026-04-11T01:16:17.890", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00015, "epss_percentile": 0.02856, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5055", "description": "NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine.  An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the NoMachine Device Server. The product loads a library from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-28494.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-427"], "affected_products": [], "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-26-249/", "source": "zdi-disclosures@trendmicro.com", "tags": []}], "published": "2026-04-11T01:16:18.017", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00014, "epss_percentile": 0.02584, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5493", "description": "Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of PDSPRJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25718.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-787"], "affected_products": [], "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-26-255/", "source": "zdi-disclosures@trendmicro.com", "tags": []}], "published": "2026-04-11T01:16:18.427", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00046, "epss_percentile": 0.14093, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5494", "description": "Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the processing of PDSPRJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25719.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-787"], "affected_products": [], "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-26-256/", "source": "zdi-disclosures@trendmicro.com", "tags": []}], "published": "2026-04-11T01:16:18.563", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00046, "epss_percentile": 0.14093, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5495", "description": "Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the processing of PDSPRJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25720.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-787"], "affected_products": [], "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-26-257/", "source": "zdi-disclosures@trendmicro.com", "tags": []}], "published": "2026-04-11T01:16:18.697", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00046, "epss_percentile": 0.14093, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5496", "description": "Labcenter Electronics Proteus PDSPRJ File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of PDSPRJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25717.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-843"], "affected_products": [], "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-26-254/", "source": "zdi-disclosures@trendmicro.com", "tags": []}], "published": "2026-04-11T01:16:18.830", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00046, "epss_percentile": 0.14093, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34853", "description": "Permission bypass vulnerability in the LBS module.\nImpact: Successful exploitation of this vulnerability may affect availability.", "cvss_score": 7.7, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-270"], "affected_products": [], "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2026/4/", "source": "psirt@huawei.com", "tags": []}, {"url": "https://consumer.huawei.com/en/support/bulletinvision/2026/4/", "source": "psirt@huawei.com", "tags": []}], "published": "2026-04-13T04:16:12.217", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 5e-05, "epss_percentile": 0.00267, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27238", "description": "InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-122"], "affected_products": [], "references": [{"url": "https://helpx.adobe.com/security/products/indesign/apsb26-32.html", "source": "psirt@adobe.com", "tags": []}], "published": "2026-04-14T17:16:47.717", "last_modified": "2026-04-14T17:16:47.717", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27283", "description": "InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-416"], "affected_products": [], "references": [{"url": "https://helpx.adobe.com/security/products/indesign/apsb26-32.html", "source": "psirt@adobe.com", "tags": []}], "published": "2026-04-14T17:16:47.883", "last_modified": "2026-04-14T17:16:47.883", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27284", "description": "InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-125"], "affected_products": [], "references": [{"url": "https://helpx.adobe.com/security/products/indesign/apsb26-32.html", "source": "psirt@adobe.com", "tags": []}], "published": "2026-04-14T17:16:48.040", "last_modified": "2026-04-14T17:16:48.040", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27291", "description": "InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-787"], "affected_products": [], "references": [{"url": "https://helpx.adobe.com/security/products/indesign/apsb26-32.html", "source": "psirt@adobe.com", "tags": []}], "published": "2026-04-14T17:16:48.507", "last_modified": "2026-04-14T17:16:48.507", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-20930", "description": "Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-362"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20930", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:16:43.393", "last_modified": "2026-04-14T18:16:43.393", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-23657", "description": "Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-416"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23657", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:16:44.327", "last_modified": "2026-04-14T18:16:44.327", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-26143", "description": "Improper input validation in Microsoft PowerShell allows an unauthorized attacker to bypass a security feature locally.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-20"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26143", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:16:45.620", "last_modified": "2026-04-14T18:16:45.620", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-26153", "description": "Out-of-bounds read in Windows Encrypting File System (EFS) allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-125"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26153", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:16:46.670", "last_modified": "2026-04-14T18:16:46.670", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-26156", "description": "Heap-based buffer overflow in Windows Hyper-V allows an unauthorized attacker to execute code locally.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-20", "CWE-122", "CWE-125"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26156", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:16:47.810", "last_modified": "2026-04-14T18:16:47.810", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-26159", "description": "Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-306"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26159", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:16:48.123", "last_modified": "2026-04-14T18:16:48.123", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-26160", "description": "Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-306"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26160", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:16:48.463", "last_modified": "2026-04-14T18:16:48.463", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-26161", "description": "Untrusted pointer dereference in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-20", "CWE-822"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26161", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:16:48.840", "last_modified": "2026-04-14T18:16:48.840", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-26162", "description": "Access of resource using incompatible type ('type confusion') in Windows OLE allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-843"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26162", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:16:49.133", "last_modified": "2026-04-14T18:16:49.133", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-26163", "description": "Double free in Windows Kernel allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-415"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26163", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:16:49.473", "last_modified": "2026-04-14T18:16:49.473", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-26168", "description": "Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-362", "CWE-416"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26168", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:16:50.607", "last_modified": "2026-04-14T18:16:50.607", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}, {"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-26170", "description": "Improper input validation in Microsoft PowerShell allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-20"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26170", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:16:51.263", "last_modified": "2026-04-14T18:16:51.263", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-26172", "description": "Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-362", "CWE-416"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26172", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:16:51.757", "last_modified": "2026-04-14T18:16:51.757", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}, {"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-26176", "description": "Heap-based buffer overflow in Windows Client Side Caching driver (csc.sys) allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-122"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26176", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:16:53.003", "last_modified": "2026-04-14T18:16:53.003", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-26179", "description": "Double free in Windows Kernel allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-415"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26179", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:16:54.013", "last_modified": "2026-04-14T18:16:54.013", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-26180", "description": "Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-122"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26180", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:16:54.240", "last_modified": "2026-04-14T18:16:54.240", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-26181", "description": "Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-362", "CWE-416"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26181", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:16:54.590", "last_modified": "2026-04-14T18:16:54.590", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}, {"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-26183", "description": "Improper access control in Windows RPC API allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-284"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26183", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:16:55.187", "last_modified": "2026-04-14T18:16:55.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-26184", "description": "Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-126"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26184", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:16:55.440", "last_modified": "2026-04-14T18:16:55.440", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27907", "description": "Integer underflow (wrap or wraparound) in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-191"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27907", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:16:57.037", "last_modified": "2026-04-14T18:16:57.037", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27909", "description": "Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-416"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27909", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:16:57.613", "last_modified": "2026-04-14T18:16:57.613", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27910", "description": "Improper handling of insufficient permissions or privileges in Windows Installer allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-280"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27910", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:16:57.953", "last_modified": "2026-04-14T18:16:57.953", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27911", "description": "Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-362", "CWE-416"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27911", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:16:58.297", "last_modified": "2026-04-14T18:16:58.297", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}, {"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27913", "description": "Improper input validation in Windows BitLocker allows an unauthorized attacker to bypass a security feature locally.", "cvss_score": 7.7, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-20"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27913", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:16:58.860", "last_modified": "2026-04-14T18:16:58.860", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27914", "description": "Improper access control in Microsoft Management Console allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-284"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27914", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:16:59.180", "last_modified": "2026-04-14T18:16:59.180", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27915", "description": "Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-416"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27915", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:16:59.520", "last_modified": "2026-04-14T18:16:59.520", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27916", "description": "Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-416"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27916", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:16:59.870", "last_modified": "2026-04-14T18:16:59.870", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27918", "description": "Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Shell allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-362"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27918", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:00.720", "last_modified": "2026-04-14T18:17:00.720", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27919", "description": "Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-822"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27919", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:01.037", "last_modified": "2026-04-14T18:17:01.037", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27920", "description": "Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-822"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27920", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:01.603", "last_modified": "2026-04-14T18:17:01.603", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27923", "description": "Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-416"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27923", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:02.670", "last_modified": "2026-04-14T18:17:02.670", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27924", "description": "Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-416"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27924", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:03.020", "last_modified": "2026-04-14T18:17:03.020", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27927", "description": "Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Projected File System allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-362", "CWE-416"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27927", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:03.880", "last_modified": "2026-04-14T18:17:03.880", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}, {"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32069", "description": "Double free in Windows Projected File System allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-415"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32069", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:06.930", "last_modified": "2026-04-14T18:17:06.930", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32074", "description": "Double free in Windows Projected File System allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-415"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32074", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:08.480", "last_modified": "2026-04-14T18:17:08.480", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32076", "description": "Out-of-bounds read in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-125"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32076", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:09.120", "last_modified": "2026-04-14T18:17:09.120", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32077", "description": "Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-822"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32077", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:09.690", "last_modified": "2026-04-14T18:17:09.690", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32078", "description": "Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-416"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32078", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:10.033", "last_modified": "2026-04-14T18:17:10.033", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32089", "description": "Use after free in Windows Speech Brokered Api allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-362", "CWE-416"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32089", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:13.473", "last_modified": "2026-04-14T18:17:13.473", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}, {"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32090", "description": "Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech Brokered Api allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-362", "CWE-416"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32090", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:13.777", "last_modified": "2026-04-14T18:17:13.777", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}, {"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32152", "description": "Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-416"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32152", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:15.710", "last_modified": "2026-04-14T18:17:15.710", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32153", "description": "Use after free in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-362", "CWE-416"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32153", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:15.930", "last_modified": "2026-04-14T18:17:15.930", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}, {"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32154", "description": "Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-416"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32154", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:16.163", "last_modified": "2026-04-14T18:17:16.163", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32155", "description": "Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-416"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32155", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:16.463", "last_modified": "2026-04-14T18:17:16.463", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32158", "description": "Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-362", "CWE-416"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32158", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:17.383", "last_modified": "2026-04-14T18:17:17.383", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}, {"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32159", "description": "Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-362", "CWE-416"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32159", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:17.673", "last_modified": "2026-04-14T18:17:17.673", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}, {"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32160", "description": "Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-362"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32160", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:17.953", "last_modified": "2026-04-14T18:17:17.953", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32163", "description": "Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-362", "CWE-416"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32163", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:18.507", "last_modified": "2026-04-14T18:17:18.507", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}, {"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32164", "description": "Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-362"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32164", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:18.777", "last_modified": "2026-04-14T18:17:18.777", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32165", "description": "Use after free in Windows User Interface Core allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-362", "CWE-416"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32165", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:19.077", "last_modified": "2026-04-14T18:17:19.077", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}, {"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32168", "description": "Improper input validation in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-20"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32168", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:19.687", "last_modified": "2026-04-14T18:17:19.687", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32183", "description": "Improper neutralization of special elements used in a command ('command injection') in Windows Snipping Tool allows an unauthorized attacker to execute code locally.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-77"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32183", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:20.703", "last_modified": "2026-04-14T18:17:20.703", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32184", "description": "Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-502"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32184", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:21.777", "last_modified": "2026-04-14T18:17:21.777", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32189", "description": "Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-416"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32189", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:24.950", "last_modified": "2026-04-14T18:17:24.950", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32192", "description": "Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-502"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32192", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:25.723", "last_modified": "2026-04-14T18:17:25.723", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32197", "description": "Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-416"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32197", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:26.233", "last_modified": "2026-04-14T18:17:26.233", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32198", "description": "Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-416"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32198", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:26.473", "last_modified": "2026-04-14T18:17:26.473", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32199", "description": "Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-416"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32199", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:26.710", "last_modified": "2026-04-14T18:17:26.710", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32200", "description": "Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-416"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32200", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:26.957", "last_modified": "2026-04-14T18:17:26.957", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32222", "description": "Untrusted pointer dereference in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-822"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32222", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:30.290", "last_modified": "2026-04-14T18:17:30.290", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33095", "description": "Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-416"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33095", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:31.390", "last_modified": "2026-04-14T18:17:31.390", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33098", "description": "Use after free in Windows Container Isolation FS Filter Driver allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-416"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33098", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:31.830", "last_modified": "2026-04-14T18:17:31.830", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33101", "description": "Use after free in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-416"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33101", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:32.797", "last_modified": "2026-04-14T18:17:32.797", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33825", "description": "Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-1220"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33825", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:35.100", "last_modified": "2026-04-14T18:17:35.100", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34627", "description": "InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-122"], "affected_products": [], "references": [{"url": "https://helpx.adobe.com/security/products/indesign/apsb26-32.html", "source": "psirt@adobe.com", "tags": []}], "published": "2026-04-14T18:17:36.890", "last_modified": "2026-04-14T18:17:36.890", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34628", "description": "InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-122"], "affected_products": [], "references": [{"url": "https://helpx.adobe.com/security/products/indesign/apsb26-32.html", "source": "psirt@adobe.com", "tags": []}], "published": "2026-04-14T18:17:37.060", "last_modified": "2026-04-14T18:17:37.060", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34629", "description": "InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-122"], "affected_products": [], "references": [{"url": "https://helpx.adobe.com/security/products/indesign/apsb26-32.html", "source": "psirt@adobe.com", "tags": []}], "published": "2026-04-14T18:17:37.230", "last_modified": "2026-04-14T18:17:37.230", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27289", "description": "Photoshop Desktop versions 27.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-125"], "affected_products": [], "references": [{"url": "https://helpx.adobe.com/security/products/photoshop/apsb26-40.html", "source": "psirt@adobe.com", "tags": []}], "published": "2026-04-14T20:16:34.140", "last_modified": "2026-04-14T20:16:34.140", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27310", "description": "Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-122"], "affected_products": [], "references": [{"url": "https://helpx.adobe.com/security/products/bridge/apsb26-39.html", "source": "psirt@adobe.com", "tags": []}], "published": "2026-04-14T20:16:34.407", "last_modified": "2026-04-14T20:16:34.407", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27311", "description": "Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-122"], "affected_products": [], "references": [{"url": "https://helpx.adobe.com/security/products/bridge/apsb26-39.html", "source": "psirt@adobe.com", "tags": []}], "published": "2026-04-14T20:16:34.577", "last_modified": "2026-04-14T20:16:34.577", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27312", "description": "Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-122"], "affected_products": [], "references": [{"url": "https://helpx.adobe.com/security/products/bridge/apsb26-39.html", "source": "psirt@adobe.com", "tags": []}], "published": "2026-04-14T20:16:34.730", "last_modified": "2026-04-14T20:16:34.730", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27313", "description": "Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-122"], "affected_products": [], "references": [{"url": "https://helpx.adobe.com/security/products/bridge/apsb26-39.html", "source": "psirt@adobe.com", "tags": []}], "published": "2026-04-14T20:16:34.883", "last_modified": "2026-04-14T20:16:34.883", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34618", "description": "Illustrator versions 30.2, 29.8.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-787"], "affected_products": [], "references": [{"url": "https://helpx.adobe.com/security/products/illustrator/apsb26-42.html", "source": "psirt@adobe.com", "tags": []}], "published": "2026-04-14T20:16:47.523", "last_modified": "2026-04-14T20:16:47.523", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34630", "description": "Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "cvss_score": 7.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-122"], "affected_products": [], "references": [{"url": "https://helpx.adobe.com/security/products/bridge/apsb26-39.html", "source": "psirt@adobe.com", "tags": []}], "published": "2026-04-14T20:16:47.833", "last_modified": "2026-04-14T20:16:47.833", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40683", "description": "In OpenStack Keystone before 28.0.1, the LDAP identity backend does not convert the user enabled attribute to a boolean when the user_enabled_invert configuration option is False (the default). The _ldap_res_to_model method in the UserApi class only performed string-to-boolean conversion when user_enabled_invert was True. When False, the raw string value from LDAP (e.g. \"FALSE\") was used directly. Since non-empty strings are truthy in Python, users marked as disabled in LDAP were treated as enabled by Keystone, allowing them to authenticate and perform actions. All deployments using the LDAP identity backend without user_enabled_invert=True or user_enabled_emulation are affected.", "cvss_score": 7.7, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-843"], "affected_products": [], "references": [{"url": "https://bugs.launchpad.net/keystone/+bug/2121152", "source": "cve@mitre.org", "tags": []}, {"url": "https://bugs.launchpad.net/keystone/+bug/2141713", "source": "cve@mitre.org", "tags": []}, {"url": "https://review.opendev.org/958205", "source": "cve@mitre.org", "tags": []}, {"url": "https://www.openwall.com/lists/oss-security/2026/04/14/9", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-14T20:16:48.203", "last_modified": "2026-04-14T20:16:48.203", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 23, "ats_level": "LOW", "ats_breakdown": {"severity": 23.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2021-3712", "description": "ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own \"d2i\" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the \"data\" and \"length\" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the \"data\" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).", "cvss_score": 7.4, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-125"], "affected_products": [{"vendor": "openssl", "product": "openssl", "cpe": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*"}, {"vendor": "openssl", "product": "openssl", "cpe": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*"}, {"vendor": "debian", "product": "debian_linux", "cpe": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"}, {"vendor": "debian", "product": "debian_linux", "cpe": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"}, {"vendor": "debian", "product": "debian_linux", "cpe": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*"}, {"vendor": "netapp", "product": "clustered_data_ontap", "cpe": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*"}, {"vendor": "netapp", "product": "clustered_data_ontap_antivirus_connector", "cpe": "cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*"}, {"vendor": "netapp", "product": "e-series_santricity_os_controller", "cpe": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*"}, {"vendor": "netapp", "product": "hci_management_node", "cpe": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*"}, {"vendor": "netapp", "product": "manageability_software_development_kit", "cpe": "cpe:2.3:a:netapp:manageability_software_development_kit:-:*:*:*:*:*:*:*"}, {"vendor": "netapp", "product": "santricity_smi-s_provider", "cpe": "cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*"}, {"vendor": "netapp", "product": "solidfire", "cpe": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*"}, {"vendor": "netapp", "product": "storage_encryption", "cpe": "cpe:2.3:a:netapp:storage_encryption:-:*:*:*:*:*:*:*"}, {"vendor": "mcafee", "product": "epolicy_orchestrator", "cpe": "cpe:2.3:a:mcafee:epolicy_orchestrator:*:*:*:*:*:*:*:*"}, {"vendor": "mcafee", "product": "epolicy_orchestrator", "cpe": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*"}, {"vendor": "mcafee", "product": "epolicy_orchestrator", "cpe": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*"}, {"vendor": "mcafee", "product": "epolicy_orchestrator", "cpe": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_10:*:*:*:*:*:*"}, {"vendor": "mcafee", "product": "epolicy_orchestrator", "cpe": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*"}, {"vendor": "mcafee", "product": "epolicy_orchestrator", "cpe": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*"}, {"vendor": "mcafee", "product": "epolicy_orchestrator", "cpe": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*"}, {"vendor": "mcafee", "product": "epolicy_orchestrator", "cpe": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*"}, {"vendor": "mcafee", "product": "epolicy_orchestrator", "cpe": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*"}, {"vendor": "mcafee", "product": "epolicy_orchestrator", "cpe": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_7:*:*:*:*:*:*"}, {"vendor": "mcafee", "product": "epolicy_orchestrator", "cpe": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_8:*:*:*:*:*:*"}, {"vendor": "mcafee", "product": "epolicy_orchestrator", "cpe": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_9:*:*:*:*:*:*"}, {"vendor": "tenable", "product": "nessus_network_monitor", "cpe": "cpe:2.3:a:tenable:nessus_network_monitor:*:*:*:*:*:*:*:*"}, {"vendor": "tenable", "product": "tenable.sc", "cpe": "cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "essbase", "cpe": "cpe:2.3:a:oracle:essbase:*:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "essbase", "cpe": "cpe:2.3:a:oracle:essbase:*:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "essbase", "cpe": "cpe:2.3:a:oracle:essbase:21.3:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "mysql_connectors", "cpe": "cpe:2.3:a:oracle:mysql_connectors:*:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "mysql_enterprise_monitor", "cpe": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "mysql_server", "cpe": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "mysql_server", "cpe": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "mysql_workbench", "cpe": "cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "peoplesoft_enterprise_peopletools", "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "peoplesoft_enterprise_peopletools", "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "peoplesoft_enterprise_peopletools", "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "secure_backup", "cpe": "cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "zfs_storage_appliance_kit", "cpe": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "sinec_infrastructure_network_services", "cpe": "cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "communications_cloud_native_core_console", "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "communications_cloud_native_core_security_edge_protection_proxy", "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "communications_cloud_native_core_unified_data_repository", "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "communications_session_border_controller", "cpe": "cpe:2.3:a:oracle:communications_session_border_controller:8.4:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "communications_session_border_controller", "cpe": "cpe:2.3:a:oracle:communications_session_border_controller:9.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "communications_unified_session_manager", "cpe": "cpe:2.3:a:oracle:communications_unified_session_manager:8.2.5:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "communications_unified_session_manager", "cpe": "cpe:2.3:a:oracle:communications_unified_session_manager:8.4.5:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "enterprise_communications_broker", "cpe": "cpe:2.3:a:oracle:enterprise_communications_broker:3.2.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "enterprise_communications_broker", "cpe": "cpe:2.3:a:oracle:enterprise_communications_broker:3.3.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "enterprise_session_border_controller", "cpe": "cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "enterprise_session_border_controller", "cpe": "cpe:2.3:a:oracle:enterprise_session_border_controller:9.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "health_sciences_inform_publisher", "cpe": "cpe:2.3:a:oracle:health_sciences_inform_publisher:6.2.1.0:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "health_sciences_inform_publisher", "cpe": "cpe:2.3:a:oracle:health_sciences_inform_publisher:6.3.1.1:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "jd_edwards_enterpriseone_tools", "cpe": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*"}, {"vendor": "oracle", "product": "jd_edwards_world_security", "cpe": "cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*"}], "references": [{"url": "http://www.openwall.com/lists/oss-security/2021/08/26/2", "source": "openssl-security@openssl.org", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-244969.pdf", "source": "openssl-security@openssl.org", "tags": ["Patch", "Third Party Advisory"]}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", "source": "openssl-security@openssl.org", "tags": ["Patch", "Third Party Advisory"]}, {"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=94d23fcff9b2a7a8368dfe52214d5c2569882c11", "source": "openssl-security@openssl.org", "tags": []}, {"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ccb0a11145ee72b042d10593a64eaf9e8a55ec12", "source": "openssl-security@openssl.org", "tags": []}, {"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10366", "source": "openssl-security@openssl.org", "tags": ["Third Party Advisory"]}, {"url": "https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e%40%3Cdev.tomcat.apache.org%3E", "source": "openssl-security@openssl.org", "tags": []}, {"url": "https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1%40%3Cdev.tomcat.apache.org%3E", "source": "openssl-security@openssl.org", "tags": []}, {"url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00014.html", "source": "openssl-security@openssl.org", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00021.html", "source": "openssl-security@openssl.org", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://security.gentoo.org/glsa/202209-02", "source": "openssl-security@openssl.org", "tags": ["Third Party Advisory"]}, {"url": "https://security.gentoo.org/glsa/202210-02", "source": "openssl-security@openssl.org", "tags": ["Third Party Advisory"]}, {"url": "https://security.netapp.com/advisory/ntap-20210827-0010/", "source": "openssl-security@openssl.org", "tags": ["Third Party Advisory"]}, {"url": "https://security.netapp.com/advisory/ntap-20240621-0006/", "source": "openssl-security@openssl.org", "tags": []}, {"url": "https://www.debian.org/security/2021/dsa-4963", "source": "openssl-security@openssl.org", "tags": ["Third Party Advisory"]}, {"url": "https://www.openssl.org/news/secadv/20210824.txt", "source": "openssl-security@openssl.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "source": "openssl-security@openssl.org", "tags": ["Patch", "Third Party Advisory"]}, {"url": "https://www.oracle.com/security-alerts/cpujan2022.html", "source": "openssl-security@openssl.org", "tags": ["Third Party Advisory"]}, {"url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "source": "openssl-security@openssl.org", "tags": ["Patch", "Third Party Advisory"]}, {"url": "https://www.tenable.com/security/tns-2021-16", "source": "openssl-security@openssl.org", "tags": ["Third Party Advisory"]}, {"url": "https://www.tenable.com/security/tns-2022-02", "source": "openssl-security@openssl.org", "tags": ["Patch", "Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2021/08/26/2", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-244969.pdf", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"]}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"]}, {"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=94d23fcff9b2a7a8368dfe52214d5c2569882c11", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ccb0a11145ee72b042d10593a64eaf9e8a55ec12", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10366", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e%40%3Cdev.tomcat.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1%40%3Cdev.tomcat.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00014.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00021.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://security.gentoo.org/glsa/202209-02", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://security.gentoo.org/glsa/202210-02", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://security.netapp.com/advisory/ntap-20210827-0010/", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://security.netapp.com/advisory/ntap-20240621-0006/", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://www.debian.org/security/2021/dsa-4963", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://www.openssl.org/news/secadv/20210824.txt", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"]}, {"url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"]}, {"url": "https://www.oracle.com/security-alerts/cpujan2022.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"]}, {"url": "https://www.tenable.com/security/tns-2021-16", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://www.tenable.com/security/tns-2022-02", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"]}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-019200.html", "source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e", "tags": []}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-028723.html", "source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e", "tags": []}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-244969.html", "source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e", "tags": []}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-389290.html", "source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e", "tags": []}], "published": "2021-08-24T15:15:09.533", "last_modified": "2026-04-14T10:16:19.577", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00413, "epss_percentile": 0.61516, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.2, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-1936", "description": "jar: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was used to determine the type of content. This could have been used to hide code in a web extension disguised as something else like an image. This vulnerability was fixed in Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-158"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1940027", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-14/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-16/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-17/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-18/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00006.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-03-04T14:15:38.500", "last_modified": "2026-04-13T15:16:52.820", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00152, "epss_percentile": 0.35844, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-3029", "description": "A crafted URL containing specific Unicode characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability was fixed in Firefox 137, Firefox ESR 128.9, Thunderbird 137, and Thunderbird 128.9.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-290"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1952213", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-20/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-22/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-23/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-24/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00005.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-04-01T13:15:41.290", "last_modified": "2026-04-13T15:16:56.460", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00654, "epss_percentile": 0.70919, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.2, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-3032", "description": "Leaking of file descriptors from the fork server to web content processes could allow for privilege escalation attacks. This vulnerability was fixed in Firefox 137 and Thunderbird 137.", "cvss_score": 7.4, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-403"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1949987", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-20/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-23/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-04-01T13:15:41.587", "last_modified": "2026-04-13T15:16:56.993", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00239, "epss_percentile": 0.46961, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.2, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-5270", "description": "In certain cases, SNI could have been sent unencrypted even when encrypted DNS was enabled. This vulnerability was fixed in Firefox 139 and Thunderbird 139.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-319"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1910298", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-42/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-45/", "source": "security@mozilla.org", "tags": []}], "published": "2025-05-27T13:15:22.823", "last_modified": "2026-04-13T15:17:05.097", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00168, "epss_percentile": 0.38008, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-5272", "description": "Memory safety bugs present in Firefox 138 and Thunderbird 138. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 139 and Thunderbird 139.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-787"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1726254%2C1742738%2C1960121", "source": "security@mozilla.org", "tags": ["Broken Link"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-42/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-45/", "source": "security@mozilla.org", "tags": []}], "published": "2025-05-27T13:15:23.023", "last_modified": "2026-04-13T15:17:05.430", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00367, "epss_percentile": 0.58636, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-55029", "description": "Malicious scripts could bypass the popup blocker to spam new tabs, potentially resulting in denial of service attacks. This vulnerability was fixed in Firefox for iOS 142.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-400"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:iphone_os:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1973577", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-68/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-08-19T21:15:28.090", "last_modified": "2026-04-13T15:17:02.503", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00108, "epss_percentile": 0.29024, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-9182", "description": "Denial-of-service due to out-of-memory in the Graphics: WebRender component. This vulnerability was fixed in Firefox 142, Firefox ESR 140.2, Thunderbird 142, and Thunderbird 140.2.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-400"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1975837", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-64/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-67/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-70/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-72/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-08-19T21:15:30.650", "last_modified": "2026-04-13T15:17:13.967", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00085, "epss_percentile": 0.24682, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-10528", "description": "Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-693"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1986185", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-73/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-75/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-77/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-78/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00020.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00026.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-09-16T13:15:45.017", "last_modified": "2026-04-13T15:16:35.970", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00092, "epss_percentile": 0.25904, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-10535", "description": "Information disclosure, mitigation bypass in the Privacy component in Firefox for Android. This vulnerability was fixed in Firefox 143.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-200"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1979918", "source": "security@mozilla.org", "tags": ["Broken Link"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-73/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-09-16T13:15:48.503", "last_modified": "2026-04-13T15:16:37.213", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00044, "epss_percentile": 0.13343, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1005", "name": "Data from Local System", "tactic": "Collection"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-11153", "description": "JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 143.0.3.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-94"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1987481", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-80/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-09-30T13:15:48.790", "last_modified": "2026-04-13T15:16:39.020", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00035, "epss_percentile": 0.10093, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-13012", "description": "Race condition in the Graphics component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and Thunderbird 140.5.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-362"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1991458", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-87/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-88/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-89/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-90/", "source": "security@mozilla.org", "tags": []}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-91/", "source": "security@mozilla.org", "tags": []}], "published": "2025-11-11T16:15:38.253", "last_modified": "2026-04-13T15:16:41.930", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00033, "epss_percentile": 0.09614, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-13016", "description": "Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-703"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1992130", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-87/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-88/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-90/", "source": "security@mozilla.org", "tags": []}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-91/", "source": "security@mozilla.org", "tags": []}], "published": "2025-11-11T16:15:38.677", "last_modified": "2026-04-13T15:16:42.657", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00047, "epss_percentile": 0.14492, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-13025", "description": "Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and Thunderbird 145.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-276"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1994022", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-87/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-90/", "source": "security@mozilla.org", "tags": []}], "published": "2025-11-11T16:15:39.613", "last_modified": "2026-04-13T15:16:44.300", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00032, "epss_percentile": 0.09006, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-66453", "description": "Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an attacker controlled float poing number into the toFixed() function, it might lead to high CPU consumption and a potential Denial of Service. Small numbers go through this call stack: NativeNumber.numTo > DToA.JS_dtostr > DToA.JS_dtoa > DToA.pow5mult where pow5mult attempts to raise 5 to a ridiculous power. This vulnerability is fixed in 1.8.1, 1.7.15.1, and 1.7.14.1.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-400"], "affected_products": [{"vendor": "mozilla", "product": "rhino", "cpe": "cpe:2.3:a:mozilla:rhino:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "rhino", "cpe": "cpe:2.3:a:mozilla:rhino:1.7.15:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "rhino", "cpe": "cpe:2.3:a:mozilla:rhino:1.8.0:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/mozilla/rhino/security/advisories/GHSA-3w8q-xq97-5j7x", "source": "security-advisories@github.com", "tags": ["Vendor Advisory"]}], "published": "2025-12-03T20:16:26.897", "last_modified": "2026-04-14T15:39:20.143", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00143, "epss_percentile": 0.3457, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-14325", "description": "JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-843"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1998050", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-92/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-94/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-95/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-96/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-12-09T16:17:40.010", "last_modified": "2026-04-13T15:16:45.593", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00115, "epss_percentile": 0.3016, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-14327", "description": "Spoofing issue in the Downloads Panel component. This vulnerability was fixed in Firefox 146, Thunderbird 146, Firefox ESR 140.7, and Thunderbird 140.7.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-290", "CWE-290"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1970743", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-92/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-95/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-03/", "source": "security@mozilla.org", "tags": []}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-05/", "source": "security@mozilla.org", "tags": []}], "published": "2025-12-09T16:17:40.227", "last_modified": "2026-04-13T15:16:45.950", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00016, "epss_percentile": 0.03382, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-14332", "description": "Memory safety bugs present in Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 146 and Thunderbird 146.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-787", "CWE-787"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1963153%2C1985058%2C1995637%2C1997118", "source": "security@mozilla.org", "tags": ["Broken Link", "Issue Tracking"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-92/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-95/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-12-09T16:17:40.887", "last_modified": "2026-04-13T15:16:46.860", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0007, "epss_percentile": 0.21351, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-67133", "description": "An issue in Hero Motocorp Vida V1 Pro 2.0.7 allows a local attacker to cause a denial of service via the BLE component", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-400"], "affected_products": [{"vendor": "heromotocorp", "product": "vida_v1_pro_firmware", "cpe": "cpe:2.3:o:heromotocorp:vida_v1_pro_firmware:2.0.7:*:*:*:*:*:*:*"}], "references": [{"url": "https://threadpoolx.gitbook.io/docs/cve/cve-2025-67133-denial-of-service-via-unauthenticated-ble-connection", "source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://www.vidaworld.com/", "source": "cve@mitre.org", "tags": []}], "published": "2026-01-09T16:16:07.037", "last_modified": "2026-04-14T15:16:24.943", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00023, "epss_percentile": 0.06164, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-0889", "description": "Denial-of-service in the DOM: Service Workers component. This vulnerability was fixed in Firefox 147 and Thunderbird 147.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-400"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1999084", "source": "security@mozilla.org", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-01-13T14:16:39.437", "last_modified": "2026-04-13T15:17:18.280", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00023, "epss_percentile": 0.06084, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-67246", "description": "A local information disclosure vulnerability exists in the Ludashi driver before 5.1025 due to a lack of access control in the IOCTL handler. This driver exposes a device interface accessible to a normal user and handles attacker-controlled structures containing the lower 4GB of physical addresses. The handler maps arbitrary physical memory via MmMapIoSpace and copies data back to user mode without verifying the caller's privileges or the target address range. This allows unprivileged users to read arbitrary physical memory, potentially exposing kernel data structures, kernel pointers, security tokens, and other sensitive information. This vulnerability can be further exploited to bypass the Kernel Address Space Layout Rules (KASLR) and achieve local privilege escalation.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-269", "CWE-732"], "affected_products": [{"vendor": "ludashi", "product": "ludashi_driver", "cpe": "cpe:2.3:a:ludashi:ludashi_driver:*:*:*:*:*:*:*:*"}], "references": [{"url": "http://ludashi.com", "source": "cve@mitre.org", "tags": ["Product"]}, {"url": "https://github.com/CDipper/CVE-2025-67246", "source": "cve@mitre.org", "tags": []}, {"url": "https://github.com/CDipper/CVE-Publication", "source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"]}], "published": "2026-01-15T16:16:12.450", "last_modified": "2026-04-14T15:16:25.140", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00017, "epss_percentile": 0.04034, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-1837", "description": "A specially-crafted file can cause libjxl's decoder to write pixel data to uninitialized unallocated memory. Soon after that data from another uninitialized unallocated region is copied to pixel data.\n\nThis can be done by requesting color transformation of grayscale images to another grayscale color space. Buffers allocated for 1-float-per-pixel are used as if they are allocated for 3-float-per-pixel. That happens only if LCMS2 is used as CMS engine. There is another CMS engine available (selected by build flags).", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-805", "CWE-770"], "affected_products": [{"vendor": "libjxl_project", "product": "libjxl", "cpe": "cpe:2.3:a:libjxl_project:libjxl:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/libjxl/libjxl/issues/4549", "source": "cve-coordination@google.com", "tags": ["Exploit", "Issue Tracking", "Patch"]}, {"url": "https://github.com/libjxl/libjxl/issues/4549", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Issue Tracking", "Patch"]}], "published": "2026-02-11T16:16:04.697", "last_modified": "2026-04-14T00:51:40.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0003, "epss_percentile": 0.08411, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2783", "description": "Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-843", "CWE-200"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2010943", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-02-24T14:16:26.747", "last_modified": "2026-04-13T15:17:26.120", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0004, "epss_percentile": 0.11987, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1005", "name": "Data from Local System", "tactic": "Collection"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2794", "description": "Information disclosure due to uninitialized memory in Firefox and Firefox Focus for Android. This vulnerability was fixed in Firefox 148.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-908", "CWE-908"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2008365", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-02-24T14:16:27.897", "last_modified": "2026-04-13T15:17:28.313", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00038, "epss_percentile": 0.11403, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2801", "description": "Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-754", "CWE-754"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2009901", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-02-24T14:16:28.610", "last_modified": "2026-04-13T15:17:31.090", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00057, "epss_percentile": 0.17765, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2803", "description": "Information disclosure, mitigation bypass in the Settings UI component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-200", "CWE-693"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2012012", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-02-24T14:16:28.810", "last_modified": "2026-04-13T15:17:31.500", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00057, "epss_percentile": 0.17785, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1005", "name": "Data from Local System", "tactic": "Collection"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27896", "description": "The Go MCP SDK used Go's standard encoding/json.Unmarshal for JSON-RPC and MCP protocol message parsing in versions prior to 1.3.1. Go's standard library performs case-insensitive matching of JSON keys to struct field tags — a field tagged json:\"method\" would also match \"Method\", \"METHOD\", etc. This violated the JSON-RPC 2.0 specification, which defines exact field names. A malicious MCP peer may have been able to send protocol messages with non-standard field casing that the SDK would silently accept. This had the potential for bypassing intermediary inspection and coss-implementation inconsistency. Go's standard JSON unmarshaling was replaced with a case-sensitive decoder in commit 7b8d81c. Users are advised to update to v1.3.1 to resolve this issue.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-178", "CWE-436"], "affected_products": [{"vendor": "lfprojects", "product": "mcp_go_sdk", "cpe": "cpe:2.3:a:lfprojects:mcp_go_sdk:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/modelcontextprotocol/go-sdk/commit/7b8d81c264074404abdf5aa16e2cf0c2d9c64cc0", "source": "security-advisories@github.com", "tags": ["Patch"]}, {"url": "https://github.com/modelcontextprotocol/go-sdk/security/advisories/GHSA-wvj2-96wp-fq3f", "source": "security-advisories@github.com", "tags": ["Patch", "Vendor Advisory"]}], "published": "2026-02-26T01:16:25.630", "last_modified": "2026-04-14T00:40:00.510", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00044, "epss_percentile": 0.13194, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-29059", "description": "Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Prior to version 1.603.3, an unauthenticated path traversal vulnerability exists in Windmill's get_log_file endpoint \"(/api/w/{workspace}/jobs_u/get_log_file/{filename})\". The filename parameter is concatenated into a file path without sanitization, allowing an attacker to read arbitrary files on the server using ../ sequences. This issue has been patched in version 1.603.3.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-22"], "affected_products": [{"vendor": "windmill", "product": "windmill", "cpe": "cpe:2.3:a:windmill:windmill:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/windmill-labs/windmill/releases/tag/v1.603.3", "source": "security-advisories@github.com", "tags": ["Release Notes"]}, {"url": "https://github.com/windmill-labs/windmill/security/advisories/GHSA-24fr-44f8-fqwg", "source": "security-advisories@github.com", "tags": ["Vendor Advisory"]}, {"url": "https://github.com/Chocapikk/Windfall", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Product"]}], "published": "2026-03-06T08:16:26.437", "last_modified": "2026-04-14T17:48:25.300", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00178, "epss_percentile": 0.39364, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1083", "name": "File and Directory Discovery", "tactic": "Discovery"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-29087", "description": "@hono/node-server allows running the Hono application on Node.js. Prior to version 1.19.10, when using @hono/node-server's static file serving together with route-based middleware protections (e.g. protecting /admin/*), inconsistent URL decoding can allow protected static resources to be accessed without authorization. In particular, paths containing encoded slashes (%2F) may be evaluated differently by routing/middleware matching versus static file path resolution, enabling a bypass where middleware does not run but the static file is still served. This issue has been patched in version 1.19.10.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-863"], "affected_products": [{"vendor": "hono", "product": "node-server", "cpe": "cpe:2.3:a:hono:node-server:*:*:*:*:*:node.js:*:*"}], "references": [{"url": "https://github.com/honojs/node-server/commit/455015be1697dd89974a68b70350ea7b2d126d2e", "source": "security-advisories@github.com", "tags": ["Patch"]}, {"url": "https://github.com/honojs/node-server/security/advisories/GHSA-wc8c-qw6v-h7f6", "source": "security-advisories@github.com", "tags": ["Vendor Advisory"]}], "published": "2026-03-06T18:16:19.757", "last_modified": "2026-04-14T17:36:58.930", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00016, "epss_percentile": 0.03586, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-25667", "description": "ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0 before 9.0.11 allows a remote attacker to cause excessive CPU consumption by sending a crafted QUIC packet, because of an incorrect exit condition for HTTP/3 Encoder/Decoder stream processing.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-400"], "affected_products": [{"vendor": "microsoft", "product": ".net", "cpe": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*"}, {"vendor": "microsoft", "product": ".net", "cpe": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/IsaJafarov/Kestrel-DoS", "source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://github.com/dotnet/aspnetcore/commit/96ccc40a0e095424b19506e8268b9b1a3e23d6a7#diff-667d5b3693f93a0f706ab211428998b210862f9b885d917104d2013118312626", "source": "cve@mitre.org", "tags": ["Patch"]}], "published": "2026-03-19T19:16:19.880", "last_modified": "2026-04-14T20:47:28.817", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00141, "epss_percentile": 0.34309, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-55988", "description": "An issue in the component /Controllers/RestController.php of DreamFactory Core v1.0.3 allows attackers to execute a directory traversal via an unsanitized URI path.", "cvss_score": 7.2, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-22"], "affected_products": [{"vendor": "dreamfactory", "product": "dreamfactory_core", "cpe": "cpe:2.3:a:dreamfactory:dreamfactory_core:1.0.3:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/dreamfactorysoftware/df-core/commit/54354605b2ec9afe6ee96756a5a22f6f56828950#diff-e57a7c0af25166ac8f02695307c6c413ca4ba0a48a20b2202ad910654528aab1", "source": "cve@mitre.org", "tags": ["Patch"]}, {"url": "https://pentest-tools.com/PTT-2025-001-RemoteCodeExecution-via-URL-Path-Traversal.pdf", "source": "cve@mitre.org", "tags": ["Third Party Advisory"]}], "published": "2026-03-20T21:17:12.300", "last_modified": "2026-04-14T19:27:15.650", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00106, "epss_percentile": 0.2869, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1083", "name": "File and Directory Discovery", "tactic": "Discovery"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.6, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33151", "description": "Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to make the server run out of memory. This issue has been patched in versions 3.3.5, 3.4.4, and 4.2.6.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-20", "CWE-754"], "affected_products": [{"vendor": "socket", "product": "socket.io-parser", "cpe": "cpe:2.3:a:socket:socket.io-parser:*:*:*:*:*:node.js:*:*"}, {"vendor": "socket", "product": "socket.io-parser", "cpe": "cpe:2.3:a:socket:socket.io-parser:*:*:*:*:*:node.js:*:*"}, {"vendor": "socket", "product": "socket.io-parser", "cpe": "cpe:2.3:a:socket:socket.io-parser:*:*:*:*:*:node.js:*:*"}], "references": [{"url": "https://github.com/socketio/socket.io/commit/719f9ebab0772ffb882bd614b387e585c1aa75d4", "source": "security-advisories@github.com", "tags": ["Patch"]}, {"url": "https://github.com/socketio/socket.io/commit/9d39f1f080510f036782f2177fac701cc041faaf", "source": "security-advisories@github.com", "tags": ["Patch"]}, {"url": "https://github.com/socketio/socket.io/commit/b25738c416c4e32fbff62ee182afa8f6d0dacf78", "source": "security-advisories@github.com", "tags": ["Patch"]}, {"url": "https://github.com/socketio/socket.io/security/advisories/GHSA-677m-j7p3-52f9", "source": "security-advisories@github.com", "tags": ["Patch", "Vendor Advisory"]}], "published": "2026-03-20T21:17:15.573", "last_modified": "2026-04-14T18:22:20.150", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.001, "epss_percentile": 0.27709, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33154", "description": "dynaconf is a configuration management tool for Python. Prior to version 3.2.13, Dynaconf is vulnerable to Server-Side Template Injection (SSTI) due to unsafe template evaluation in the @Jinja resolver. When the jinja2 package is installed, Dynaconf evaluates template expressions embedded in configuration values without a sandboxed environment. This issue has been patched in version 3.2.13.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-94", "CWE-1336", "CWE-78"], "affected_products": [{"vendor": "dynaconf", "product": "dynaconf", "cpe": "cpe:2.3:a:dynaconf:dynaconf:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/dynaconf/dynaconf/commit/2fbb45ee36b8c0caa5b924fe19f3c1a5e8603fa7", "source": "security-advisories@github.com", "tags": ["Patch"]}, {"url": "https://github.com/dynaconf/dynaconf/releases/tag/3.2.13", "source": "security-advisories@github.com", "tags": ["Release Notes"]}, {"url": "https://github.com/dynaconf/dynaconf/security/advisories/GHSA-pxrr-hq57-q35p", "source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"]}], "published": "2026-03-20T21:17:15.740", "last_modified": "2026-04-14T18:23:14.307", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0005, "epss_percentile": 0.15368, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33155", "description": "DeepDiff is a project focused on Deep Difference and search of any Python data. From version 5.0.0 to before version 8.6.2, the pickle unpickler _RestrictedUnpickler validates which classes can be loaded but does not limit their constructor arguments. A few of the types in SAFE_TO_IMPORT have constructors that allocate memory proportional to their input (builtins.bytes, builtins.list, builtins.range). A 40-byte pickle payload can force 10+ GB of memory, which crashes applications that load delta objects or call pickle_load with untrusted data. This issue has been patched in version 8.6.2.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-400", "CWE-770"], "affected_products": [{"vendor": "qluster", "product": "deepdiff", "cpe": "cpe:2.3:a:qluster:deepdiff:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/qlustered/deepdiff/commit/0d07ec21d12b46ef4e489383b363eadc22d990fb", "source": "security-advisories@github.com", "tags": ["Patch"]}, {"url": "https://github.com/qlustered/deepdiff/security/advisories/GHSA-54jj-px8x-5w5q", "source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"]}], "published": "2026-03-20T21:17:15.910", "last_modified": "2026-04-14T18:24:04.770", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00055, "epss_percentile": 0.17308, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32887", "description": "Effect is a TypeScript framework that consists of several packages that work together to help build TypeScript applications. Prior to version 3.20.0, when using `RpcServer.toWebHandler` (or `HttpApp.toWebHandlerRuntime`) inside a Next.js App Router route handler, any Node.js `AsyncLocalStorage`-dependent API called from within an Effect fiber can read another concurrent request's context — or no context at all. Under production traffic, `auth()` from `@clerk/nextjs/server` returns a different user's session. Version 3.20.0 contains a fix for the issue.", "cvss_score": 7.4, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-362"], "affected_products": [{"vendor": "effectful", "product": "effect", "cpe": "cpe:2.3:a:effectful:effect:*:*:*:*:*:node.js:*:*"}], "references": [{"url": "https://github.com/Effect-TS/effect/security/advisories/GHSA-38f7-945m-qr2g", "source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"]}], "published": "2026-03-20T22:16:27.980", "last_modified": "2026-04-14T18:41:28.923", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00011, "epss_percentile": 0.01332, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4684", "description": "Race condition, use-after-free in the Graphics: WebRender component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-362", "CWE-416"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2011129", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-21/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "source": "security@mozilla.org", "tags": []}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "source": "security@mozilla.org", "tags": []}], "published": "2026-03-24T13:16:04.210", "last_modified": "2026-04-13T15:17:36.313", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00015, "epss_percentile": 0.02812, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}, {"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4685", "description": "Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-754", "CWE-754"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016349", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-21/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "source": "security@mozilla.org", "tags": []}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "source": "security@mozilla.org", "tags": []}], "published": "2026-03-24T13:16:04.323", "last_modified": "2026-04-13T15:17:36.533", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00024, "epss_percentile": 0.06268, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4686", "description": "Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-754", "CWE-754"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016351", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-21/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "source": "security@mozilla.org", "tags": []}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "source": "security@mozilla.org", "tags": []}], "published": "2026-03-24T13:16:04.440", "last_modified": "2026-04-13T15:17:36.743", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00024, "epss_percentile": 0.06268, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4693", "description": "Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-754", "CWE-754"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2018102", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-21/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "source": "security@mozilla.org", "tags": []}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "source": "security@mozilla.org", "tags": []}], "published": "2026-03-24T13:16:05.143", "last_modified": "2026-04-13T15:17:38.247", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00024, "epss_percentile": 0.06268, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4694", "description": "Incorrect boundary conditions, integer overflow in the Graphics component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-190", "CWE-754", "CWE-754"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2018430", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-21/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-03-24T13:16:05.247", "last_modified": "2026-04-13T15:17:38.437", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0002, "epss_percentile": 0.05377, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4695", "description": "Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-754", "CWE-754"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2020030", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "source": "security@mozilla.org", "tags": []}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "source": "security@mozilla.org", "tags": []}], "published": "2026-03-24T13:16:05.473", "last_modified": "2026-04-13T15:17:38.630", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00019, "epss_percentile": 0.05088, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4697", "description": "Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-754", "CWE-754"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2020422", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "source": "security@mozilla.org", "tags": []}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "source": "security@mozilla.org", "tags": []}], "published": "2026-03-24T13:16:05.687", "last_modified": "2026-04-13T15:17:38.993", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00019, "epss_percentile": 0.05088, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4699", "description": "Incorrect boundary conditions in the Layout: Text and Fonts component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-754", "CWE-754"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2021863", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-21/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "source": "security@mozilla.org", "tags": []}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "source": "security@mozilla.org", "tags": []}], "published": "2026-03-24T13:16:05.900", "last_modified": "2026-04-13T15:17:39.350", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00024, "epss_percentile": 0.06268, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4704", "description": "Denial-of-service in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-400"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014868", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "source": "security@mozilla.org", "tags": []}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "source": "security@mozilla.org", "tags": []}], "published": "2026-03-24T13:16:06.303", "last_modified": "2026-04-13T15:17:40.207", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00019, "epss_percentile": 0.05088, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4706", "description": "Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-754", "CWE-754"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2015091", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-21/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "source": "security@mozilla.org", "tags": []}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "source": "security@mozilla.org", "tags": []}], "published": "2026-03-24T13:16:06.503", "last_modified": "2026-04-13T15:17:40.580", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00024, "epss_percentile": 0.06268, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4707", "description": "Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-754", "CWE-754"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2015267", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-21/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "source": "security@mozilla.org", "tags": []}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "source": "security@mozilla.org", "tags": []}], "published": "2026-03-24T13:16:06.603", "last_modified": "2026-04-13T15:17:40.777", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00024, "epss_percentile": 0.06268, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4708", "description": "Incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-754", "CWE-754"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2015268", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "source": "security@mozilla.org", "tags": []}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "source": "security@mozilla.org", "tags": []}], "published": "2026-03-24T13:16:06.707", "last_modified": "2026-04-13T15:17:41.807", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0002, "epss_percentile": 0.0526, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4709", "description": "Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-754", "CWE-754"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016329", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016342", "source": "security@mozilla.org", "tags": []}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-21/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "source": "security@mozilla.org", "tags": []}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "source": "security@mozilla.org", "tags": []}], "published": "2026-03-24T13:16:06.810", "last_modified": "2026-04-13T15:17:41.983", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00024, "epss_percentile": 0.06264, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4712", "description": "Information disclosure in the Widget: Cocoa component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-200"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2017666", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "source": "security@mozilla.org", "tags": []}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "source": "security@mozilla.org", "tags": []}], "published": "2026-03-24T13:16:07.107", "last_modified": "2026-04-13T15:17:42.547", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00016, "epss_percentile": 0.03439, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1005", "name": "Data from Local System", "tactic": "Collection"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4713", "description": "Incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-754", "CWE-754"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2018113", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "source": "security@mozilla.org", "tags": []}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "source": "security@mozilla.org", "tags": []}], "published": "2026-03-24T13:16:07.217", "last_modified": "2026-04-13T15:17:42.720", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0002, "epss_percentile": 0.0526, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4714", "description": "Incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-754", "CWE-754"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2018126", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "source": "security@mozilla.org", "tags": []}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "source": "security@mozilla.org", "tags": []}], "published": "2026-03-24T13:16:07.313", "last_modified": "2026-04-13T15:17:42.893", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0002, "epss_percentile": 0.0526, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4719", "description": "Incorrect boundary conditions in the Graphics: Text component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-754", "CWE-119"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016367", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "source": "security@mozilla.org", "tags": []}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "source": "security@mozilla.org", "tags": []}], "published": "2026-03-24T13:16:07.793", "last_modified": "2026-04-13T15:17:43.833", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0002, "epss_percentile": 0.0526, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4726", "description": "Denial-of-service in the XML component. This vulnerability was fixed in Firefox 149 and Thunderbird 149.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-400"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1955311", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-03-24T13:16:08.473", "last_modified": "2026-04-13T15:17:45.073", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00017, "epss_percentile": 0.03962, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4727", "description": "Denial-of-service in the Libraries component in NSS. This vulnerability was fixed in Firefox 149 and Thunderbird 149.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-400"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2008112", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-03-24T13:16:08.570", "last_modified": "2026-04-13T15:17:45.243", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00017, "epss_percentile": 0.03962, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4371", "description": "A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were compromised, an attacker could cause the parser to malfunction, potentially crashing Thunderbird or leaking sensitive data. This vulnerability was fixed in Thunderbird 149 and Thunderbird 140.9.", "cvss_score": 7.4, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-126"], "affected_products": [{"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2023493", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-03-24T21:16:29.583", "last_modified": "2026-04-13T15:17:36.130", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00056, "epss_percentile": 0.17476, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-1519", "description": "If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where authoritative servers may make recursive queries (see: https://kb.isc.org/docs/why-does-my-authoritative-server-make-recursive-queries).\nThis issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.46, 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.46-S1, and 9.20.9-S1 through 9.20.20-S1.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-606"], "affected_products": [], "references": [{"url": "https://downloads.isc.org/isc/bind9/9.18.47", "source": "security-officer@isc.org", "tags": []}, {"url": "https://downloads.isc.org/isc/bind9/9.20.21", "source": "security-officer@isc.org", "tags": []}, {"url": "https://downloads.isc.org/isc/bind9/9.21.20", "source": "security-officer@isc.org", "tags": []}, {"url": "https://kb.isc.org/docs/cve-2026-1519", "source": "security-officer@isc.org", "tags": []}, {"url": "https://lists.debian.org/debian-lts-announce/2026/04/msg00008.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2026-03-25T14:16:33.110", "last_modified": "2026-04-13T10:16:11.147", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00092, "epss_percentile": 0.2579, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27664", "description": "A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.10), SICORE Base system (All versions < V26.10.0). The affected application contains an out-of-bounds write vulnerability while parsing specially crafted XML inputs. This could allow an unauthenticated attacker to exploit this issue by sending a malicious XML request, which may cause the service to crash, resulting in a denial-of-service condition.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-787"], "affected_products": [], "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-246443.html", "source": "productcert@siemens.com", "tags": []}, {"url": "http://seclists.org/fulldisclosure/2026/Apr/7", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2026-03-26T15:16:34.340", "last_modified": "2026-04-14T19:16:34.283", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00051, "epss_percentile": 0.15526, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33895", "description": "Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, Ed25519 signature verification accepts forged non-canonical signatures where the scalar S is not reduced modulo the group order (`S >= L`). A valid signature and its `S + L` variant both verify in forge, while Node.js `crypto.verify` (OpenSSL-backed) rejects the `S + L` variant, as defined by the specification. This class of signature malleability has been exploited in practice to bypass authentication and authorization logic (see CVE-2026-25793, CVE-2022-35961). Applications relying on signature uniqueness (i.e., dedup by signature bytes, replay tracking, signed-object canonicalization checks) may be bypassed. Version 1.4.0 patches the issue.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-347"], "affected_products": [{"vendor": "digitalbazaar", "product": "forge", "cpe": "cpe:2.3:a:digitalbazaar:forge:*:*:*:*:*:node.js:*:*"}], "references": [{"url": "https://datatracker.ietf.org/doc/html/rfc8032#section-8.4", "source": "security-advisories@github.com", "tags": ["Third Party Advisory"]}, {"url": "https://github.com/digitalbazaar/forge/commit/bdecf11571c9f1a487cc0fe72fe78ff6dfa96b85", "source": "security-advisories@github.com", "tags": ["Patch"]}, {"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-q67f-28xg-22rw", "source": "security-advisories@github.com", "tags": ["Vendor Advisory"]}, {"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-q67f-28xg-22rw", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Vendor Advisory"]}], "published": "2026-03-27T21:17:26.157", "last_modified": "2026-04-14T01:14:42.487", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00028, "epss_percentile": 0.07827, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33896", "description": "Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, `pki.verifyCertificateChain()` does not enforce RFC 5280 basicConstraints requirements when an intermediate certificate lacks both the `basicConstraints` and `keyUsage` extensions. This allows any leaf certificate (without these extensions) to act as a CA and sign other certificates, which node-forge will accept as valid. Version 1.4.0 patches the issue.", "cvss_score": 7.4, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-295"], "affected_products": [{"vendor": "digitalbazaar", "product": "forge", "cpe": "cpe:2.3:a:digitalbazaar:forge:*:*:*:*:*:node.js:*:*"}], "references": [{"url": "https://github.com/digitalbazaar/forge/commit/2e492832fb25227e6b647cbe1ac981c123171e90", "source": "security-advisories@github.com", "tags": ["Patch"]}, {"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-2328-f5f3-gj25", "source": "security-advisories@github.com", "tags": ["Vendor Advisory", "Exploit"]}, {"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-2328-f5f3-gj25", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Vendor Advisory", "Exploit"]}], "published": "2026-03-27T21:17:26.320", "last_modified": "2026-04-14T01:13:21.133", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00022, "epss_percentile": 0.05991, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1557", "name": "Adversary-in-the-Middle", "tactic": "Credential Access"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5201", "description": "A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for example, via thumbnail generation. Successful exploitation leads to application crashes and denial of service (DoS) conditions.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-122"], "affected_products": [], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-5201", "source": "secalert@redhat.com", "tags": []}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453291", "source": "secalert@redhat.com", "tags": []}, {"url": "https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/304", "source": "secalert@redhat.com", "tags": []}, {"url": "https://lists.debian.org/debian-lts-announce/2026/04/msg00010.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2026-03-31T09:16:23.440", "last_modified": "2026-04-14T12:16:21.743", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0013, "epss_percentile": 0.32398, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4399", "description": "Prompt injection vulnerability in 1millionbot Millie chatbot that occurs when a user manages to evade chat restrictions using Boolean prompt injection techniques (formulating a question in such a way that, upon receiving an affirmative response ('true'), the model executes the injected instruction), causing it to return prohibited information and information outside its intended context. Successful exploitation of this vulnerability could allow a malicious remote attacker to abuse the service for purposes other than those originally intended, or even execute out-of-context tasks using 1millionbot's resources and/or OpenAI's API key. This allows the attacker to evade the containment mechanisms implemented during LLM model training and obtain responses or chat behaviors that were originally restricted.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-77"], "affected_products": [{"vendor": "1millionbot", "product": "millie_chatbot", "cpe": "cpe:2.3:a:1millionbot:millie_chatbot:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-1millionbot-millie-chatbot", "source": "cve-coordination@incibe.es", "tags": ["Third Party Advisory"]}], "published": "2026-03-31T11:16:14.103", "last_modified": "2026-04-13T13:14:31.140", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00054, "epss_percentile": 0.1677, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34593", "description": "Ash Framework is a declarative, extensible framework for building Elixir applications. Prior to version 3.22.0, Ash.Type.Module.cast_input/2 unconditionally creates a new Erlang atom via Module.concat([value]) for any user-supplied binary string that starts with \"Elixir.\", before verifying whether the referenced module exists. Because Erlang atoms are never garbage-collected and the BEAM atom table has a hard default limit of approximately 1,048,576 entries, an attacker who can submit values to any resource attribute or argument of type :module can exhaust this table and crash the entire BEAM VM, taking down the application. This issue has been patched in version 3.22.0.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-400", "CWE-770"], "affected_products": [{"vendor": "ash-hq", "product": "ash_framework", "cpe": "cpe:2.3:a:ash-hq:ash_framework:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/ash-project/ash/releases/tag/v3.22.0", "source": "security-advisories@github.com", "tags": ["Product", "Release Notes"]}, {"url": "https://github.com/ash-project/ash/security/advisories/GHSA-jjf9-w5vj-r6vp", "source": "security-advisories@github.com", "tags": ["Vendor Advisory", "Exploit"]}, {"url": "https://github.com/ash-project/ash/security/advisories/GHSA-jjf9-w5vj-r6vp", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Vendor Advisory", "Exploit"]}], "published": "2026-04-02T18:16:31.360", "last_modified": "2026-04-13T18:37:04.500", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00052, "epss_percentile": 0.16288, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-28815", "description": "A remote attacker can supply a short X-Wing HPKE encapsulated key and trigger an out-of-bounds read in the C decapsulation path, potentially causing a crash or memory disclosure depending on runtime protections. This issue is fixed in swift-crypto version 4.3.1.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-125"], "affected_products": [{"vendor": "apple", "product": "swift-crypto", "cpe": "cpe:2.3:a:apple:swift-crypto:*:*:*:*:*:swift:*:*"}], "references": [{"url": "https://github.com/apple/swift-crypto/security/advisories/GHSA-9m44-rr2w-ppp7", "source": "product-security@apple.com", "tags": ["Exploit", "Vendor Advisory"]}], "published": "2026-04-03T03:16:18.093", "last_modified": "2026-04-13T17:50:58.550", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00049, "epss_percentile": 0.1512, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-22663", "description": "prompts.chat prior to commit 7b81836 contains multiple authorization bypass vulnerabilities due to missing isPrivate checks across API endpoints and page metadata generation that allow unauthorized users to access sensitive data associated with private prompts. Attackers can exploit these missing authorization checks to retrieve private prompt version history, change requests, examples, current content, and metadata including titles and descriptions exposed via HTML meta tags.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-862"], "affected_products": [{"vendor": "fka", "product": "prompts.chat", "cpe": "cpe:2.3:a:fka:prompts.chat:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/f/prompts.chat/commit/7b81836b214f2796aaf37ded2944eadc978afd35", "source": "disclosure@vulncheck.com", "tags": ["Patch"]}, {"url": "https://github.com/f/prompts.chat/pull/1104", "source": "disclosure@vulncheck.com", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"]}, {"url": "https://www.vulncheck.com/advisories/prompts-chat-authorization-bypass-information-disclosure", "source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"]}], "published": "2026-04-03T21:17:09.337", "last_modified": "2026-04-13T18:15:02.253", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00039, "epss_percentile": 0.11444, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35560", "description": "Improper certificate validation in the identity provider connection components in Amazon Athena ODBC driver before 2.1.0.0 might allow a man-in-the-middle threat actor to intercept authentication credentials due to insufficient default transport security when connecting to identity providers. This only applies to connections with external identity providers and does not apply to connections with Athena.\n\nTo remediate this issue, users should upgrade to version 2.1.0.0.", "cvss_score": 7.4, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-295"], "affected_products": [{"vendor": "amazon", "product": "athena_odbc", "cpe": "cpe:2.3:a:amazon:athena_odbc:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://aws.amazon.com/security/security-bulletins/2026-013-aws/", "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "tags": ["Vendor Advisory"]}, {"url": "https://docs.aws.amazon.com/athena/latest/ug/odbc-v2-driver-release-notes.html", "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "tags": ["Release Notes"]}, {"url": "https://downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Linux/AmazonAthenaODBC-2.1.0.0.rpm", "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "tags": ["Patch", "Product"]}, {"url": "https://downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Mac/Intel/AmazonAthenaODBC-2.1.0.0_x86.pkg", "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "tags": ["Patch", "Product"]}, {"url": "https://downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Mac/arm/AmazonAthenaODBC-2.1.0.0_arm.pkg", "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "tags": ["Patch", "Product"]}, {"url": "https://downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Windows/AmazonAthenaODBC-2.1.0.0.msi", "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "tags": ["Patch", "Product"]}], "published": "2026-04-03T21:17:12.073", "last_modified": "2026-04-14T16:14:15.240", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00035, "epss_percentile": 0.10057, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1557", "name": "Adversary-in-the-Middle", "tactic": "Credential Access"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35561", "description": "Insufficient authentication security controls in the browser-based authentication components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to intercept or hijack authentication sessions due to insufficient protections in the browser-based authentication flows.\n\nTo remediate this issue, users should upgrade to version 2.1.0.0.", "cvss_score": 7.4, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-862"], "affected_products": [{"vendor": "amazon", "product": "athena_odbc", "cpe": "cpe:2.3:a:amazon:athena_odbc:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://aws.amazon.com/security/security-bulletins/2026-013-aws/", "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "tags": ["Vendor Advisory"]}, {"url": "https://docs.aws.amazon.com/athena/latest/ug/odbc-v2-driver-release-notes.html", "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "tags": ["Release Notes"]}, {"url": "https://downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Linux/AmazonAthenaODBC-2.1.0.0.rpm", "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "tags": ["Patch", "Product"]}, {"url": "https://downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Mac/Intel/AmazonAthenaODBC-2.1.0.0_x86.pkg", "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "tags": ["Patch", "Product"]}, {"url": "https://downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Mac/arm/AmazonAthenaODBC-2.1.0.0_arm.pkg", "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "tags": ["Patch", "Product"]}, {"url": "https://downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Windows/AmazonAthenaODBC-2.1.0.0.msi", "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "tags": ["Patch", "Product"]}], "published": "2026-04-03T21:17:12.250", "last_modified": "2026-04-14T16:14:29.093", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00078, "epss_percentile": 0.23193, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35562", "description": "Allocation of resources without limits in the parsing components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to cause a denial of service by delivering crafted input that triggers excessive resource consumption during the driver's parsing operations.\n\nTo remediate this issue, users should upgrade to version 2.1.0.0.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-770"], "affected_products": [{"vendor": "amazon", "product": "athena_odbc", "cpe": "cpe:2.3:a:amazon:athena_odbc:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://aws.amazon.com/security/security-bulletins/2026-013-aws/", "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "tags": ["Vendor Advisory"]}, {"url": "https://docs.aws.amazon.com/athena/latest/ug/odbc-v2-driver-release-notes.html", "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "tags": ["Release Notes"]}, {"url": "https://downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Linux/AmazonAthenaODBC-2.1.0.0.rpm", "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "tags": ["Patch"]}, {"url": "https://downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Mac/Intel/AmazonAthenaODBC-2.1.0.0_x86.pkg", "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "tags": ["Patch"]}, {"url": "https://downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Mac/arm/AmazonAthenaODBC-2.1.0.0_arm.pkg", "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "tags": ["Patch"]}, {"url": "https://downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Windows/AmazonAthenaODBC-2.1.0.0.msi", "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "tags": ["Patch"]}], "published": "2026-04-03T21:17:12.427", "last_modified": "2026-04-14T16:14:38.693", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00111, "epss_percentile": 0.29496, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33184", "description": "nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, the discovery handler accepts a peer-controlled limit during handshake and stores it unchanged. The immediate HandshakeAck path then honors limit = 0 and returns zero contacts, which makes the session look benign. Later, after the same session reaches Established, the periodic update path computes self.peer_list_limit.unwrap() as usize - 1. With limit = 0, that wraps to usize::MAX and then in rand 0.9.2, choose_multiple() immediately attempts Vec::with_capacity(amount), which deterministically panics with capacity overflow. This issue has been patched in version 1.3.0.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-191"], "affected_products": [{"vendor": "nimiq", "product": "core-rs-albatross", "cpe": "cpe:2.3:a:nimiq:core-rs-albatross:*:*:*:*:*:rust:*:*"}], "references": [{"url": "https://github.com/nimiq/core-rs-albatross/commit/8f60a2d75b74b55764ecf34bd4435f4961630595", "source": "security-advisories@github.com", "tags": ["Patch"]}, {"url": "https://github.com/nimiq/core-rs-albatross/pull/3664", "source": "security-advisories@github.com", "tags": ["Patch"]}, {"url": "https://github.com/nimiq/core-rs-albatross/releases/tag/v1.3.0", "source": "security-advisories@github.com", "tags": ["Release Notes"]}, {"url": "https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-5rm9-893q-vmhm", "source": "security-advisories@github.com", "tags": ["Vendor Advisory"]}], "published": "2026-04-03T23:17:03.600", "last_modified": "2026-04-13T17:47:29.367", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00058, "epss_percentile": 0.17956, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34607", "description": "Emlog is an open source website building system. In versions 2.6.2 and prior, a path traversal vulnerability exists in the emUnZip() function (include/lib/common.php:793). When extracting ZIP archives (plugin/template uploads, backup imports), the function calls $zip->extractTo($path) without sanitizing ZIP entry names. An authenticated admin can upload a crafted ZIP containing entries with ../ sequences to write arbitrary files to the server filesystem, including PHP webshells, achieving Remote Code Execution (RCE). At time of publication, there are no publicly available patches.", "cvss_score": 7.2, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-22"], "affected_products": [{"vendor": "emlog", "product": "emlog", "cpe": "cpe:2.3:a:emlog:emlog:*:*:*:*:pro:*:*:*"}], "references": [{"url": "https://github.com/emlog/emlog/security/advisories/GHSA-2jg8-rmhm-xv9m", "source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"]}, {"url": "https://github.com/emlog/emlog/security/advisories/GHSA-2jg8-rmhm-xv9m", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"]}], "published": "2026-04-03T23:17:04.423", "last_modified": "2026-04-13T17:37:26.993", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.004, "epss_percentile": 0.60716, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1083", "name": "File and Directory Discovery", "tactic": "Discovery"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.6, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34824", "description": "Mesop is a Python-based UI framework that allows users to build web applications. From version 1.2.3 to before version 1.2.5, an uncontrolled resource consumption vulnerability exists in the WebSocket implementation of the Mesop framework. An unauthenticated attacker can send a rapid succession of WebSocket messages, forcing the server to spawn an unbounded number of operating system threads. This leads to thread exhaustion and Out of Memory (OOM) errors, causing a complete Denial of Service (DoS) for any application built on the framework. This issue has been patched in version 1.2.5.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-125", "CWE-770"], "affected_products": [{"vendor": "mesop-dev", "product": "mesop", "cpe": "cpe:2.3:a:mesop-dev:mesop:*:*:*:*:*:python:*:*"}], "references": [{"url": "https://github.com/mesop-dev/mesop/commit/760a2079b5c609038c826d24dfbcf9b0be98d987", "source": "security-advisories@github.com", "tags": ["Patch"]}, {"url": "https://github.com/mesop-dev/mesop/releases/tag/v1.2.5", "source": "security-advisories@github.com", "tags": ["Product", "Release Notes"]}, {"url": "https://github.com/mesop-dev/mesop/security/advisories/GHSA-3jr7-6hqp-x679", "source": "security-advisories@github.com", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}, {"url": "https://github.com/mesop-dev/mesop/security/advisories/GHSA-3jr7-6hqp-x679", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}], "published": "2026-04-03T23:17:05.213", "last_modified": "2026-04-13T17:28:47.427", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00049, "epss_percentile": 0.14911, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34148", "description": "Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to 1.9.6, 1.10.5, 2.0.8, and 2.1.1, @fedify/fedify follows HTTP redirects recursively in its remote document loader and authenticated document loader without enforcing a maximum redirect count or visited-URL loop detection. An attacker who controls a remote ActivityPub key or actor URL can force a server using Fedify to make repeated outbound requests from a single inbound request, leading to resource consumption and denial of service. This vulnerability is fixed in 1.9.6, 1.10.5, 2.0.8, and 2.1.1.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-400", "CWE-770"], "affected_products": [{"vendor": "fedify", "product": "fedify", "cpe": "cpe:2.3:a:fedify:fedify:*:*:*:*:*:*:*:*"}, {"vendor": "fedify", "product": "fedify", "cpe": "cpe:2.3:a:fedify:fedify:*:*:*:*:*:*:*:*"}, {"vendor": "fedify", "product": "fedify", "cpe": "cpe:2.3:a:fedify:fedify:*:*:*:*:*:*:*:*"}, {"vendor": "fedify", "product": "fedify", "cpe": "cpe:2.3:a:fedify:fedify:*:*:*:*:*:*:*:*"}, {"vendor": "fedify", "product": "vocab-runtime", "cpe": "cpe:2.3:a:fedify:vocab-runtime:*:*:*:*:*:*:*:*"}, {"vendor": "fedify", "product": "vocab-runtime", "cpe": "cpe:2.3:a:fedify:vocab-runtime:2.1.0:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/fedify-dev/fedify/releases/tag/1.10.5", "source": "security-advisories@github.com", "tags": ["Release Notes"]}, {"url": "https://github.com/fedify-dev/fedify/releases/tag/1.9.6", "source": "security-advisories@github.com", "tags": ["Release Notes"]}, {"url": "https://github.com/fedify-dev/fedify/releases/tag/2.0.8", "source": "security-advisories@github.com", "tags": ["Release Notes"]}, {"url": "https://github.com/fedify-dev/fedify/releases/tag/2.1.1", "source": "security-advisories@github.com", "tags": ["Release Notes"]}, {"url": "https://github.com/fedify-dev/fedify/security/advisories/GHSA-gm9m-gwc4-hwgp", "source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"]}, {"url": "https://github.com/fedify-dev/fedify/security/advisories/GHSA-gm9m-gwc4-hwgp", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"]}], "published": "2026-04-06T16:16:34.387", "last_modified": "2026-04-14T01:58:27.517", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00058, "epss_percentile": 0.18081, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35036", "description": "Ech0 is an open-source, self-hosted publishing platform for personal idea sharing. Prior to 4.2.8, Ech0 implements link preview (editor fetches a page title) through GET /api/website/title. That is legitimate product behavior, but the implementation is unsafe: the route is unauthenticated, accepts a fully attacker-controlled URL, performs a server-side GET, reads the entire response body into memory (io.ReadAll). There is no host allowlist, no SSRF filter, and InsecureSkipVerify: true on the outbound client. Anyone who can reach the instance can force the Ech0 server to open HTTP/HTTPS URLs of their choice as seen from the server’s network position (Docker bridge, VPC, localhost from the process view). This vulnerability is fixed in 4.2.8.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-918"], "affected_products": [{"vendor": "ech0", "product": "ech0", "cpe": "cpe:2.3:a:ech0:ech0:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/lin-snow/Ech0/security/advisories/GHSA-wc4h-2348-jc3p", "source": "security-advisories@github.com", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}, {"url": "https://github.com/lin-snow/Ech0/security/advisories/GHSA-wc4h-2348-jc3p", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}], "published": "2026-04-06T17:17:12.940", "last_modified": "2026-04-14T19:58:33.303", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00042, "epss_percentile": 0.12471, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1090", "name": "Proxy", "tactic": "Command and Control"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-39666", "description": "Local privilege escalation in Checkmk 2.2.0 (EOL), Checkmk 2.3.0 before 2.3.0p46, Checkmk 2.4.0 before 2.4.0p25, and Checkmk 2.5.0 (beta) before 2.5.0b3 allows a site user to escalate their privileges to root, by manipulating files in the site context that are processed when the `omd` administrative command is run by root.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-426", "CWE-829"], "affected_products": [{"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:-:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:b1:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:b2:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:b3:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:b4:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:b5:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:b6:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:b7:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:b8:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:i1:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p1:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p10:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p11:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p12:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p13:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p14:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p15:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p16:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p17:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p18:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p19:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p2:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p20:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p21:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p22:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p23:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p24:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p25:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p26:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p27:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p28:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p29:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p3:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p30:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p31:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p32:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p33:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p34:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p35:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p36:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p37:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p38:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p39:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p4:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p40:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p41:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p42:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p43:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p44:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p45:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p46:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p47:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p5:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p6:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p7:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p8:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p9:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:-:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:b1:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:b2:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:b3:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:b4:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:b5:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:b6:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p1:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p10:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p11:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p12:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p13:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p14:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p15:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p16:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p17:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p18:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p19:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p2:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p20:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p21:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p22:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p23:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p24:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p25:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p26:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p27:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p28:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p29:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p3:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p30:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p31:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p32:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p33:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p34:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p35:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p36:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p37:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p38:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p39:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p4:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p40:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p41:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p42:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p43:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p44:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p45:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p5:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p6:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p7:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p8:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p9:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.4.0:-:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.4.0:b1:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.4.0:b2:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.4.0:b3:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.4.0:b4:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.4.0:b5:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.4.0:b6:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.4.0:p1:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.4.0:p10:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.4.0:p11:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.4.0:p12:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.4.0:p13:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.4.0:p14:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.4.0:p15:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.4.0:p16:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.4.0:p17:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.4.0:p18:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.4.0:p19:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.4.0:p2:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.4.0:p20:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.4.0:p21:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.4.0:p22:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.4.0:p23:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.4.0:p24:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.4.0:p3:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.4.0:p4:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.4.0:p5:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.4.0:p6:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.4.0:p7:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.4.0:p8:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.4.0:p9:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.5.0:b1:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.5.0:b2:*:*:*:*:*:*"}], "references": [{"url": "https://checkmk.com/werk/18891", "source": "security@checkmk.com", "tags": ["Vendor Advisory"]}], "published": "2026-04-07T13:16:44.847", "last_modified": "2026-04-14T15:39:05.660", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00017, "epss_percentile": 0.04132, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33034", "description": "An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30.\nASGI requests with a missing or understated `Content-Length` header could\r\nbypass the `DATA_UPLOAD_MAX_MEMORY_SIZE` limit when reading\r\n`HttpRequest.body`, allowing remote attackers to load an unbounded request body into\r\nmemory.\nEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\nDjango would like to thank Superior for reporting this issue.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-770"], "affected_products": [{"vendor": "djangoproject", "product": "django", "cpe": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*"}, {"vendor": "djangoproject", "product": "django", "cpe": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*"}, {"vendor": "djangoproject", "product": "django", "cpe": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://docs.djangoproject.com/en/dev/releases/security/", "source": "6a34fbeb-21d4-45e7-8e0a-62b95bc12c92", "tags": ["Patch", "Vendor Advisory"]}, {"url": "https://groups.google.com/g/django-announce", "source": "6a34fbeb-21d4-45e7-8e0a-62b95bc12c92", "tags": ["Release Notes"]}, {"url": "https://www.djangoproject.com/weblog/2026/apr/07/security-releases/", "source": "6a34fbeb-21d4-45e7-8e0a-62b95bc12c92", "tags": ["Patch", "Vendor Advisory"]}], "published": "2026-04-07T15:17:39.393", "last_modified": "2026-04-13T17:38:35.420", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00032, "epss_percentile": 0.09146, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-3902", "description": "An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30.\n`ASGIRequest` allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variants (with hyphens or with underscores) to a single version with underscores.\nEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\nDjango would like to thank Tarek Nakkouch for reporting this issue.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-290"], "affected_products": [{"vendor": "djangoproject", "product": "django", "cpe": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*"}, {"vendor": "djangoproject", "product": "django", "cpe": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*"}, {"vendor": "djangoproject", "product": "django", "cpe": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://docs.djangoproject.com/en/dev/releases/security/", "source": "6a34fbeb-21d4-45e7-8e0a-62b95bc12c92", "tags": ["Patch", "Vendor Advisory"]}, {"url": "https://groups.google.com/g/django-announce", "source": "6a34fbeb-21d4-45e7-8e0a-62b95bc12c92", "tags": ["Release Notes"]}, {"url": "https://www.djangoproject.com/weblog/2026/apr/07/security-releases/", "source": "6a34fbeb-21d4-45e7-8e0a-62b95bc12c92", "tags": ["Patch", "Vendor Advisory"]}], "published": "2026-04-07T15:17:46.353", "last_modified": "2026-04-13T17:38:05.533", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00047, "epss_percentile": 0.14498, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35489", "description": "Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, the POST /api/food/{id}/shopping/ endpoint reads amount and unit directly from request.data and passes them without validation to ShoppingListEntry.objects.create(). Invalid amount values (non-numeric strings) cause an unhandled exception and HTTP 500. A unit ID from a different Space can be associated cross-space, leaking foreign-key references across tenant boundaries. All other endpoints creating ShoppingListEntry use ShoppingListEntrySerializer, which validates and sanitizes these fields. This vulnerability is fixed in 2.6.4.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-639", "CWE-1284"], "affected_products": [{"vendor": "tandoor", "product": "recipes", "cpe": "cpe:2.3:a:tandoor:recipes:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/TandoorRecipes/recipes/releases/tag/2.6.4", "source": "security-advisories@github.com", "tags": ["Product", "Release Notes"]}, {"url": "https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-8w8h-3pv2-3554", "source": "security-advisories@github.com", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}, {"url": "https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-8w8h-3pv2-3554", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}], "published": "2026-04-07T16:16:27.160", "last_modified": "2026-04-14T20:13:00.487", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00063, "epss_percentile": 0.19401, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39312", "description": "SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. In 5.2.5188 and earlier, a pre-authentication denial-of-service vulnerability exists in SoftEther VPN Developer Edition 5.2.5188 (and likely earlier versions of Developer Edition). An unauthenticated remote attacker can crash the vpnserver process by sending a single malformed EAP-TLS packet over raw L2TP (UDP/1701), terminating all active VPN sessions.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-789"], "affected_products": [{"vendor": "softether", "product": "softethervpn", "cpe": "cpe:2.3:a:softether:softethervpn:*:*:*:*:developer:*:*:*"}], "references": [{"url": "https://github.com/SoftEtherVPN/SoftEtherVPN/security/advisories/GHSA-q5g3-qhc6-pr3h", "source": "security-advisories@github.com", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}, {"url": "https://github.com/SoftEtherVPN/SoftEtherVPN/security/advisories/GHSA-q5g3-qhc6-pr3h", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}], "published": "2026-04-07T17:16:36.920", "last_modified": "2026-04-14T20:08:38.900", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00113, "epss_percentile": 0.29792, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39376", "description": "FastFeedParser is a high performance RSS, Atom and RDF parser. Prior to 0.5.10, when parse() fetches a URL that returns an HTML page containing a <meta http-equiv=\"refresh\"> tag, it recursively calls itself with the redirect URL — with no depth limit, no visited-URL deduplication, and no redirect count cap. An attacker-controlled server that returns an infinite chain of HTML meta-refresh responses causes unbounded recursion, exhausting the Python call stack and crashing the process. This vulnerability can also be chained with the companion SSRF issue to reach internal network targets after bypassing the initial URL check. This vulnerability is fixed in 0.5.10.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-674"], "affected_products": [{"vendor": "kagi", "product": "fastfeedparser", "cpe": "cpe:2.3:a:kagi:fastfeedparser:*:*:*:*:*:python:*:*"}], "references": [{"url": "https://github.com/kagisearch/fastfeedparser/security/advisories/GHSA-4gx2-pc4f-wq37", "source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"]}, {"url": "https://github.com/kagisearch/fastfeedparser/security/advisories/GHSA-4gx2-pc4f-wq37", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"]}], "published": "2026-04-07T20:16:32.450", "last_modified": "2026-04-14T20:12:28.103", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00052, "epss_percentile": 0.16328, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-29181", "description": "OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.36.0 to 1.40.0, multi-value baggage: header extraction parses each header field-value independently and aggregates members across values. This allows an attacker to amplify cpu and allocations by sending many baggage: header lines, even when each individual value is within the 8192-byte per-value parse limit. This vulnerability is fixed in 1.41.0.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-770"], "affected_products": [{"vendor": "opentelemetry", "product": "opentelemetry", "cpe": "cpe:2.3:a:opentelemetry:opentelemetry:*:*:*:*:*:go:*:*"}], "references": [{"url": "https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-mh2q-q3fh-2475", "source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"]}], "published": "2026-04-07T21:17:16.003", "last_modified": "2026-04-14T18:45:01.363", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00052, "epss_percentile": 0.16328, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32281", "description": "Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": [], "affected_products": [], "references": [{"url": "https://go.dev/cl/758061", "source": "security@golang.org", "tags": []}, {"url": "https://go.dev/issue/78281", "source": "security@golang.org", "tags": []}, {"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "source": "security@golang.org", "tags": []}, {"url": "https://pkg.go.dev/vuln/GO-2026-4946", "source": "security@golang.org", "tags": []}], "published": "2026-04-08T02:16:03.350", "last_modified": "2026-04-13T19:16:39.607", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00021, "epss_percentile": 0.05491, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32283", "description": "If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": [], "affected_products": [], "references": [{"url": "https://go.dev/cl/763767", "source": "security@golang.org", "tags": []}, {"url": "https://go.dev/issue/78334", "source": "security@golang.org", "tags": []}, {"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "source": "security@golang.org", "tags": []}, {"url": "https://pkg.go.dev/vuln/GO-2026-4870", "source": "security@golang.org", "tags": []}], "published": "2026-04-08T02:16:03.580", "last_modified": "2026-04-13T19:16:40.000", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00021, "epss_percentile": 0.05578, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33810", "description": "When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "cvss_severity": "HIGH", "cwes": [], "affected_products": [], "references": [{"url": "https://go.dev/cl/763763", "source": "security@golang.org", "tags": []}, {"url": "https://go.dev/issue/78332", "source": "security@golang.org", "tags": []}, {"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "source": "security@golang.org", "tags": []}, {"url": "https://pkg.go.dev/vuln/GO-2026-4866", "source": "security@golang.org", "tags": []}], "published": "2026-04-08T02:16:03.950", "last_modified": "2026-04-13T19:16:42.317", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00011, "epss_percentile": 0.01204, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4338", "description": "The ActivityPub WordPress plugin before 8.0.2 does not properly filter posts to be displayed, allowed unauthenticated users to access drafts/scheduled/pending posts", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "HIGH", "cwes": [], "affected_products": [{"vendor": "automattic", "product": "activitypub", "cpe": "cpe:2.3:a:automattic:activitypub:*:*:*:*:*:wordpress:*:*"}], "references": [{"url": "https://wpscan.com/vulnerability/50f68395-72fc-4f99-8e6d-6aa90cc640b5/", "source": "contact@wpscan.com", "tags": ["Third Party Advisory"]}], "published": "2026-04-08T07:16:22.400", "last_modified": "2026-04-14T16:23:09.433", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00057, "epss_percentile": 0.17761, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39538", "description": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Mikado Core mikado-core allows PHP Local File Inclusion.This issue affects Mikado Core: from n/a through <= 1.6.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-98"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/mikado-core/vulnerability/wordpress-mikado-core-plugin-1-6-local-file-inclusion-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:26.490", "last_modified": "2026-04-14T15:16:34.963", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0007, "epss_percentile": 0.21488, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39544", "description": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themeStek LabtechCO labtechco allows PHP Local File Inclusion.This issue affects LabtechCO: from n/a through <= 8.3.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-98"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Theme/labtechco/vulnerability/wordpress-labtechco-theme-8-3-local-file-inclusion-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:27.070", "last_modified": "2026-04-14T19:16:38.783", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0007, "epss_percentile": 0.21488, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39677", "description": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Creatives_Planet Emphires emphires allows PHP Local File Inclusion.This issue affects Emphires: from n/a through <= 3.9.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-98"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Theme/emphires/vulnerability/wordpress-emphires-theme-3-9-local-file-inclusion-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:39.360", "last_modified": "2026-04-13T20:16:40.453", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00127, "epss_percentile": 0.32078, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39679", "description": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme Freeio freeio allows PHP Local File Inclusion.This issue affects Freeio: from n/a through <= 1.3.21.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-98"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Theme/freeio/vulnerability/wordpress-freeio-theme-1-3-21-local-file-inclusion-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:39.617", "last_modified": "2026-04-13T20:16:40.640", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00127, "epss_percentile": 0.32078, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39681", "description": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme Homeo homeo allows PHP Local File Inclusion.This issue affects Homeo: from n/a through <= 1.2.59.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-98"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Theme/homeo/vulnerability/wordpress-homeo-theme-1-2-59-local-file-inclusion-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:39.870", "last_modified": "2026-04-13T20:16:40.840", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00127, "epss_percentile": 0.32078, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-30075", "description": "OpenAirInterface Version 2.2.0 has a Buffer Overflow vulnerability in processing UplinkNASTransport containing Authentication Response containing a NAS PDU with oversize response (For example 100 byte). The response is decoded by AMF and passed to the AUSF component for verification. AUSF crashes on receiving this oversize response. This can prohibit users from further registration and verification and can cause Denial of Services (DoS).", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-120"], "affected_products": [{"vendor": "openairinterface", "product": "oai-cn5g-amf", "cpe": "cpe:2.3:a:openairinterface:oai-cn5g-amf:2.2.0:*:*:*:*:*:*:*"}], "references": [{"url": "https://gitlab.eurecom.fr/oai/cn5g/oai-cn5g-ausf/-/issues/6", "source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}, {"url": "https://gitlab.eurecom.fr/oai/cn5g/oai-cn5g-ausf/-/issues?show=eyJpaWQiOiI2IiwiZnVsbF9wYXRoIjoib2FpL2NuNWcvb2FpLWNuNWctYXVzZiIsImlkIjo1NDE5fQ%3D%3D", "source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}, {"url": "https://gitlab.eurecom.fr/oai/cn5g/oai-cn5g-ausf/-/issues?show=eyJpaWQiOiI2IiwiZnVsbF9wYXRoIjoib2FpL2NuNWcvb2FpLWNuNWctYXVzZiIsImlkIjo1NDE5fQ%3D%3D", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}], "published": "2026-04-08T17:21:18.503", "last_modified": "2026-04-14T15:47:23.860", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00089, "epss_percentile": 0.25222, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-30080", "description": "OpenAirInterface v2.2.0 accepts Security Mode Complete without any integrity protection. Configuration has supported integrity NIA1 and NIA2. But if an UE sends initial registration request with only security capability IA0, OpenAirInterface accepts and proceeds. This downgrade security context can lead to the possibility of replay attack.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-294"], "affected_products": [{"vendor": "openairinterface", "product": "oai-cn5g-amf", "cpe": "cpe:2.3:a:openairinterface:oai-cn5g-amf:2.2.0:*:*:*:*:*:*:*"}], "references": [{"url": "https://gitlab.eurecom.fr/oai/cn5g/oai-cn5g-amf/-/issues/78", "source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}, {"url": "https://gitlab.eurecom.fr/oai/cn5g/oai-cn5g-amf/-/issues/78", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}], "published": "2026-04-08T17:21:18.623", "last_modified": "2026-04-14T15:47:10.330", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00037, "epss_percentile": 0.1083, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-52222", "description": "D-Link DI-8003 v16.07.26A1, DI-8500 v16.07.26A1; DI-8003G v17.12.21A1, DI-8200G v17.12.20A1, DI-8200 v16.07.26A1, DI-8400 v16.07.26A1, DI-8004w v16.07.26A1, DI-8100 v16.07.26A1, and DI-8100G v17.12.20A1 were discovered to contain a buffer overflow via the rd_en, rd_auth, rd_acct, http_hadmin, http_hadminpwd, rd_key, and rd_ip parameters in the radius_asp function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-120"], "affected_products": [{"vendor": "dlink", "product": "di-8100_firmware", "cpe": "cpe:2.3:o:dlink:di-8100_firmware:16.07.26a1:*:*:*:*:*:*:*"}, {"vendor": "dlink", "product": "di-8100g_firmware", "cpe": "cpe:2.3:o:dlink:di-8100g_firmware:17.12.20a1:*:*:*:*:*:*:*"}, {"vendor": "dlink", "product": "di-8004w_firmware", "cpe": "cpe:2.3:o:dlink:di-8004w_firmware:16.07.26a1:*:*:*:*:*:*:*"}, {"vendor": "dlink", "product": "di-8003g_firmware", "cpe": "cpe:2.3:o:dlink:di-8003g_firmware:17.12.21a1:*:*:*:*:*:*:*"}, {"vendor": "dlink", "product": "di-8003_firmware", "cpe": "cpe:2.3:o:dlink:di-8003_firmware:16.07.26a1:*:*:*:*:*:*:*"}, {"vendor": "dlink", "product": "di-8500_firmware", "cpe": "cpe:2.3:o:dlink:di-8500_firmware:16.07.26a1:*:*:*:*:*:*:*"}, {"vendor": "dlink", "product": "di-8200g_firmware", "cpe": "cpe:2.3:o:dlink:di-8200g_firmware:17.12.20a1:*:*:*:*:*:*:*"}, {"vendor": "dlink", "product": "di-8200_firmware", "cpe": "cpe:2.3:o:dlink:di-8200_firmware:16.07.26a1:*:*:*:*:*:*:*"}, {"vendor": "dlink", "product": "di-8400_firmware", "cpe": "cpe:2.3:o:dlink:di-8400_firmware:16.07.26a1:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/xiaotea/iot-vulnerability-collection/blob/main/README.md", "source": "cve@mitre.org", "tags": ["Third Party Advisory"]}, {"url": "https://www.dlink.com/en/security-bulletin/", "source": "cve@mitre.org", "tags": ["Vendor Advisory"]}], "published": "2026-04-08T18:24:51.373", "last_modified": "2026-04-14T15:45:21.273", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00051, "epss_percentile": 0.15808, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35455", "description": "immich is a high performance self-hosted photo and video management solution. Prior to 2.7.0, sStored Cross-Site Scripting (XSS) in the 360° panorama viewer allows any authenticated user to execute arbitrary JavaScript in the browser of any other user who views the malicious panorama with the OCR overlay enabled. The attacker uploads an equirectangular image containing crafted text; OCR extracts it, and the panorama viewer renders it via innerHTML without sanitization. This enables session hijacking (via persistent API key creation), private photo exfiltration, and access to GPS location history and face biometric data. This vulnerability is fixed in 2.7.0.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://github.com/immich-app/immich/security/advisories/GHSA-9qx4-67jm-cc66", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-08T19:25:24.357", "last_modified": "2026-04-13T16:16:28.763", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0002, "epss_percentile": 0.05442, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40027", "description": "ALEAPP (Android Logs Events And Protobuf Parser) through 3.4.0 contains a path traversal vulnerability in the NQ_Vault.py artifact parser that uses attacker-controlled file_name_from values from a database directly as the output filename, allowing arbitrary file writes outside the report output directory. An attacker can embed a path traversal payload such as ../../../outside_written.bin in the database to write files to arbitrary locations, potentially achieving code execution by overwriting executable files or configuration.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-22"], "affected_products": [], "references": [{"url": "https://github.com/abrignoni/ALEAPP/commit/0cafd8fe0027663420eb3d0fa821b2d1a713880d", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://github.com/abrignoni/aleapp/pull/669", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://mobasi.ai/sentinel", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/aleapp-nq-vault-artifact-parser-path-traversal", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-08T22:16:22.957", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00011, "epss_percentile": 0.01353, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1083", "name": "File and Directory Discovery", "tactic": "Discovery"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40036", "description": "Unfurl before 2026.04 contains an unbounded zlib decompression vulnerability in parse_compressed.py that allows remote attackers to cause denial of service. Attackers can submit highly compressed payloads via URL parameters to the /json/visjs endpoint that expand to gigabytes, exhausting server memory and crashing the service.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-409", "CWE-770"], "affected_products": [], "references": [{"url": "https://github.com/obsidianforensics/unfurl/releases/tag/v2026.04", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://github.com/obsidianforensics/unfurl/security/advisories/GHSA-h5qv-qjv4-pc5m", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/dfir-unfurl-denial-of-service-via-unbounded-zlib-decompression", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-08T22:16:24.190", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00131, "epss_percentile": 0.32533, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-12664", "description": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.0 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an unauthenticated user to cause denial of service by sending repeated GraphQL queries.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-1284"], "affected_products": [{"vendor": "gitlab", "product": "gitlab", "cpe": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*"}, {"vendor": "gitlab", "product": "gitlab", "cpe": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*"}, {"vendor": "gitlab", "product": "gitlab", "cpe": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*"}, {"vendor": "gitlab", "product": "gitlab", "cpe": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*"}, {"vendor": "gitlab", "product": "gitlab", "cpe": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*"}, {"vendor": "gitlab", "product": "gitlab", "cpe": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*"}], "references": [{"url": "https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/", "source": "cve@gitlab.com", "tags": ["Vendor Advisory", "Release Notes"]}, {"url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/579376", "source": "cve@gitlab.com", "tags": ["Broken Link"]}, {"url": "https://hackerone.com/reports/3377091", "source": "cve@gitlab.com", "tags": ["Permissions Required"]}], "published": "2026-04-08T23:16:56.200", "last_modified": "2026-04-14T17:04:59.650", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00026, "epss_percentile": 0.07126, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-1092", "description": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an unauthenticated user to cause denial of service due to improper input validation of JSON payloads.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-1284"], "affected_products": [{"vendor": "gitlab", "product": "gitlab", "cpe": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*"}, {"vendor": "gitlab", "product": "gitlab", "cpe": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*"}, {"vendor": "gitlab", "product": "gitlab", "cpe": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*"}, {"vendor": "gitlab", "product": "gitlab", "cpe": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*"}, {"vendor": "gitlab", "product": "gitlab", "cpe": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*"}, {"vendor": "gitlab", "product": "gitlab", "cpe": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*"}], "references": [{"url": "https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/", "source": "cve@gitlab.com", "tags": ["Vendor Advisory", "Release Notes"]}, {"url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/586479", "source": "cve@gitlab.com", "tags": ["Broken Link"]}, {"url": "https://hackerone.com/reports/3487030", "source": "cve@gitlab.com", "tags": ["Permissions Required"]}], "published": "2026-04-08T23:16:57.510", "last_modified": "2026-04-14T17:38:07.330", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00019, "epss_percentile": 0.04997, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5813", "description": "A weakness has been identified in PHPGurukul Online Course Registration 3.1. This vulnerability affects unknown code of the file /check_availability.php. Executing a manipulation of the argument cid can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-74", "CWE-89"], "affected_products": [], "references": [{"url": "https://github.com/f1rstb100d/CVE/issues/20", "source": "cna@vuldb.com", "tags": []}, {"url": "https://phpgurukul.com/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/787686", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356261", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356261/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-08T23:17:00.833", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00039, "epss_percentile": 0.11768, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5814", "description": "A security vulnerability has been detected in PHPGurukul Online Course Registration 3.1. This issue affects some unknown processing of the file /admin/check_availability.php. The manipulation of the argument regno leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-74", "CWE-89"], "affected_products": [], "references": [{"url": "https://github.com/f1rstb100d/CVE/issues/21", "source": "cna@vuldb.com", "tags": []}, {"url": "https://phpgurukul.com/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/787698", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356262", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356262/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-09T00:16:19.827", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00039, "epss_percentile": 0.11768, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5824", "description": "A security vulnerability has been detected in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /userchecklogin.php. Such manipulation of the argument userid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-74", "CWE-89"], "affected_products": [], "references": [{"url": "https://code-projects.org/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/lonelyuan/vunls/issues/1", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/788302", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356271", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356271/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-09T00:16:21.280", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00039, "epss_percentile": 0.11768, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5827", "description": "A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. Impacted is an unknown function of the file /question-function.php. The manipulation of the argument content leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-74", "CWE-89"], "affected_products": [], "references": [{"url": "https://code-projects.org/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/lonelyuan/vunls/issues/8", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/788336", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356274", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356274/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-09T01:16:50.380", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0003, "epss_percentile": 0.08446, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5828", "description": "A vulnerability was found in code-projects Simple IT Discussion Forum 1.0. The affected element is an unknown function of the file /functions/addcomment.php. The manipulation of the argument postid results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-74", "CWE-89"], "affected_products": [], "references": [{"url": "https://code-projects.org/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/lonelyuan/vunls/issues/7", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/788337", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356275", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356275/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-09T02:16:17.533", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0003, "epss_percentile": 0.08446, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5829", "description": "A vulnerability was determined in code-projects Simple IT Discussion Forum 1.0. The impacted element is an unknown function of the file /pages/content.php. This manipulation of the argument post_id causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-74", "CWE-89"], "affected_products": [], "references": [{"url": "https://code-projects.org/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/lonelyuan/vunls/issues/6", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/788338", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356276", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356276/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-09T02:16:17.727", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0003, "epss_percentile": 0.08446, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5832", "description": "A weakness has been identified in atototo api-lab-mcp up to 0.2.1. This affects the function analyze_api_spec/generate_test_scenarios/test_http_endpoint of the file src/mcp/http-server.ts of the component HTTP Interface. This manipulation of the argument source/url causes server-side request forgery. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-918"], "affected_products": [], "references": [{"url": "https://github.com/BruceJqs/public_exp/issues/6", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/atototo/api-lab-mcp/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/atototo/api-lab-mcp/issues/4", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/789765", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356288", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356288/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-09T02:16:18.327", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00045, "epss_percentile": 0.13689, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1090", "name": "Proxy", "tactic": "Command and Control"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5837", "description": "A vulnerability was found in PHPGurukul News Portal Project 4.1. This affects an unknown part of the file /news-details.php. The manipulation of the argument Comment results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-74", "CWE-89"], "affected_products": [], "references": [{"url": "https://github.com/f1rstb100d/CVE/issues/25", "source": "cna@vuldb.com", "tags": []}, {"url": "https://phpgurukul.com/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/789775", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356293", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356293/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-09T04:17:23.597", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0003, "epss_percentile": 0.08446, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5841", "description": "A weakness has been identified in Tenda i3 1.0.0.6(2204). The affected element is the function R7WebsSecurityHandler of the component HTTP Handler. Executing a manipulation can lead to path traversal. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-22"], "affected_products": [], "references": [{"url": "https://github.com/MrXiaoFan/TendaVul/tree/main/tenda-i3-V1.0.0.6(2204)-R7WebsSecurityHandler-Authentication%20Bypass%20Issues", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/789935", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356297", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356297/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.tenda.com.cn/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-09T05:16:06.187", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00084, "epss_percentile": 0.24469, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1083", "name": "File and Directory Discovery", "tactic": "Discovery"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5842", "description": "A security vulnerability has been detected in decolua 9router up to 0.3.47. The impacted element is an unknown function of the file /api of the component Administrative API Endpoint. The manipulation leads to authorization bypass. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 0.3.75 is sufficient to resolve this issue. It is suggested to upgrade the affected component.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-285", "CWE-639"], "affected_products": [], "references": [{"url": "https://github.com/decolua/9router/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/decolua/9router/issues/431", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/decolua/9router/issues/431#issuecomment-4140163867", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/decolua/9router/releases/tag/v0.3.75", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/deepcat1337/Free_Api_Exploit/tree/main", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/790003", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356298", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356298/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-09T05:16:06.380", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00044, "epss_percentile": 0.13349, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5844", "description": "A vulnerability was found in D-Link DIR-882 1.01B02. Impacted is the function sprintf of the file prog.cgi of the component HNAP1 SetNetworkSettings Handler. The manipulation of the argument IPAddress results in os command injection. The attack may be performed from remote. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.", "cvss_score": 7.2, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-77", "CWE-78"], "affected_products": [], "references": [{"url": "https://files.catbox.moe/ei31k1.zip", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/790290", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356329", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356329/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.dlink.com/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-09T05:16:06.653", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00189, "epss_percentile": 0.40741, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.6, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5849", "description": "A vulnerability was determined in Tenda i12 1.0.0.11(3862). The impacted element is an unknown function of the component HTTP Handler. Executing a manipulation can lead to path traversal. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-22"], "affected_products": [], "references": [{"url": "https://github.com/Litengzheng/vuldb_new/blob/main/i12/vul_110/README.md", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/791217", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356375", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356375/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.tenda.com.cn/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-09T06:16:23.393", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00084, "epss_percentile": 0.24469, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1083", "name": "File and Directory Discovery", "tactic": "Discovery"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-62188", "description": "An Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Apache DolphinScheduler.\n\nThis vulnerability may allow unauthorized actors to access sensitive information, including database credentials.\n\n\nThis issue affects Apache DolphinScheduler versions 3.1.*.\n\n\nUsers are recommended to upgrade to:\n\n\n\n\n\n\n\n  *  version ≥ 3.2.0 if using 3.1.x\n\n\n\n\n\n\nAs a temporary workaround, users who cannot upgrade immediately may restrict the exposed management endpoints by setting the following environment variable:\n\n\n```\nMANAGEMENT_ENDPOINTS_WEB_EXPOSURE_INCLUDE=health,metrics,prometheus\n```\n\nAlternatively, add the following configuration to the application.yaml file:\n\n\n```\nmanagement:\n   endpoints:\n     web:\n        exposure:\n          include: health,metrics,prometheus\n```\n\nThis issue has been reported as CVE-2023-48796:\n\n https://cveprocess.apache.org/cve5/CVE-2023-48796", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-200"], "affected_products": [], "references": [{"url": "https://lists.apache.org/thread/ffrmkcwgr2lcz0f5nnnyswhpn3fytsvo", "source": "security@apache.org", "tags": []}, {"url": "https://www.cve.org/CVERecord?id=CVE-2023-48796", "source": "security@apache.org", "tags": []}], "published": "2026-04-09T10:16:20.260", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0001, "epss_percentile": 0.01089, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1005", "name": "Data from Local System", "tactic": "Collection"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2024-1490", "description": "An authenticated remote attacker with high privileges can exploit the OpenVPN configuration via the web-based management interface of a WAGO PLC. If user-defined scripts are permitted, OpenVPN may allow the execution of arbitrary shell commands enabling the attacker to run arbitrary commands on the device.", "cvss_score": 7.2, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-94"], "affected_products": [], "references": [{"url": "https://certvde.com/de/advisories/VDE-2024-008", "source": "info@cert.vde.com", "tags": []}, {"url": "https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2024-008.json", "source": "info@cert.vde.com", "tags": []}], "published": "2026-04-09T11:16:19.657", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00073, "epss_percentile": 0.22066, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.6, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4660", "description": "HashiCorp’s go-getter library up to v1.8.5 may allow arbitrary file reads on the file system during certain git operations through a maliciously crafted URL. This vulnerability, CVE-2026-4660, is fixed in go-getter v1.8.6. This vulnerability does not affect the go-getter/v2 branch and package.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-200"], "affected_products": [], "references": [{"url": "https://discuss.hashicorp.com/t/hcsec-2026-04-go-getter-may-allow-to-arbitrary-filesystem-reads-through-git-operations/77311", "source": "security@hashicorp.com", "tags": []}], "published": "2026-04-09T14:16:32.993", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00031, "epss_percentile": 0.08705, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1005", "name": "Data from Local System", "tactic": "Collection"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4113", "description": "An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to enumerate SSL VPN user credentials.", "cvss_score": 7.2, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-204"], "affected_products": [], "references": [{"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0003", "source": "PSIRT@sonicwall.com", "tags": []}], "published": "2026-04-09T15:16:13.683", "last_modified": "2026-04-13T19:16:52.533", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00069, "epss_percentile": 0.21266, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.6, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4116", "description": "Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN user to bypass Workplace/Connect Tunnel TOTP authentication.", "cvss_score": 7.2, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-176"], "affected_products": [], "references": [{"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0003", "source": "PSIRT@sonicwall.com", "tags": []}], "published": "2026-04-09T15:16:14.010", "last_modified": "2026-04-13T19:16:52.710", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00116, "epss_percentile": 0.30182, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.6, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5437", "description": "An out-of-bounds read vulnerability exists in `DicomStreamReader` during DICOM meta-header parsing. When processing malformed metadata structures, the parser may read beyond the bounds of the allocated metadata buffer. Although this issue does not typically crash the server or expose data directly to the attacker, it reflects insufficient input validation in the parsing logic.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": [], "affected_products": [], "references": [{"url": "https://kb.cert.org/vuls/id/536588", "source": "cret@cert.org", "tags": []}, {"url": "https://www.machinespirits.de/", "source": "cret@cert.org", "tags": []}, {"url": "https://www.orthanc-server.com/", "source": "cret@cert.org", "tags": []}], "published": "2026-04-09T15:16:15.093", "last_modified": "2026-04-14T17:16:52.950", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00014, "epss_percentile": 0.02622, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5438", "description": "A gzip decompression bomb vulnerability exists when Orthanc processes HTTP request with `Content-Encoding: gzip`. The server does not enforce limits on decompressed size and allocates memory based on attacker-controlled compression metadata. A specially crafted gzip payload can trigger excessive memory allocation and exhaust system memory.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": [], "affected_products": [], "references": [{"url": "https://kb.cert.org/vuls/id/536588", "source": "cret@cert.org", "tags": []}, {"url": "https://www.machinespirits.de/", "source": "cret@cert.org", "tags": []}, {"url": "https://www.orthanc-server.com/", "source": "cret@cert.org", "tags": []}], "published": "2026-04-09T15:16:15.327", "last_modified": "2026-04-14T17:16:53.113", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00017, "epss_percentile": 0.03894, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5439", "description": "A memory exhaustion vulnerability exists in ZIP archive processing. Orthanc automatically extracts ZIP archives uploaded to certain endpoints and trusts metadata fields describing the uncompressed size of archived files. An attacker can craft a small ZIP archive containing a forged size value, causing the server to allocate extremely large buffers during extraction.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": [], "affected_products": [], "references": [{"url": "https://kb.cert.org/vuls/id/536588", "source": "cret@cert.org", "tags": []}, {"url": "https://www.machinespirits.de/", "source": "cret@cert.org", "tags": []}, {"url": "https://www.orthanc-server.com/", "source": "cret@cert.org", "tags": []}], "published": "2026-04-09T15:16:15.443", "last_modified": "2026-04-14T17:16:53.270", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00017, "epss_percentile": 0.03894, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5440", "description": "A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the `Content-Length` header.  The server allocates memory directly based on the attacker supplied header value without enforcing an upper limit. A crafted HTTP request containing an extremely large `Content-Length` value can trigger excessive memory allocation and server termination, even without sending a request body.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-770"], "affected_products": [{"vendor": "orthanc-server", "product": "orthanc", "cpe": "cpe:2.3:a:orthanc-server:orthanc:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://kb.cert.org/vuls/id/536588", "source": "cret@cert.org", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://www.machinespirits.de/", "source": "cret@cert.org", "tags": ["Not Applicable"]}, {"url": "https://www.orthanc-server.com/", "source": "cret@cert.org", "tags": ["Product"]}], "published": "2026-04-09T15:16:16.337", "last_modified": "2026-04-14T20:26:57.417", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00023, "epss_percentile": 0.06095, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33266", "description": "Use of Hard-coded Cryptographic Key vulnerability in Apache OpenMeetings.\n\nThe remember-me cookie encryption key is set to default value in openmeetings.properties and not being auto-rotated. In case OM admin hasn't changed the default encryption key, an attacker who has stolen a cookie from a logged-in user can get full user credentials.\n\n\nThis issue affects Apache OpenMeetings: from 6.1.0 before 9.0.0.\n\nUsers are recommended to upgrade to version 9.0.0, which fixes the issue.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-321"], "affected_products": [], "references": [{"url": "https://lists.apache.org/thread/b05jnp9563v49zq494lox9kjbhhf2w66", "source": "security@apache.org", "tags": []}, {"url": "http://www.openwall.com/lists/oss-security/2026/04/09/11", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2026-04-09T16:16:26.960", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00018, "epss_percentile": 0.04608, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34020", "description": "Use of GET Request Method With Sensitive Query Strings vulnerability in Apache OpenMeetings.\n\nThe REST login endpoint uses HTTP GET method with username and password passed as query parameters. Please check references regarding possible impact\n\n\nThis issue affects Apache OpenMeetings: from 3.1.3 before 9.0.0.\n\nUsers are recommended to upgrade to version 9.0.0, which fixes the issue.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-598"], "affected_products": [], "references": [{"url": "https://lists.apache.org/thread/2h3h9do5tp17xldr0nps1yjmkx4vs3db", "source": "security@apache.org", "tags": []}, {"url": "https://owasp.org/www-community/vulnerabilities/Information_exposure_through_query_strings_in_url", "source": "security@apache.org", "tags": []}, {"url": "http://www.openwall.com/lists/oss-security/2026/04/09/12", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2026-04-09T16:16:27.090", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00029, "epss_percentile": 0.08181, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40046", "description": "Integer Overflow or Wraparound vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT.\n\nThe fix for \"CVE-2025-66168: MQTT control packet remaining length field is not properly validated\" was only applied to 5.19.2 (and future 5.19.x) releases but was missed for all 6.0.0+ versions.\n\n\nThis issue affects Apache ActiveMQ: from 6.0.0 before 6.2.4; Apache ActiveMQ All: from 6.0.0 before 6.2.4; Apache ActiveMQ MQTT: from 6.0.0 before 6.2.4.\n\n\n\nUsers are recommended to upgrade to version 6.2.4 or a 5.19.x version starting with 5.19.2 or later (currently latest is 5.19.5), which fixes the issue.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-190"], "affected_products": [], "references": [{"url": "https://activemq.apache.org/security-advisories.data/CVE-2026-40046-announcement.txt", "source": "security@apache.org", "tags": []}, {"url": "https://lists.apache.org/thread/zdntj5rcgjjzrpow84o339lzldy68zrg", "source": "security@apache.org", "tags": []}, {"url": "https://www.cve.org/CVERecord?id=CVE-2025-66168", "source": "security@apache.org", "tags": []}], "published": "2026-04-09T17:16:31.650", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00038, "epss_percentile": 0.11187, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5961", "description": "A security vulnerability has been detected in code-projects Simple IT Discussion Forum 1.0. This vulnerability affects unknown code of the file /topic-details.php. The manipulation of the argument post_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-74", "CWE-89"], "affected_products": [], "references": [{"url": "https://code-projects.org/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/sifute123/cve/issues/1", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/790149", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356514", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356514/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-09T17:16:33.957", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0003, "epss_percentile": 0.08446, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5962", "description": "A vulnerability was detected in Tenda CH22 1.0.0.6(468). This issue affects the function R7WebsSecurityHandlerfunction of the component httpd. The manipulation results in path traversal. The attack may be launched remotely. The exploit is now public and may be used.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-22"], "affected_products": [], "references": [{"url": "https://github.com/Litengzheng/vuldb_new/blob/main/CH22/vul_55/README.md", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/791277", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356515", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356515/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.tenda.com.cn/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-09T17:16:35.037", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00062, "epss_percentile": 0.19292, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1083", "name": "File and Directory Discovery", "tactic": "Discovery"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-1584", "description": "A flaw was found in gnutls. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted ClientHello message with an invalid Pre-Shared Key (PSK) binder value during the TLS handshake. This can lead to a NULL pointer dereference, causing the server to crash and resulting in a remote Denial of Service (DoS) condition.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-476"], "affected_products": [], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-1584", "source": "secalert@redhat.com", "tags": []}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435258", "source": "secalert@redhat.com", "tags": []}], "published": "2026-04-09T18:16:44.047", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00081, "epss_percentile": 0.23919, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40069", "description": "BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.1.0 to before 0.8.2, BSV::Network::ARC's failure detection only recognises REJECTED and DOUBLE_SPEND_ATTEMPTED. ARC responses with txStatus values of INVALID, MALFORMED, MINED_IN_STALE_BLOCK, or any ORPHAN-containing extraInfo / txStatus are silently treated as successful broadcasts. Applications that gate actions on broadcaster success are tricked into trusting transactions that were never accepted by the network. This vulnerability is fixed in 0.8.2.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-754"], "affected_products": [], "references": [{"url": "https://github.com/sgbett/bsv-ruby-sdk/commit/4992e8a265fd914a7eeb0405c69d1ff0122a84cc", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/sgbett/bsv-ruby-sdk/issues/305", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/sgbett/bsv-ruby-sdk/pull/306", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/sgbett/bsv-ruby-sdk/releases/tag/v0.8.2", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/sgbett/bsv-ruby-sdk/security/advisories/GHSA-9hfr-gw99-8rhx", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-09T18:17:03.043", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00031, "epss_percentile": 0.08763, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5970", "description": "A vulnerability was detected in FoundationAgents MetaGPT up to 0.8.1. This affects the function check_solution of the component HumanEvalBenchmark/MBPPBenchmark. Performing a manipulation results in code injection. The attack may be initiated remotely. The exploit is now public and may be used. The project was informed of the problem early through a pull request but has not reacted yet.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-74", "CWE-94"], "affected_products": [], "references": [{"url": "https://github.com/FoundationAgents/MetaGPT/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/FoundationAgents/MetaGPT/issues/1942", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/FoundationAgents/MetaGPT/pull/1988", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/791693", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356524", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356524/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-09T18:17:04.497", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00052, "epss_percentile": 0.16159, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5971", "description": "A flaw has been found in FoundationAgents MetaGPT up to 0.8.1. This vulnerability affects the function ActionNode.xml_fill of the file metagpt/actions/action_node.py of the component XML Handler. Executing a manipulation can lead to improper neutralization of directives in dynamically evaluated code. The attack may be launched remotely. The exploit has been published and may be used. The project was informed of the problem early through a pull request but has not reacted yet.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-94", "CWE-95"], "affected_products": [], "references": [{"url": "https://github.com/FoundationAgents/MetaGPT/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/FoundationAgents/MetaGPT/issues/1928", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/FoundationAgents/MetaGPT/issues/1956", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/791734", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356525", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356525/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-09T18:17:04.723", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00052, "epss_percentile": 0.16159, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35186", "description": "Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Winch compiler backend contains a bug where translating the table.grow operator causes the result to be incorrectly typed. For 32-bit tables this means that the result of the operator, internally in Winch, is tagged as a 64-bit value instead of a 32-bit value. This invalid internal representation of Winch's compiler state compounds into further issues depending on how the value is consumed. The primary consequence of this bug is that bytes in the host's address space can be stored/read from. This is only applicable to the 16 bytes before linear memory, however, as the only significant return value of table.grow that can be misinterpreted is -1. The bytes before linear memory are, by default, unmapped memory. Wasmtime will detect this fault and abort the process, however, because wasm should not be able to access these bytes. Overall this this bug in Winch represents a DoS vector by crashing the host process, a correctness issue within Winch, and a possible leak of up to 16-bytes before linear memory. Wasmtime's default compiler is Cranelift, not Winch, and Wasmtime's default settings are to place guard pages before linear memory. This means that Wasmtime's default configuration is not affected by this issue, and when explicitly choosing Winch Wasmtime's otherwise default configuration leads to a DoS. Disabling guard pages before linear memory is required to possibly leak up to 16-bytes of host data. This vulnerability is fixed in 36.0.7, 42.0.2, and 43.0.1.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-789"], "affected_products": [], "references": [{"url": "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-f984-pcp8-v2p7", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-09T19:16:25.343", "last_modified": "2026-04-13T21:16:26.100", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0004, "epss_percentile": 0.11889, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-24880", "description": "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Apache Tomcat via invalid chunk extension.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M1 through 9.0.115, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109.\nOther, unsupported versions may also be affected.\n\nUsers are recommended to upgrade to version 11.0.20, 10.1.52 or 9.0.116, which fix the issue.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-444"], "affected_products": [{"vendor": "apache", "product": "tomcat", "cpe": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*"}, {"vendor": "apache", "product": "tomcat", "cpe": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*"}, {"vendor": "apache", "product": "tomcat", "cpe": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://lists.apache.org/thread/2c682qnlg2tv4o5knlggqbl9yc2gb5sn", "source": "security@apache.org", "tags": ["Mailing List", "Vendor Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2026/04/09/20", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}], "published": "2026-04-09T20:16:24.060", "last_modified": "2026-04-14T20:02:48.987", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00029, "epss_percentile": 0.08075, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-29129", "description": "Configured cipher preference order not preserved vulnerability in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.16 through 11.0.18, from 10.1.51 through 10.1.52, from 9.0.114 through 9.0.115.\n\nUsers are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-327"], "affected_products": [{"vendor": "apache", "product": "tomcat", "cpe": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*"}, {"vendor": "apache", "product": "tomcat", "cpe": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*"}, {"vendor": "apache", "product": "tomcat", "cpe": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://lists.apache.org/thread/r4h1t6f8xhxsxfm6c2z5cprolsosho3f", "source": "security@apache.org", "tags": ["Mailing List", "Vendor Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2026/04/09/22", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}], "published": "2026-04-09T20:16:24.343", "last_modified": "2026-04-14T14:00:19.050", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00021, "epss_percentile": 0.05716, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1557", "name": "Adversary-in-the-Middle", "tactic": "Credential Access"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-29146", "description": "Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109.\n\nUsers are recommended to upgrade to version 11.0.19, 10.1.53 and 9.0.116, which fixes the issue.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-209", "CWE-642"], "affected_products": [{"vendor": "apache", "product": "tomcat", "cpe": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*"}, {"vendor": "apache", "product": "tomcat", "cpe": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*"}, {"vendor": "apache", "product": "tomcat", "cpe": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*"}, {"vendor": "apache", "product": "tomcat", "cpe": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*"}, {"vendor": "apache", "product": "tomcat", "cpe": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://lists.apache.org/thread/lzt04z2pb3dc5tk85obn80xygw3z1p0w", "source": "security@apache.org", "tags": ["Mailing List", "Vendor Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2026/04/09/24", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}], "published": "2026-04-09T20:16:24.577", "last_modified": "2026-04-14T12:56:21.453", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00031, "epss_percentile": 0.08705, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1005", "name": "Data from Local System", "tactic": "Collection"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34483", "description": "Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.40 through 9.0.116.\n\nUsers are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117 , which fix the issue.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-116"], "affected_products": [{"vendor": "apache", "product": "tomcat", "cpe": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*"}, {"vendor": "apache", "product": "tomcat", "cpe": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*"}, {"vendor": "apache", "product": "tomcat", "cpe": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://lists.apache.org/thread/j1w7304yonlr8vo1tkb5nfs7od1y228b", "source": "security@apache.org", "tags": ["Mailing List", "Vendor Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2026/04/09/26", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}], "published": "2026-04-09T20:16:24.937", "last_modified": "2026-04-14T12:46:39.530", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00031, "epss_percentile": 0.08705, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34486", "description": "Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor.\n\nThis issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116.\n\nUsers are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the issue.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-311"], "affected_products": [{"vendor": "apache", "product": "tomcat", "cpe": "cpe:2.3:a:apache:tomcat:9.0.116:*:*:*:*:*:*:*"}, {"vendor": "apache", "product": "tomcat", "cpe": "cpe:2.3:a:apache:tomcat:10.1.53:*:*:*:*:*:*:*"}, {"vendor": "apache", "product": "tomcat", "cpe": "cpe:2.3:a:apache:tomcat:11.0.20:*:*:*:*:*:*:*"}], "references": [{"url": "https://lists.apache.org/thread/9510k5p5zdvt9pkkgtyp85mvwxo2qrly", "source": "security@apache.org", "tags": ["Mailing List", "Vendor Advisory"]}], "published": "2026-04-09T20:16:25.063", "last_modified": "2026-04-14T12:45:40.433", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00012, "epss_percentile": 0.01775, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34487", "description": "Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clustering component of Apache Tomcat exposed the Kubernetes bearer token.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.13 through 9.0.116.\n\nUsers are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the issue.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-532"], "affected_products": [{"vendor": "apache", "product": "tomcat", "cpe": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*"}, {"vendor": "apache", "product": "tomcat", "cpe": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*"}, {"vendor": "apache", "product": "tomcat", "cpe": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://lists.apache.org/thread/4xpkwolpkrj8v5xzp5nyovtlqp3y850h", "source": "security@apache.org", "tags": ["Mailing List", "Vendor Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2026/04/09/28", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}], "published": "2026-04-09T20:16:25.203", "last_modified": "2026-04-14T12:44:45.573", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00031, "epss_percentile": 0.08705, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1005", "name": "Data from Local System", "tactic": "Collection"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5972", "description": "A vulnerability has been found in FoundationAgents MetaGPT up to 0.8.1. This issue affects the function Terminal.run_command in the library metagpt/tools/libs/terminal.py. The manipulation leads to os command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The identifier of the patch is d04ffc8dc67903e8b327f78ec121df5e190ffc7b. Applying a patch is the recommended action to fix this issue.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-77", "CWE-78"], "affected_products": [], "references": [{"url": "https://github.com/FoundationAgents/MetaGPT/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/FoundationAgents/MetaGPT/issues/1929", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/paipeline/MetaGPT/commit/d04ffc8dc67903e8b327f78ec121df5e190ffc7b", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/791745", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356526", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356526/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-09T20:16:28.943", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.01054, "epss_percentile": 0.77583, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.3, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5973", "description": "A vulnerability was found in FoundationAgents MetaGPT up to 0.8.1. Impacted is the function get_mime_type of the file metagpt/utils/common.py. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. The project was informed of the problem early through a pull request but has not reacted yet.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-77", "CWE-78"], "affected_products": [], "references": [{"url": "https://github.com/FoundationAgents/MetaGPT/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/FoundationAgents/MetaGPT/issues/1930", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/FoundationAgents/MetaGPT/pull/1983", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/791755", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356527", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356527/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-09T20:16:29.143", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.01054, "epss_percentile": 0.77583, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.3, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5974", "description": "A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The affected element is the function Bash.run in the library metagpt/tools/libs/terminal.py. This manipulation causes os command injection. The attack is possible to be carried out remotely. The project was informed of the problem early through a pull request but has not reacted yet.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-77", "CWE-78"], "affected_products": [], "references": [{"url": "https://github.com/FoundationAgents/MetaGPT/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/FoundationAgents/MetaGPT/issues/1931", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/FoundationAgents/MetaGPT/pull/1940", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/791758", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356528", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356528/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-09T20:16:29.347", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.01054, "epss_percentile": 0.77583, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.3, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-21916", "description": "A UNIX Symbolic Link (Symlink) Following vulnerability in the CLI of Juniper Networks Junos OS allows a local, authenticated attacker with low privileges to escalate their privileges to root which will lead to a complete compromise of the system.\n\nWhen after a user has performed a specific 'file link ...' CLI operation, another user commits (unrelated configuration changes), the first user can login as root.\n\nThis issue affects Junos OS:\n  *  all versions before 23.2R2-S7,\n  *  23.4 versions before 23.4R2-S6,\n  *  24.2 versions before 24.2R2-S3,\n  *  24.4 versions before 24.4R2-S2,\n  *  25.2 versions before 25.2R2.\n\n\nThis issue does not affect versions 25.4R1 or later.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-61"], "affected_products": [], "references": [{"url": "https://kb.juniper.net/JSA107807", "source": "sirt@juniper.net", "tags": []}], "published": "2026-04-09T22:16:24.953", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00012, "epss_percentile": 0.01621, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33771", "description": "A Weak Password Requirements vulnerability in the password management function of Juniper Networks CTP OS might allow an unauthenticated, network-based attacker to exploit weak passwords of local accounts and potentially take full control of the device.\n\nThe password management menu enables the administrator to set password complexity requirements, but these settings are not saved. The issue can be verified with the menu option \"Show password requirements\". Failure to enforce the intended requirements can lead to weak passwords being used, which significantly increases the likelihood that an attacker can guess these and subsequently attain unauthorized access.\n\n\n\nThis issue affects CTP OS versions 9.2R1 and 9.2R2.", "cvss_score": 7.4, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-521"], "affected_products": [], "references": [{"url": "https://kb.juniper.net/JSA107864", "source": "sirt@juniper.net", "tags": []}], "published": "2026-04-09T22:16:25.430", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00036, "epss_percentile": 0.10431, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33778", "description": "An Improper Validation of Syntactic Correctness of Input vulnerability in the  IPsec library used by kmd and iked of Juniper Networks Junos OS on SRX Series and MX Series allows an unauthenticated, network-based attacker to cause a complete Denial-of-Service (DoS).\n\nIf an affected device receives a specifically malformed first ISAKMP packet from the initiator, the kmd/iked process will crash and restart, which momentarily prevents new security associations (SAs) for from being established. Repeated exploitation of this vulnerability causes a complete inability to establish new VPN connections.\n\nThis issue affects Junos OS on \n\nSRX Series and MX Series:\n\n\n\n  *  all versions before 22.4R3-S9,\n  *  23.2 version before 23.2R2-S6,\n  *  23.4 version before 23.4R2-S7,\n  *  24.2 versions before 24.2R2-S4,\n  *  24.4 versions before 24.4R2-S3,\n  *  25.2 versions before 25.2R1-S2, 25.2R2.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-1286"], "affected_products": [], "references": [{"url": "https://kb.juniper.net/JSA107868", "source": "sirt@juniper.net", "tags": []}], "published": "2026-04-09T22:16:26.500", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00059, "epss_percentile": 0.18435, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33790", "description": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an attacker sending a specific, malformed ICMPv6 packet to cause the srxpfe process to crash and restart. Continued receipt and processing of these packets will repeatedly crash the srxpfe process and sustain the Denial of Service (DoS) condition.\n\nDuring NAT64 translation, receipt of a specific, malformed ICMPv6 packet destined to the device will cause the srxpfe process to crash and restart.\n\nThis issue cannot be triggered using IPv4 nor other IPv6 traffic.\n\n\n\nThis issue affects Junos OS on SRX Series:\n  *  all versions before 21.2R3-S10,\n  *  all versions of 21.3,\n  *  from 21.4 before 21.4R3-S12,\n  *  all versions of 22.1,\n  *  from 22.2 before 22.2R3-S8,\n  *  all versions of 22.4,\n  *  from 22.4 before 22.4R3-S9,\n  *  from 23.2 before 23.2R2-S6,\n  *  from 23.4 before 23.4R2-S7,\n  *  from 24.2 before 24.2R2-S3,\n  *  from 24.4 before 24.4R2-S3,\n  *  from 25.2 before 25.2R1-S2, 25.2R2.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-754"], "affected_products": [], "references": [{"url": "https://kb.juniper.net/JSA107874", "source": "sirt@juniper.net", "tags": []}], "published": "2026-04-09T22:16:28.803", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0004, "epss_percentile": 0.1194, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33797", "description": "An Improper Input Validation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker, sending a specific genuine BGP packet in an already established BGP session to reset only that session causing a Denial of Service (DoS).\n\nAn attacker repeatedly sending the packet will sustain the Denial of Service (DoS).This issue affects Junos OS:\n\n  *  25.2 versions before 25.2R2\n\n\nThis issue doesn't not affected Junos OS versions before 25.2R1.\n\nThis issue affects Junos OS Evolved: \n  *  25.2-EVO versions before 25.2R2-EVO\n\n\nThis issue doesn't not affected Junos OS Evolved versions before 25.2R1-EVO.\n\neBGP and iBGP are affected.\nIPv4 and IPv6 are affected.", "cvss_score": 7.4, "cvss_vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-20"], "affected_products": [], "references": [{"url": "https://kb.juniper.net/JSA107850", "source": "sirt@juniper.net", "tags": []}], "published": "2026-04-09T22:16:29.547", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00022, "epss_percentile": 0.05889, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35629", "description": "OpenClaw before 2026.3.25 contains a server-side request forgery vulnerability in multiple channel extensions that fail to properly guard configured base URLs against SSRF attacks. Attackers can exploit unprotected fetch() calls against configured endpoints to rebind requests to blocked internal destinations and access restricted resources.", "cvss_score": 7.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-918"], "affected_products": [], "references": [{"url": "https://github.com/openclaw/openclaw/commit/f92c92515bd439a71bd03eb1bc969c1964f17acf", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-rhfg-j8jq-7v2h", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-via-unguarded-configured-base-urls-in-channel-extensions", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-09T22:16:31.603", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00034, "epss_percentile": 0.09636, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1090", "name": "Proxy", "tactic": "Command and Control"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35637", "description": "OpenClaw before 2026.3.22 performs cite expansion before completing channel and DM authorization checks, allowing cite work and content handling prior to final auth decisions. Attackers can exploit this timing vulnerability to access or manipulate content before proper authorization validation occurs.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-696"], "affected_products": [], "references": [{"url": "https://github.com/openclaw/openclaw/commit/3cbf932413e41d1836cb91aed1541a28a3122f93", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://github.com/openclaw/openclaw/commit/ebee4e2210e1f282a982c7ef2ad79d77a572fc87", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-vfg3-pqpq-93m4", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/openclaw-premature-cite-expansion-before-authorization-in-channel-and-dm", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-09T22:16:32.933", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00042, "epss_percentile": 0.12573, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40114", "description": "PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /api/v1/runs endpoint accepts an arbitrary webhook_url in the request body with no URL validation. When a submitted job completes (success or failure), the server makes an HTTP POST request to this URL using httpx.AsyncClient. An unauthenticated attacker can use this to make the server send POST requests to arbitrary internal or external destinations, enabling SSRF against cloud metadata services, internal APIs, and other network-adjacent services. This vulnerability is fixed in 4.5.128.", "cvss_score": 7.2, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-918"], "affected_products": [], "references": [{"url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-8frj-8q3m-xhgm", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-09T22:16:35.000", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00027, "epss_percentile": 0.07357, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1090", "name": "Proxy", "tactic": "Command and Control"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.6, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40116", "description": "PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /media-stream WebSocket endpoint in PraisonAI's call module accepts connections from any client without authentication or Twilio signature validation. Each connection opens an authenticated session to OpenAI's Realtime API using the server's API key. There are no limits on concurrent connections, message rate, or message size, allowing an unauthenticated attacker to exhaust server resources and drain the victim's OpenAI API credits. This vulnerability is fixed in 4.5.128.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-770"], "affected_products": [], "references": [{"url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-q5r4-47m9-5mc7", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-q5r4-47m9-5mc7", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": []}], "published": "2026-04-09T22:16:35.297", "last_modified": "2026-04-14T15:16:37.567", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00035, "epss_percentile": 0.10323, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40153", "description": "PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the execute_command function in shell_tools.py calls os.path.expandvars() on every command argument at line 64, manually re-implementing shell-level environment variable expansion despite using shell=False (line 88) for security. This allows exfiltration of secrets stored in environment variables (database credentials, API keys, cloud access keys). The approval system displays the unexpanded $VAR references to human reviewers, creating a deceptive approval where the displayed command differs from what actually executes. This vulnerability is fixed in 1.5.128.", "cvss_score": 7.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-526"], "affected_products": [], "references": [{"url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-v8g7-9q6v-p3x8", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-v8g7-9q6v-p3x8", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": []}], "published": "2026-04-09T22:16:36.350", "last_modified": "2026-04-13T16:16:32.017", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00031, "epss_percentile": 0.08705, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5985", "description": "A security flaw has been discovered in code-projects Simple IT Discussion Forum 1.0. The affected element is an unknown function of the file /crud.php. The manipulation of the argument user_Id results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-74", "CWE-89"], "affected_products": [], "references": [{"url": "https://code-projects.org/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/2581565901/thebugihadfind/issues/1", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/791897", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356539", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356539/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-09T23:17:01.710", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0003, "epss_percentile": 0.08446, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-3360", "description": "The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to an Insecure Direct Object Reference in all versions up to, and including, 3.9.7. This is due to missing authentication and authorization checks in the `pay_incomplete_order()` function. The function accepts an attacker-controlled `order_id` parameter and uses it to look up order data, then writes billing fields to the order owner's profile (`$order_data->user_id`) without verifying the requester's identity or ownership. Because the Tutor nonce (`_tutor_nonce`) is exposed on public frontend pages, this makes it possible for unauthenticated attackers to overwrite the billing profile (name, email, phone, address) of any user who has an incomplete manual order, by sending a crafted POST request with a guessed or enumerated `order_id`.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.7/classes/Tutor.php#L563", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.7/ecommerce/CheckoutController.php#L1059", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.7/ecommerce/CheckoutController.php#L108", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/tutor/trunk/ecommerce/CheckoutController.php#L1059", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/changeset/3496394/tutor/trunk/ecommerce/CheckoutController.php", "source": "security@wordfence.com", "tags": []}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7f365519-dd0a-4f39-880d-7216ce2f7d1e?source=cve", "source": "security@wordfence.com", "tags": []}], "published": "2026-04-10T02:16:03.073", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00102, "epss_percentile": 0.27911, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6004", "description": "A vulnerability was detected in code-projects Simple IT Discussion Forum 1.0. Impacted is an unknown function of the file /delete-category.php. Performing a manipulation of the argument cat_id results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-74", "CWE-89"], "affected_products": [], "references": [{"url": "https://code-projects.org/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/zulu225588/zulu-loudong/issues/1", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/794333", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356560", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356560/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-10T03:16:04.700", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0003, "epss_percentile": 0.08446, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6024", "description": "A vulnerability was determined in Tenda i6 1.0.0.7(2204). Affected by this issue is the function R7WebsSecurityHandlerfunction of the component HTTP Handler. This manipulation causes path traversal. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-22"], "affected_products": [], "references": [{"url": "https://github.com/Litengzheng/vuldb_new/blob/main/M3/vul_84/README.md", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/791826", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356600", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356600/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.tenda.com.cn/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-10T06:16:06.993", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00062, "epss_percentile": 0.19292, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1083", "name": "File and Directory Discovery", "tactic": "Discovery"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-22750", "description": "When configuring SSL bundles in Spring Cloud Gateway by using the configuration property spring.ssl.bundle, the configuration was silently ignored and the default SSL configuration was used instead.\nNote: The 4.2.x branch is no longer under open source support. If you are using Spring Cloud Gateway 4.2.0 and are not an enterprise customer, you can upgrade to any Spring Cloud Gateway 4.2.x release newer than 4.2.0  available on Maven Centeral https://repo1.maven.org/maven2/org/springframework/cloud/spring-cloud-gateway/ . Ideally if you are not an enterprise customer, you should be upgrading to 5.0.2 or 5.1.1 which are the current supported open source releases.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-15"], "affected_products": [], "references": [{"url": "https://spring.io/security/cve-2026-22750", "source": "security@vmware.com", "tags": []}], "published": "2026-04-10T08:16:24.787", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00034, "epss_percentile": 0.09851, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6031", "description": "A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. This affects an unknown function of the file /add-category-function.php. Such manipulation of the argument Category leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-74", "CWE-89"], "affected_products": [], "references": [{"url": "https://code-projects.org/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/GeekShuo/None/issues/2", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/795486", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356607", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356607/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-10T08:16:26.253", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0003, "epss_percentile": 0.08446, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6036", "description": "A vulnerability was found in code-projects Vehicle Showroom Management System 1.0. The impacted element is an unknown function of the file /util/VehicleDetailsFunction.php. The manipulation of the argument VEHICLE_ID results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-74", "CWE-89"], "affected_products": [], "references": [{"url": "https://code-projects.org/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/TAnNbR/CVE/issues/3", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/796201", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356617", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356617/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-10T09:16:24.787", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0003, "epss_percentile": 0.08446, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6037", "description": "A vulnerability was determined in code-projects Vehicle Showroom Management System 1.0. This affects an unknown function of the file /util/AddVehicleFunction.php. This manipulation of the argument BRANCH_ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-74", "CWE-89"], "affected_products": [], "references": [{"url": "https://code-projects.org/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/TAnNbR/CVE/issues/4", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/796232", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356618", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356618/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-10T09:16:25.000", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0003, "epss_percentile": 0.08446, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6038", "description": "A vulnerability was identified in code-projects Vehicle Showroom Management System 1.0. This impacts an unknown function of the file /util/RegisterCustomerFunction.php. Such manipulation of the argument BRANCH_ID leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-74", "CWE-89"], "affected_products": [], "references": [{"url": "https://code-projects.org/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/mrpgi/cve/issues/3", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/796281", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356619", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356619/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-10T09:16:25.220", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0003, "epss_percentile": 0.08446, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39304", "description": "Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ.\n\nActiveMQ NIO SSL transports do not correctly handle TLSv1.3 handshake KeyUpdates triggered by clients. This makes it possible for a client to rapidly trigger updates which causes the broker to exhaust all its memory in the SSL engine leading to DoS.\n\nNote: TLS versions before TLSv1.3 (such as TLSv1.2) are broken but are not vulnerable to OOM. Previous TLS versions require a full handshake renegotiation which causes a connection to hang but not OOM. This is fixed as well.\nThis issue affects Apache ActiveMQ Client: before 5.19.4, from 6.0.0 before 6.2.4; Apache ActiveMQ Broker: before 5.19.4, from 6.0.0 before 6.2.4; Apache ActiveMQ: before 5.19.4, from 6.0.0 before 6.2.4.\n\nUsers are recommended to upgrade to version 6.2.4 or 5.19.5, which fixes the issue.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-400"], "affected_products": [], "references": [{"url": "https://activemq.apache.org/security-advisories.data/CVE-2026-39304-announcement.txt", "source": "security@apache.org", "tags": []}, {"url": "http://www.openwall.com/lists/oss-security/2026/04/09/17", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2026-04-10T11:16:23.143", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0004, "epss_percentile": 0.1194, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-5804", "description": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Case Themes Case Theme User allows PHP Local File Inclusion.This issue affects Case Theme User: from n/a before 1.0.4.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-98"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/wordpress/plugin/case-theme-user/vulnerability/wordpress-case-theme-user-1-0-4-local-file-inclusion-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-10T14:16:25.450", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00067, "epss_percentile": 0.20721, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6067", "description": "A heap buffer overflow vulnerability exists in the Netwide Assembler (NASM) due to a lack of bounds checking in the obj_directive() function. This vulnerability can be exploited by a user assembling a malicious .asm file, potentially leading to heap memory corruption, denial of service (crash), and arbitrary code execution.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": [], "affected_products": [], "references": [{"url": "https://github.com/netwide-assembler/nasm/issues/203", "source": "cret@cert.org", "tags": []}], "published": "2026-04-10T14:16:38.620", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00056, "epss_percentile": 0.17556, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6069", "description": "NASM’s disasm() function contains a stack based buffer overflow when formatting disassembly output, allowing an attacker triggered out-of-bounds write when `slen` exceeds the buffer capacity.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": [], "affected_products": [], "references": [{"url": "https://github.com/netwide-assembler/nasm/issues/217", "source": "cret@cert.org", "tags": []}], "published": "2026-04-10T14:16:38.820", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0004, "epss_percentile": 0.11987, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-23782", "description": "An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. An API management endpoint allows unauthenticated users to obtain both an API identifier and its corresponding secret value. With these exposed secrets, an attacker could invoke privileged API operations, potentially leading to unauthorized access.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-284"], "affected_products": [], "references": [{"url": "https://docs.bmc.com/xwiki/bin/view/Control-M-Orchestration/Control-M/ctm9021/Patches/Control-M-Server-PACTV-9-0-21-308/?srid=ab0apVT3", "source": "cve@mitre.org", "tags": []}, {"url": "https://www.bmc.com/support/resources/issue-defect-management.html", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-10T15:16:23.210", "last_modified": "2026-04-14T15:16:26.350", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00028, "epss_percentile": 0.07788, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-29002", "description": "CouchCMS contains a privilege escalation vulnerability that allows authenticated Admin-level users to create SuperAdmin accounts by tampering with the f_k_levels_list parameter in user creation requests. Attackers can modify the parameter value from 4 to 10 in the HTTP request body to bypass authorization validation and gain full application control, circumventing restrictions on SuperAdmin account creation and privilege assignment.", "cvss_score": 7.2, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-639"], "affected_products": [], "references": [{"url": "https://gist.github.com/thepiyushkumarshukla/477e2d2bbbe8cc3ec0d640c50f0cf9e1", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.couchcms.com/", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/couchcms-privilege-escalation-via-f-k-levels-list-parameter", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-10T16:16:30.513", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00034, "epss_percentile": 0.09857, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.6, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34727", "description": "Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the OIDC callback handler issues a full JWT token without checking whether the matched user has TOTP two-factor authentication enabled. When a local user with TOTP enrolled is matched via the OIDC email fallback mechanism, the second factor is completely skipped. This vulnerability is fixed in 2.3.0.", "cvss_score": 7.4, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-287"], "affected_products": [], "references": [{"url": "https://github.com/go-vikunja/vikunja/security/advisories/GHSA-8jvc-mcx6-r4cg", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/go-vikunja/vikunja/security/advisories/GHSA-8jvc-mcx6-r4cg", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": []}], "published": "2026-04-10T16:16:31.853", "last_modified": "2026-04-13T16:16:27.807", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00038, "epss_percentile": 0.11187, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1078", "name": "Valid Accounts", "tactic": "Initial Access"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35650", "description": "OpenClaw before 2026.3.22 contains an environment variable override handling vulnerability that allows attackers to bypass the shared host environment policy through inconsistent sanitization paths. Attackers can supply blocked or malformed override keys that slip through inconsistent validation to execute arbitrary code with unintended environment variables.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-15"], "affected_products": [{"vendor": "openclaw", "product": "openclaw", "cpe": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*"}], "references": [{"url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87", "source": "disclosure@vulncheck.com", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/commit/7abfff756d6c68d17e21d1657bbacbaec86de232", "source": "disclosure@vulncheck.com", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-39pp-xp36-q6mg", "source": "disclosure@vulncheck.com", "tags": ["Vendor Advisory"]}, {"url": "https://www.vulncheck.com/advisories/openclaw-environment-variable-override-bypass-via-inconsistent-sanitization", "source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"]}], "published": "2026-04-10T17:17:05.627", "last_modified": "2026-04-13T20:46:42.373", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00063, "epss_percentile": 0.19476, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-31940", "description": "Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, in main/lp/aicc_hacp.php, user-controlled request parameters are directly used to set the PHP session ID before loading global bootstrap. This leads to session fixation. This vulnerability is fixed in 1.11.38 and 2.0.0-RC.3.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-384"], "affected_products": [], "references": [{"url": "https://github.com/chamilo/chamilo-lms/commit/ce0192c62e48c9d9474d915c541b3274844afbf9", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/chamilo/chamilo-lms/commit/e337b7cc74a0276a0b4f91f9282204d20cac1869", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-4gp7-cfjh-77gv", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-10T18:16:41.483", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00036, "epss_percentile": 0.10494, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32931", "description": "Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an unrestricted file upload vulnerability in the exercise sound upload function allows an authenticated teacher to upload a PHP webshell by spoofing the Content-Type header to audio/mpeg. The uploaded file retains its original .php extension and is placed in a web-accessible directory, enabling Remote Code Execution as the web server user (www-data). This vulnerability is fixed in 1.11.38 and 2.0.0-RC.3.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-434"], "affected_products": [], "references": [{"url": "https://github.com/chamilo/chamilo-lms/commit/8cbe660de267f2b6ed625433bdfcf38dee8752b4", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/chamilo/chamilo-lms/commit/d5ef5153df3d1b2de112cbeb190cdd10bea457f3", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-863j-h6pf-3xhx", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-10T18:16:42.430", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00158, "epss_percentile": 0.36599, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1105", "name": "Ingress Tool Transfer", "tactic": "Command and Control"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33710", "description": "Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, REST API keys are generated using md5(time() + (user_id * 5) - rand(10000, 10000)). The rand(10000, 10000) call always returns exactly 10000 (min == max), making the formula effectively md5(timestamp + user_id*5 - 10000). An attacker who knows a username and approximate key creation time can brute-force the API key. This vulnerability is fixed in 1.11.38 and 2.0.0-RC.3.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-330"], "affected_products": [], "references": [{"url": "https://github.com/chamilo/chamilo-lms/commit/4448701bb8ec557e94ef02d19c72cbe9c49c2d09", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/chamilo/chamilo-lms/commit/e7400dd840586ae134b286d0a2374f3d269a9a9d", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-rpmg-j327-mr39", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-10T19:16:24.257", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00029, "epss_percentile": 0.08181, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40242", "description": "Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.17.3, the /api/templates/fetch endpoint accepts a caller-supplied url parameter and performs a server-side HTTP GET request to that URL without authentication and without URL scheme or host validation. The server's response is returned directly to the caller. type. This constitutes an unauthenticated SSRF vulnerability affecting any publicly reachable Arcane instance. This vulnerability is fixed in 1.17.3.", "cvss_score": 7.2, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-918"], "affected_products": [], "references": [{"url": "https://github.com/getarcaneapp/arcane/releases/tag/v1.17.3", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/getarcaneapp/arcane/security/advisories/GHSA-ff24-4prj-gpmj", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/getarcaneapp/arcane/security/advisories/GHSA-ff24-4prj-gpmj", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": []}], "published": "2026-04-10T21:16:27.747", "last_modified": "2026-04-13T21:16:30.657", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00018, "epss_percentile": 0.04533, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1090", "name": "Proxy", "tactic": "Command and Control"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.6, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40198", "description": "Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass.\n\n_pack_ipv6() does not check that uncompressed IPv6 addresses (without ::) have exactly 8 hex groups. Inputs like \"abcd\", \"1:2:3\", or \"1:2:3:4:5:6:7\" are accepted and produce packed values of wrong length (3, 7, or 15 bytes instead of 17).\n\nThe packed values are used internally for mask and comparison operations. find() and bin_find() use Perl string comparison (lt/gt) on these values, and comparing strings of different lengths gives wrong results. This can cause find() to incorrectly report an address as inside or outside a range.\n\nExample:\n\n  my $cidr = Net::CIDR::Lite->new(\"::/8\");\n  $cidr->find(\"1:2:3\");  # invalid input, incorrectly returns true\n\nThis is the same class of input validation issue as CVE-2021-47154 (IPv4 leading zeros) previously fixed in this module.\n\nSee also CVE-2026-40199, a related issue in the same function affecting IPv4 mapped IPv6 addresses.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-1286"], "affected_products": [], "references": [{"url": "https://github.com/stigtsp/Net-CIDR-Lite/commit/25d65f85dbe4885959a10471725ec9d250a589c3.patch", "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "tags": []}, {"url": "https://metacpan.org/release/STIGTSP/Net-CIDR-Lite-0.23/changes", "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "tags": []}, {"url": "https://www.cve.org/CVERecord?id=CVE-2026-40199", "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "tags": []}], "published": "2026-04-10T22:16:21.463", "last_modified": "2026-04-13T15:17:35.667", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0004, "epss_percentile": 0.12143, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-3690", "description": "OpenClaw Canvas Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of OpenClaw. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the implementation of the the authentication function for canvas endpoints. The issue results from improper implementation of authentication. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-29311.", "cvss_score": 7.4, "cvss_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-291"], "affected_products": [], "references": [{"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-vvjh-f6p9-5vcf", "source": "zdi-disclosures@trendmicro.com", "tags": []}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-26-228/", "source": "zdi-disclosures@trendmicro.com", "tags": []}], "published": "2026-04-11T01:16:15.990", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00135, "epss_percentile": 0.33179, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4156", "description": "ChargePoint Home Flex OCPP getpreq Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex EV chargers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of OCPP messages. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26339.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-121"], "affected_products": [], "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-26-196/", "source": "zdi-disclosures@trendmicro.com", "tags": []}], "published": "2026-04-11T01:16:17.360", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00072, "epss_percentile": 0.21958, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4157", "description": "ChargePoint Home Flex revssh Service Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex devices. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of OCPP messages. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26338.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-78"], "affected_products": [], "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-26-197/", "source": "zdi-disclosures@trendmicro.com", "tags": []}], "published": "2026-04-11T01:16:17.487", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00194, "epss_percentile": 0.4135, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4158", "description": "KeePassXC OpenSSL Configuration Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of KeePassXC. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the configuration of OpenSSL. The product loads configuration from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of KeePassXC when run by a target user on the system. Was ZDI-CAN-29156.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-427"], "affected_products": [], "references": [{"url": "https://github.com/keepassxreboot/keepassxc/security/advisories/GHSA-4gr2-cr97-q9fx", "source": "zdi-disclosures@trendmicro.com", "tags": []}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-26-215/", "source": "zdi-disclosures@trendmicro.com", "tags": []}], "published": "2026-04-11T01:16:17.620", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00014, "epss_percentile": 0.02584, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5217", "description": "The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.2.2. This is due to insufficient input sanitization and output escaping on the user-supplied 's' parameter (srcset descriptor) in the unauthenticated /wp-json/optimole/v1/optimizations REST endpoint. The endpoint validates requests using an HMAC signature and timestamp, but these values are exposed directly in the frontend HTML making them accessible to any visitor. The plugin uses sanitize_text_field() on the descriptor value of rest.php, which strips HTML tags but does not escape double quotes. The poisoned descriptor is then stored via transients (backed by the WordPress options table) and later retrieved and injected verbatim into the srcset attribute of tag_replacer.php without proper escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts into pages that will execute whenever a user accesses the injected page.", "cvss_score": 7.2, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://plugins.trac.wordpress.org/browser/optimole-wp/tags/4.2.1/inc/rest.php#L1008", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/optimole-wp/tags/4.2.1/inc/rest.php#L159", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/optimole-wp/tags/4.2.1/inc/tag_replacer.php#L526", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/optimole-wp/trunk/inc/rest.php#L1008", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/optimole-wp/trunk/inc/rest.php#L159", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/optimole-wp/trunk/inc/tag_replacer.php#L526", "source": "security@wordfence.com", "tags": []}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/50417068-339a-4ae5-9c90-8f08f54ce0af?source=cve", "source": "security@wordfence.com", "tags": []}], "published": "2026-04-11T02:16:02.953", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00078, "epss_percentile": 0.23115, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.6, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6105", "description": "A security vulnerability has been detected in perfree go-fastdfs-web up to 1.3.7. This affects an unknown part of the file src/main/java/com/perfree/controller/InstallController.java of the component doInstall Interface. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-266", "CWE-285"], "affected_products": [], "references": [{"url": "https://gitee.com/ying-xiujie/cve/issues/IGB6M9", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/781598", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356964", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356964/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-11T22:16:01.417", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00038, "epss_percentile": 0.11238, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6110", "description": "A vulnerability was identified in FoundationAgents MetaGPT up to 0.8.1. This affects the function generate_thoughts of the file metagpt/strategy/tot.py of the component Tree-of-Thought Solver. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-74", "CWE-94"], "affected_products": [], "references": [{"url": "https://github.com/FoundationAgents/MetaGPT/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/FoundationAgents/MetaGPT/issues/1933", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/FoundationAgents/MetaGPT/pull/1946", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/791761", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356970", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356970/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-12T03:16:08.630", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00052, "epss_percentile": 0.16159, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6126", "description": "A weakness has been identified in zhayujie chatgpt-on-wechat CowAgent 2.0.4. The affected element is an unknown function of the component Administrative HTTP Endpoint. This manipulation causes missing authentication. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-287", "CWE-306"], "affected_products": [], "references": [{"url": "https://github.com/zhayujie/chatgpt-on-wechat/issues/2733", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/zhayujie/chatgpt-on-wechat/issues/2733#issue-4177804035", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/793554", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/795335", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356990", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356990/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-12T11:16:16.407", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00073, "epss_percentile": 0.22136, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1078", "name": "Valid Accounts", "tactic": "Initial Access"}, {"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2019-25706", "description": "Across DR-810 contains an unauthenticated file disclosure vulnerability that allows remote attackers to download the rom-0 backup file containing sensitive information by sending a simple GET request. Attackers can access the rom-0 endpoint without authentication to retrieve and decompress the backup file, exposing router passwords and other sensitive configuration data.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-538"], "affected_products": [], "references": [{"url": "http://www.ac.i8i.ir/", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.exploit-db.com/exploits/46132", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/across-dr-810-rom-0-unauthenticated-file-disclosure", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-12T13:16:33.470", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00121, "epss_percentile": 0.31177, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6129", "description": "A vulnerability was detected in zhayujie chatgpt-on-wechat CowAgent up to 2.0.4. This affects an unknown function of the component Agent Mode Service. Performing a manipulation results in missing authentication. The attack can be initiated remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-287", "CWE-306"], "affected_products": [], "references": [{"url": "https://github.com/zhayujie/chatgpt-on-wechat/issues/2741", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/zhayujie/chatgpt-on-wechat/issues/2741#issue-4191903266", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/795272", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356992", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356992/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-12T20:16:19.227", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00088, "epss_percentile": 0.25042, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1078", "name": "Valid Accounts", "tactic": "Initial Access"}, {"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6130", "description": "A flaw has been found in chatboxai chatbox up to 1.20.0. This impacts the function StdioClientTransport of the file src/main/mcp/ipc-stdio-transport.ts of the component Model Context Protocol Server Management System. Executing a manipulation of the argument args/env can lead to os command injection. The attack can be launched remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-77", "CWE-78"], "affected_products": [], "references": [{"url": "https://github.com/chatboxai/chatbox/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/chatboxai/chatbox/issues/3627", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/chatboxai/chatbox/issues/3627#issue-4193060116", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/795355", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356993", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356993/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-12T22:16:09.360", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00837, "epss_percentile": 0.74667, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.2, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6142", "description": "A vulnerability was identified in tushar-2223 Hotel Management System up to bb1f3b3666124b888f1e4bcf51b6fba9fbb01d15. Affected by this vulnerability is an unknown functionality of the file /admin/roomdelete.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The project was informed of the problem early through an issue report but has not responded yet.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-74", "CWE-89"], "affected_products": [], "references": [{"url": "https://gist.github.com/freeloader9527/a9ab20c922c6aa2b3eabf93e01a40f6b", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/tushar-2223/Hotel-Management-System/issues/15", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/795751", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357006", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357006/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-13T01:16:36.100", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0003, "epss_percentile": 0.08446, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6148", "description": "A vulnerability was detected in code-projects Vehicle Showroom Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /util/MonthTotalReportUpdateFunction.php. Performing a manipulation of the argument BRANCH_ID results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-74", "CWE-89"], "affected_products": [], "references": [{"url": "https://code-projects.org/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/mrpgi/cve/issues/2", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/796280", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357028", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357028/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-13T02:16:05.483", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0003, "epss_percentile": 0.08446, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6149", "description": "A flaw has been found in code-projects Vehicle Showroom Management System 1.0. Affected by this issue is some unknown functionality of the file /util/BookVehicleFunction.php. Executing a manipulation of the argument BRANCH_ID can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-74", "CWE-89"], "affected_products": [], "references": [{"url": "https://code-projects.org/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/mrpgi/cve/issues/4", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/796282", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357029", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357029/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-13T02:16:05.697", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0003, "epss_percentile": 0.08446, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6151", "description": "A vulnerability was found in code-projects Vehicle Showroom Management System 1.0. This vulnerability affects unknown code of the file /util/PaymentStatusFunction.php. The manipulation of the argument CUSTOMER_ID results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-74", "CWE-89"], "affected_products": [], "references": [{"url": "https://code-projects.org/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/zheng-lv/CVE-/issues/2", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/796311", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357031", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357031/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-13T03:16:02.893", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0003, "epss_percentile": 0.08446, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6152", "description": "A vulnerability was determined in code-projects Vehicle Showroom Management System 1.0. This issue affects some unknown processing of the file /util/StaffAddingFunction.php. This manipulation of the argument STAFF_ID causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-74", "CWE-89"], "affected_products": [], "references": [{"url": "https://code-projects.org/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/zheng-lv/CVE-/issues/3", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/796312", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357032", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357032/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-13T03:16:03.097", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0003, "epss_percentile": 0.08446, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34856", "description": "UAF vulnerability in the communication module.\nImpact: Successful exploitation of this vulnerability may affect availability.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-362"], "affected_products": [], "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2026/4/", "source": "psirt@huawei.com", "tags": []}, {"url": "https://consumer.huawei.com/en/support/bulletinwearables/2026/4/", "source": "psirt@huawei.com", "tags": []}], "published": "2026-04-13T04:16:12.437", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 6e-05, "epss_percentile": 0.00276, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6153", "description": "A vulnerability was identified in code-projects Vehicle Showroom Management System 1.0. Impacted is an unknown function of the file /util/StaffDetailsFunction.php. Such manipulation of the argument STAFF_ID leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-74", "CWE-89"], "affected_products": [], "references": [{"url": "https://code-projects.org/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/zheng-lv/CVE-/issues/4", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/796315", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357033", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357033/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-13T04:16:13.403", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0003, "epss_percentile": 0.08446, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-25205", "description": "Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows out-of-bounds write.This issue affects Escargot:commit hash \n97e8115ab1110bc502b4b5e4a0c689a71520d335\n\n.", "cvss_score": 7.4, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-122"], "affected_products": [], "references": [{"url": "https://github.com/Samsung/escargot/pull/1554", "source": "PSIRT@samsung.com", "tags": []}], "published": "2026-04-13T05:16:02.407", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00013, "epss_percentile": 0.02102, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-25207", "description": "Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335.", "cvss_score": 7.4, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-787"], "affected_products": [], "references": [{"url": "https://github.com/Samsung/escargot/pull/1554", "source": "PSIRT@samsung.com", "tags": []}], "published": "2026-04-13T05:16:02.670", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00013, "epss_percentile": 0.02102, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6158", "description": "A flaw has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the function setUpgradeUboot of the file upgrade.so. This manipulation of the argument FileName causes os command injection. The attack is possible to be carried out remotely. The exploit has been published and may be used.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-77", "CWE-78"], "affected_products": [], "references": [{"url": "https://github.com/xyh4ck/iot_poc/tree/main/TOTOLINK/N300RHv4/02_setUpgradeUboot_RCE", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/796426", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357038", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357038/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.totolink.net/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-13T05:16:05.003", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.02365, "epss_percentile": 0.84948, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.6, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6161", "description": "A vulnerability was determined in code-projects Simple ChatBox up to 1.0. This affects an unknown part of the file /chatbox/insert.php of the component Endpoint. Executing a manipulation of the argument msg can lead to sql injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-74", "CWE-89"], "affected_products": [], "references": [{"url": "https://code-projects.org/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/ahmadmarz10-hub/CVEsMarz/blob/main/SQL%20Injection%20in%20Simple%20Chatbox%20PHP%20msg%20Parameter.md", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/796697", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357041", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357041/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-13T05:16:05.630", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0003, "epss_percentile": 0.08446, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6163", "description": "A vulnerability was identified in code-projects Lost and Found Thing Management 1.0. Affected by this issue is some unknown functionality of the file /catageory.php. Such manipulation of the argument cat leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-74", "CWE-89"], "affected_products": [], "references": [{"url": "https://code-projects.org/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/lanPwa/CVE/issues/2", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/797088", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357051", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357051/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-13T06:16:06.927", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0003, "epss_percentile": 0.08446, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6164", "description": "A security flaw has been discovered in code-projects Lost and Found Thing Management 1.0. This affects an unknown part of the file /addcat.php. Performing a manipulation of the argument cata results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-74", "CWE-89"], "affected_products": [], "references": [{"url": "https://code-projects.org/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/lanPwa/CVE/issues/1", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/797089", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357052", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357052/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-13T06:16:07.160", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0003, "epss_percentile": 0.08446, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6165", "description": "A weakness has been identified in code-projects Vehicle Showroom Management System 1.0. This vulnerability affects unknown code of the file /util/Login_check.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-74", "CWE-89"], "affected_products": [], "references": [{"url": "https://code-projects.org/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/realnotjoking/cve/issues/2", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/797090", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357053", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357053/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-13T06:16:07.373", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0003, "epss_percentile": 0.08446, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6166", "description": "A security vulnerability has been detected in code-projects Vehicle Showroom Management System 1.0. This issue affects some unknown processing of the file /util/UpdateVehicleFunction.php. The manipulation of the argument VEHICLE_ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-74", "CWE-89"], "affected_products": [], "references": [{"url": "https://code-projects.org/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/wfcht-sy/src/issues/2", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/797097", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357054", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357054/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-13T07:16:50.860", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0003, "epss_percentile": 0.08446, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6167", "description": "A vulnerability was detected in code-projects Faculty Management System 1.0. Impacted is an unknown function of the file /subject-print.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit is now public and may be used.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-74", "CWE-89"], "affected_products": [], "references": [{"url": "https://code-projects.org/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/wfcht-sy/src/issues/1", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/797098", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357055", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357055/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-13T07:16:51.077", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0003, "epss_percentile": 0.08446, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-30997", "description": "An out-of-bounds read in the read_global_param() function (libavcodec/av1dec.c) of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-125"], "affected_products": [], "references": [{"url": "https://excellent-oatmeal-319.notion.site/CVE-2026-30997-Out-of-Bounds-Access-a7929817b9794568b2f7774397c7d65f", "source": "cve@mitre.org", "tags": []}, {"url": "https://github.com/FFmpeg/FFmpeg", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-13T15:17:32.570", "last_modified": "2026-04-13T20:16:32.827", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0004, "epss_percentile": 0.1194, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-30998", "description": "An improper resource deallocation and closure vulnerability in the tools/zmqsend.c component of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted input file.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-400"], "affected_products": [], "references": [{"url": "https://excellent-oatmeal-319.notion.site/CVE-2026-30998-Resource-Leak-3265a71f9cca4dc58df4632ce8b60a50", "source": "cve@mitre.org", "tags": []}, {"url": "https://ffmpeg.org/doxygen/7.0/zmqsend_8c_source.html", "source": "cve@mitre.org", "tags": []}, {"url": "https://github.com/FFmpeg/FFmpeg/blob/master/tools/zmqsend.c", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-13T15:17:32.697", "last_modified": "2026-04-13T20:16:33.003", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00038, "epss_percentile": 0.1113, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-30999", "description": "A heap buffer overflow in the av_bprint_finalize() function of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-122"], "affected_products": [], "references": [{"url": "https://excellent-oatmeal-319.notion.site/CVE-2026-30999-Memory-Leak-e0d88ac53e2e42c1b5ef9aa3497e27b6", "source": "cve@mitre.org", "tags": []}, {"url": "https://ffmpeg.org/doxygen/7.0/zmqsend_8c_source.html", "source": "cve@mitre.org", "tags": []}, {"url": "https://github.com/FFmpeg/FFmpeg/blob/master/tools/zmqsend.c", "source": "cve@mitre.org", "tags": []}, {"url": "https://www.ffmpeg.org/download.html", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-13T15:17:32.827", "last_modified": "2026-04-13T20:16:33.180", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00041, "epss_percentile": 0.12417, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6182", "description": "A vulnerability was identified in code-projects Simple Content Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /web/admin/login.php. Such manipulation of the argument User leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-74", "CWE-89"], "affected_products": [], "references": [{"url": "https://code-projects.org/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/Xmyronn/simple-cms-sqli-login-bypass-CVE-HUNT-", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/797263", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357105", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357105/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-13T15:17:49.487", "last_modified": "2026-04-13T15:17:49.487", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0003, "epss_percentile": 0.08446, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6183", "description": "A security flaw has been discovered in code-projects Simple Content Management System 1.0. Affected by this issue is some unknown functionality of the file /web/index.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-74", "CWE-89"], "affected_products": [], "references": [{"url": "https://code-projects.org/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/Xmyronn/simple-cms-sqli-id-parameter", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/797264", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357106", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357106/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-13T15:17:49.697", "last_modified": "2026-04-13T15:17:49.697", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0003, "epss_percentile": 0.08446, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-66769", "description": "A NULL pointer dereference in Nitro PDF Pro for Windows v14.41.1.4 allows attackers to cause a Denial of Service (DoS) via a crafted XFA packet.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-476"], "affected_products": [], "references": [{"url": "https://jeroscope.com/advisories/2025/jero-2025-015/", "source": "cve@mitre.org", "tags": []}, {"url": "https://www.gonitro.com/", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-13T16:16:24.620", "last_modified": "2026-04-13T20:16:26.247", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00013, "epss_percentile": 0.02032, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-69624", "description": "Nitro PDF Pro for Windows 14.41.1.4 contains a NULL pointer dereference vulnerability in the JavaScript implementation of app.alert(). When app.alert() is called with more than one argument and the first argument evaluates to null (for example, app.alert(app.activeDocs, true) when app.activeDocs is null), the engine routes the call through a fallback path intended for non-string arguments. In this path, js_ValueToString() is invoked on the null value and returns an invalid string pointer, which is then passed to JS_GetStringChars() without validation. Dereferencing this pointer leads to an access violation and application crash when opening a crafted PDF.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-476"], "affected_products": [], "references": [{"url": "http://nitro.com", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-13T16:16:24.740", "last_modified": "2026-04-13T20:16:26.437", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00013, "epss_percentile": 0.02056, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6187", "description": "A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. This issue affects some unknown processing of the file /ajax.php?action=chk_prod_availability. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit is now public and may be used.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-74", "CWE-89"], "affected_products": [], "references": [{"url": "https://github.com/lingzezzz/lingze/issues/3", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/797375", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357109", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357109/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.sourcecodester.com/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-13T16:16:36.017", "last_modified": "2026-04-13T16:16:36.017", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0003, "epss_percentile": 0.08446, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6188", "description": "A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Impacted is an unknown function of the file /ajax.php?action=delete_sales. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-74", "CWE-89"], "affected_products": [], "references": [{"url": "https://github.com/lingzezzz/lingze/issues/2", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/797376", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357110", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357110/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.sourcecodester.com/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-13T16:16:36.380", "last_modified": "2026-04-13T16:16:36.380", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0003, "epss_percentile": 0.08446, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-36948", "description": "Sourcecodester Online Thesis Archiving System v1.0 is vulnerale to SQL injection in the file /otas/view_archive.php.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-89"], "affected_products": [], "references": [{"url": "https://github.com/huliangjia/bug_report/blob/main/Sourcecodester/online-thesis-archiving-system/SQL-1.md", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-13T17:16:28.993", "last_modified": "2026-04-14T14:16:14.053", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00014, "epss_percentile": 0.02372, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6189", "description": "A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=login. Such manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-74", "CWE-89"], "affected_products": [], "references": [{"url": "https://github.com/lingzezzz/lingze/issues/1", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/797377", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357111", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357111/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.sourcecodester.com/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-13T17:16:31.693", "last_modified": "2026-04-13T17:16:31.693", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0003, "epss_percentile": 0.08446, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6193", "description": "A security flaw has been discovered in PHPGurukul Daily Expense Tracking System 1.1. Affected is an unknown function of the file /register.php. The manipulation of the argument email results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-74", "CWE-89"], "affected_products": [], "references": [{"url": "https://github.com/f1rstb100d/CVE/issues/47", "source": "cna@vuldb.com", "tags": []}, {"url": "https://phpgurukul.com/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/797433", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357115", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357115/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-13T17:16:32.557", "last_modified": "2026-04-13T17:16:32.557", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0003, "epss_percentile": 0.08446, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40038", "description": "Pachno 1.0.6 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads into POST parameters. Attackers can inject scripts through the value, comment_body, article_content, description, and message parameters across multiple controllers, which are stored in the database and executed in users' browser sessions due to improper sanitization via Request::getRawParameter() or Request::getParameter() calls.", "cvss_score": 7.2, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://www.vulncheck.com/advisories/pachno-stored-cross-site-scripting-via-multiple-parameters", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5980.php", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-13T19:16:51.263", "last_modified": "2026-04-13T19:16:51.263", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00029, "epss_percentile": 0.08061, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.6, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32605", "description": "nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an untrusted peer could crash a validator by publishing a signed tendermint proposal message where signer == validators.num_validators(). ProposalSender::send uses > instead of >= for the signer bounds check, so the equality case passes and reaches validators.get_validator_by_slot_band(signer), which panics with an out-of-bounds index before any signature verification runs. This issue has been fixed in version 1.3.0.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-125", "CWE-193"], "affected_products": [], "references": [{"url": "https://github.com/nimiq/core-rs-albatross/commit/9199364b60c7acae4219800d194bbe07d2997b8c", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/nimiq/core-rs-albatross/pull/3661", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/nimiq/core-rs-albatross/releases/tag/v1.3.0", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-g99c-h7j7-rfhv", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-13T20:16:33.787", "last_modified": "2026-04-13T20:16:33.787", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00042, "epss_percentile": 0.12475, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33901", "description": "ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a heap buffer overflow occurs in the MVG decoder that could result in an out of bounds write when processing a crafted image. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-122", "CWE-787"], "affected_products": [], "references": [{"url": "https://github.com/ImageMagick/ImageMagick/commit/4c72003e9e54a4ebaa938d239e75f5d285527ebe", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-x9h5-r9v2-vcww", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-13T21:16:25.497", "last_modified": "2026-04-13T21:16:25.497", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00038, "epss_percentile": 0.11187, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-22566", "description": "An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play network to obtain UniFi Play WiFi credentials.
 \n\nAffected Products:\nUniFi Play PowerAmp (Version 1.0.35 and earlier)
\nUniFi Play Audio Port  (Version 1.0.24 and earlier)
 \n\nMitigation:\nUpdate UniFi Play PowerAmp to Version 1.0.38 or later
\nUpdate UniFi Play Audio Port  to Version 1.1.9 or later", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-284"], "affected_products": [], "references": [{"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-063/e468dd4b-5090-4ef8-89d8-939903c08e83", "source": "support@hackerone.com", "tags": []}], "published": "2026-04-13T22:16:28.437", "last_modified": "2026-04-13T22:16:28.437", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00011, "epss_percentile": 0.01402, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33908", "description": "ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, Magick frees the memory of the XML tree via the `DestroyXMLTree()` function; however, this process is executed recursively with no depth limit imposed. When Magick processes an XML file with deeply nested structures, it will exhaust the stack memory, resulting in a Denial of Service (DoS) attack. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-674"], "affected_products": [], "references": [{"url": "https://github.com/ImageMagick/ImageMagick/commit/ccdc01180276aa2cb3d4a32a611aa4f417061cd8", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fwvm-ggf6-2p4x", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-13T22:16:28.997", "last_modified": "2026-04-13T22:16:28.997", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00041, "epss_percentile": 0.12417, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6224", "description": "A security flaw has been discovered in nocobase plugin-workflow-javascript up to 2.0.23. This issue affects the function createSafeConsole of the file packages/plugins/@nocobase/plugin-workflow-javascript/src/server/Vm.js. Performing a manipulation results in sandbox issue. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-264", "CWE-265"], "affected_products": [], "references": [{"url": "https://github.com/Pai-777/ai-cve/blob/main/docs/cve-drafts/nocobase-workflow-javascript-sandbox-escape.en.md", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/785881", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357142", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357142/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-13T22:16:30.757", "last_modified": "2026-04-13T22:16:30.757", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00039, "epss_percentile": 0.11624, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40164", "description": "jq is a command-line JSON processor. Before commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784, jq used MurmurHash3 with a hardcoded, publicly visible seed (0x432A9843) for all JSON object hash table operations, which allowed an attacker to precompute key collisions offline. By supplying a crafted JSON object (~100 KB) where all keys hashed to the same bucket, hash table lookups degraded from O(1) to O(n), turning any jq expression into an O(n²) operation and causing significant CPU exhaustion. This affected common jq use cases such as CI/CD pipelines, web services, and data processing scripts, and was far more practical to exploit than existing heap overflow issues since it required only a small payload. This issue has been patched in commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-328", "CWE-407"], "affected_products": [], "references": [{"url": "https://github.com/jqlang/jq/commit/0c7d133c3c7e37c00b6d46b658a02244fdd3c784", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/jqlang/jq/security/advisories/GHSA-wwj8-gxm6-jc29", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-14T00:16:07.360", "last_modified": "2026-04-14T00:16:07.360", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00036, "epss_percentile": 0.10632, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4352", "description": "The JetEngine plugin for WordPress is vulnerable to SQL Injection via the Custom Content Type (CCT) REST API search endpoint in all versions up to, and including, 3.8.6.1. This is due to the `_cct_search` parameter being interpolated directly into a SQL query string via `sprintf()` without sanitization or use of `$wpdb->prepare()`. WordPress REST API's `wp_unslash()` call on `$_GET` strips the `wp_magic_quotes()` protection, allowing single-quote-based injection. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. The Custom Content Types module must be enabled with at least one CCT configured with a public REST GET endpoint for exploitation.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-89"], "affected_products": [], "references": [{"url": "https://crocoblock.com/plugins/jetengine/", "source": "security@wordfence.com", "tags": []}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/29a5701f-92f7-4a02-a990-b189a381cff5?source=cve", "source": "security@wordfence.com", "tags": []}], "published": "2026-04-14T02:16:05.613", "last_modified": "2026-04-14T02:16:05.613", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00064, "epss_percentile": 0.1989, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4388", "description": "The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Matrix field (Text Box input type) in form submissions in all versions up to, and including, 1.15.40. This is due to insufficient input sanitization (`sanitize_text_field` strips tags but not quotes) and missing output escaping when rendering submission data in the admin Submissions view. This makes it possible for unauthenticated attackers to inject arbitrary JavaScript through a form submission that executes in the browser of an administrator who views the submission details.", "cvss_score": 7.2, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://plugins.trac.wordpress.org/browser/form-maker/tags/1.15.37/admin/views/FormMakerSubmits.php#L166", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/form-maker/tags/1.15.37/admin/views/FormMakerSubmits.php#L169", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/form-maker/tags/1.15.37/frontend/models/form_maker.php#L2352", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3501693%40form-maker%2Ftrunk&old=3492680%40form-maker%2Ftrunk&sfp_email=&sfph_mail=", "source": "security@wordfence.com", "tags": []}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/197449f5-9304-49df-9261-a354145fc00e?source=cve", "source": "security@wordfence.com", "tags": []}], "published": "2026-04-14T03:16:08.720", "last_modified": "2026-04-14T03:16:08.720", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0007, "epss_percentile": 0.21347, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.6, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6227", "description": "The BackWPup plugin for WordPress is vulnerable to Local File Inclusion via the `block_name` parameter of the `/wp-json/backwpup/v1/getblock` REST endpoint in all versions up to, and including, 5.6.6 due to a non-recursive `str_replace()` sanitization of path traversal sequences. This makes it possible for authenticated attackers, with Administrator-level access and above, to include arbitrary PHP files on the server via crafted traversal sequences (e.g., `....//`), which can be leveraged to read sensitive files such as `wp-config.php` or achieve remote code execution in certain configurations. Administrators have the ability to grant individual users permission to handle backups, which may then allow lower-level users to exploit this vulnerability.", "cvss_score": 7.2, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-22"], "affected_products": [], "references": [{"url": "https://plugins.trac.wordpress.org/browser/backwpup/tags/5.6.5/inc/Utils/BackWPupHelpers.php#L23", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/backwpup/tags/5.6.5/inc/Utils/BackWPupHelpers.php#L40", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/backwpup/tags/5.6.5/src/Frontend/API/Rest.php#L52", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/backwpup/trunk/inc/Utils/BackWPupHelpers.php#L23", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3490642%40backwpup%2Ftrunk&old=3475739%40backwpup%2Ftrunk&sfp_email=&sfph_mail=#file26", "source": "security@wordfence.com", "tags": []}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/084e3f78-275b-4692-9cce-e17074f55cfb?source=cve", "source": "security@wordfence.com", "tags": []}], "published": "2026-04-14T03:16:08.887", "last_modified": "2026-04-14T03:16:08.887", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00312, "epss_percentile": 0.54398, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1083", "name": "File and Directory Discovery", "tactic": "Discovery"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.6, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-3017", "description": "The Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.12 via deserialization of untrusted input in the import_shortcodes() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present.", "cvss_score": 7.2, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-502"], "affected_products": [], "references": [{"url": "https://plugins.trac.wordpress.org/changeset/3490703/post-carousel", "source": "security@wordfence.com", "tags": []}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/45690747-0b8d-4e2e-8dd0-07c12791c064?source=cve", "source": "security@wordfence.com", "tags": []}], "published": "2026-04-14T06:16:05.040", "last_modified": "2026-04-14T06:16:05.040", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00039, "epss_percentile": 0.1158, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.6, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-24032", "description": "A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3 with UMC). The affected application contains an authentication weakness due to insufficient validation of user identity in the UMC component.\r\nThis could allow an unauthenticated remote attacker to bypass authentication and gain unauthorized access to the application. (ZDI-CAN-27564)", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-347"], "affected_products": [], "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-801704.html", "source": "productcert@siemens.com", "tags": []}], "published": "2026-04-14T09:16:34.900", "last_modified": "2026-04-14T09:16:34.900", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0005, "epss_percentile": 0.15482, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-31923", "description": "Cleartext Transmission of Sensitive Information vulnerability in Apache APISIX.\n\nThis can occur due to `ssl_verify` in openid-connect plugin configuration being set to false by default.\nThis issue affects Apache APISIX: from 0.7 through 3.15.0.\n\nUsers are recommended to upgrade to version 3.16.0, which fixes the issue.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-319"], "affected_products": [], "references": [{"url": "https://lists.apache.org/thread/0pjs72l7qj83j3srw1l1toyj24bsgkds", "source": "security@apache.org", "tags": []}, {"url": "http://www.openwall.com/lists/oss-security/2026/04/14/1", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2026-04-14T09:16:35.817", "last_modified": "2026-04-14T19:16:34.560", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00013, "epss_percentile": 0.02003, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2332", "description": "In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the \"funky chunks\" techniques outlined here:\n  *  https://w4ke.info/2025/06/18/funky-chunks.html\n\n  *  https://w4ke.info/2025/10/29/funky-chunks-2.html\n\n\nJetty terminates chunk extension parsing at \\r\\n inside quoted strings instead of treating this as an error.\n\n\nPOST / HTTP/1.1\nHost: localhost\nTransfer-Encoding: chunked\n\n1;ext=\"val\nX\n0\n\nGET /smuggled HTTP/1.1\n...\n\n\n\n\n\nNote how the chunk extension does not close the double quotes, and it is able to inject a smuggled request.", "cvss_score": 7.4, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-444"], "affected_products": [], "references": [{"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-355h-qmc2-wpwf", "source": "emo@eclipse.org", "tags": []}, {"url": "https://gitlab.eclipse.org/security/cve-assignment/-/issues/89", "source": "emo@eclipse.org", "tags": []}], "published": "2026-04-14T12:16:21.333", "last_modified": "2026-04-14T12:16:21.333", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00031, "epss_percentile": 0.08705, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-61848", "description": "An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4.0 through 7.4.8, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager Cloud 7.6.0 through 7.6.4, FortiManager Cloud 7.4.0 through 7.4.8, FortiManager Cloud 7.2 all versions, FortiManager Cloud 7.0 all versions may allow a privileged authenticated attacker to execute unauthorized code or commands via JSON RPC API", "cvss_score": 7.2, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-89"], "affected_products": [], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-111", "source": "psirt@fortinet.com", "tags": []}], "published": "2026-04-14T16:16:31.610", "last_modified": "2026-04-14T16:16:31.610", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.6, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-23708", "description": "A improper authentication vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5.0 through 7.5.2 may allow an unauthenticated attacker to bypass authentication via replaying captured 2FA request. The attack requires being able to intercept and decrypt authentication traffic and precise timing to replay the request before token expiration, which raises the attack complexity.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-287"], "affected_products": [], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-101", "source": "psirt@fortinet.com", "tags": []}], "published": "2026-04-14T16:16:37.277", "last_modified": "2026-04-14T16:16:37.277", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1078", "name": "Valid Accounts", "tactic": "Initial Access"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-23666", "description": "Concurrent execution using shared resource with improper synchronization ('race condition') in .NET Framework allows an unauthorized attacker to deny service over a network.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-755"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23666", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:16:44.507", "last_modified": "2026-04-14T18:16:44.507", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-26154", "description": "Improper input validation in Windows Server Update Service allows an unauthorized attacker to perform tampering over a network.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-20"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26154", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:16:46.950", "last_modified": "2026-04-14T18:16:46.950", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-26171", "description": "Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-400", "CWE-611"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26171", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:16:51.577", "last_modified": "2026-04-14T18:16:51.577", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32071", "description": "Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-476"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32071", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:07.533", "last_modified": "2026-04-14T18:17:07.533", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32149", "description": "Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally.", "cvss_score": 7.3, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-20", "CWE-122", "CWE-191"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32149", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:14.733", "last_modified": "2026-04-14T18:17:14.733", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 21.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32156", "description": "Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to execute code locally.", "cvss_score": 7.4, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-416"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32156", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:16.700", "last_modified": "2026-04-14T18:17:16.700", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32178", "description": "Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-138"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32178", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:20.260", "last_modified": "2026-04-14T18:17:20.260", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32203", "description": "Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-20", "CWE-121"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32203", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:27.700", "last_modified": "2026-04-14T18:17:27.700", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33096", "description": "Out-of-bounds read in Windows HTTP.sys allows an unauthorized attacker to deny service over a network.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-125"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33096", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:31.593", "last_modified": "2026-04-14T18:17:31.593", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33116", "description": "Loop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network.", "cvss_score": 7.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-20", "CWE-400", "CWE-835"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33116", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:33.903", "last_modified": "2026-04-14T18:17:33.903", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 22, "ats_level": "LOW", "ats_breakdown": {"severity": 22.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-1018", "description": "The fullscreen notification is prematurely hidden when fullscreen is re-requested quickly by the user. This could have been leveraged to perform a potential spoofing attack. This vulnerability was fixed in Firefox 135 and Thunderbird 135.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-1021", "CWE-1021"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1910818", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-07/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-11/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-02-04T14:15:32.727", "last_modified": "2026-04-13T15:16:50.840", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0018, "epss_percentile": 0.39569, "social_posts": 0, "social_repos": 0, "has_poc": true, "poc_urls": [{"url": "https://github.com/yuuouu/ColorOS-CVE-2025-10184", "name": "yuuouu/ColorOS-CVE-2025-10184", "stars": 386, "description": "ColorOS短信漏洞，以及用户自救方案"}, {"url": "https://github.com/People-11/CVE-2025-10184_PoC", "name": "People-11/CVE-2025-10184_PoC", "stars": 52, "description": null}, {"url": "https://github.com/Webpage-gh/CVE-2025-10184-PoC", "name": "Webpage-gh/CVE-2025-10184-PoC", "stars": 1, "description": "OxygenOS Telephony provider permission bypass"}], "nuclei_template": null, "mitre_techniques": [], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 5, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-1940", "description": "A select option could partially obscure the confirmation prompt shown before launching external apps. This could be used to trick a user in to launching an external app unexpectedly. \n*This issue only affects Android versions of Firefox.*. This vulnerability was fixed in Firefox 136.", "cvss_score": 7.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-1021"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1908488", "source": "security@mozilla.org", "tags": ["Issue Tracking"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-14/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-03-04T14:15:38.950", "last_modified": "2026-04-13T15:16:53.607", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00276, "epss_percentile": 0.51027, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.3, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-26696", "description": "Certain crafted MIME email messages that claimed to contain an encrypted OpenPGP message, which instead contained an OpenPGP signed message, were wrongly shown as being encrypted. This vulnerability was fixed in Thunderbird 136 and Thunderbird 128.8.", "cvss_score": 7.0, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-290"], "affected_products": [{"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1864205", "source": "security@mozilla.org", "tags": ["Issue Tracking"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-17/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-18/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-03-10T19:15:40.670", "last_modified": "2026-04-13T15:16:54.973", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00182, "epss_percentile": 0.39956, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-4085", "description": "An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges. This vulnerability was fixed in Firefox 138 and Thunderbird 138.", "cvss_score": 7.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-269"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1915280", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-28/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-31/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-04-29T14:15:35.187", "last_modified": "2026-04-13T15:16:59.873", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00188, "epss_percentile": 0.40651, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-10527", "description": "Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.", "cvss_score": 7.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-416"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1984825", "source": "security@mozilla.org", "tags": ["Broken Link"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-73/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-75/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-77/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-78/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00020.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00026.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-09-16T13:15:44.457", "last_modified": "2026-04-13T15:16:35.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00059, "epss_percentile": 0.18384, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-68144", "description": "In mcp-server-git versions prior to 2025.12.17, the git_diff and git_checkout functions passed user-controlled arguments directly to git CLI commands without sanitization. Flag-like values (e.g., `--output=/path/to/file` for `git_diff`) would be interpreted as command-line options rather than git refs, enabling arbitrary file overwrites. The fix adds validation that rejects arguments starting with - and verifies the argument resolves to a valid git ref via rev_parse before execution. Users are advised to update to 2025.12.17 resolve this issue when it is released.", "cvss_score": 7.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-88"], "affected_products": [{"vendor": "lfprojects", "product": "model_context_protocol_servers", "cpe": "cpe:2.3:a:lfprojects:model_context_protocol_servers:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/modelcontextprotocol/servers/security/advisories/GHSA-9xwc-hfwc-8w59", "source": "security-advisories@github.com", "tags": ["Vendor Advisory"]}], "published": "2025-12-17T23:16:04.703", "last_modified": "2026-04-14T15:23:26.290", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00118, "epss_percentile": 0.30655, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-10279", "description": "In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions (0o777). This vulnerability allows an attacker with write access to the `/tmp` directory to exploit a race condition and overwrite `.py` files in the virtual environment, leading to arbitrary code execution. The issue is resolved in version 3.4.0.", "cvss_score": 7.0, "cvss_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-379"], "affected_products": [{"vendor": "lfprojects", "product": "mlflow", "cpe": "cpe:2.3:a:lfprojects:mlflow:*:-:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/mlflow/mlflow/commit/1d7c8d4cf0a67d407499a8a4ffac387ea4f8194a", "source": "security@huntr.dev", "tags": ["Patch"]}, {"url": "https://huntr.com/bounties/01d3b81e-13d1-43aa-b91a-443aec68bdc8", "source": "security@huntr.dev", "tags": ["Third Party Advisory", "Exploit"]}], "published": "2026-02-02T11:16:16.867", "last_modified": "2026-04-14T14:57:42.480", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 7e-05, "epss_percentile": 0.00585, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-0924", "description": "BuhoCleaner contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root via insecure functions.This issue affects BuhoCleaner: 1.15.2.", "cvss_score": 7.0, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-362", "CWE-367"], "affected_products": [{"vendor": "drbuho", "product": "buhocleaner", "cpe": "cpe:2.3:a:drbuho:buhocleaner:1.15.2:*:*:*:*:macos:*:*"}], "references": [{"url": "https://fluidattacks.com/advisories/solstafir", "source": "help@fluidattacks.com", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://www.drbuho.com/buhocleaner", "source": "help@fluidattacks.com", "tags": ["Product"]}, {"url": "https://www.drbuho.com/buhocleaner/download", "source": "help@fluidattacks.com", "tags": ["Product"]}], "published": "2026-02-02T23:16:03.683", "last_modified": "2026-04-14T14:53:04.627", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 5e-05, "epss_percentile": 0.00248, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2516", "description": "A vulnerability was identified in Unidocs ezPDF DRM Reader and ezPDF Reader 2.0/3.0.0.4. This affects an unknown part in the library SHFOLDER.dll. Such manipulation leads to uncontrolled search path. The attack needs to be performed locally. Attacks of this nature are highly complex. It is indicated that the exploitability is difficult. The exploit is publicly available and might be used. Upgrading the affected component is recommended. The vendor explains: \"[W]e have already addressed similar DLL search path vulnerability patterns through prior security updates. (...) Users are advised to use the latest version provided by the vendor.\"", "cvss_score": 7.0, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-426", "CWE-427"], "affected_products": [], "references": [{"url": "http://www.unidocs.com/programs/ezPDF_DRM_Reader/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://gofile.me/7bU54/ZG47Lh7Yx", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/736172", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/346107", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/346107/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-02-15T13:16:16.423", "last_modified": "2026-04-13T07:16:45.913", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00014, "epss_percentile": 0.02399, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35167", "description": "Kedro is a toolbox for production-ready data science. Prior to 1.3.0, the _get_versioned_path() method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences such as ../ are preserved and can escape the intended versioned dataset directory.\nThis is reachable through multiple entry points: catalog.load(..., version=...), DataCatalog.from_config(..., load_versions=...), and the CLI via kedro run --load-versions=dataset:../../../secrets. An attacker who can influence the version string can force Kedro to load files from outside the intended version directory, enabling unauthorized file reads, data poisoning, or cross-tenant data access in shared environments. This vulnerability is fixed in 1.3.0.", "cvss_score": 7.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-22"], "affected_products": [{"vendor": "linuxfoundation", "product": "kedro", "cpe": "cpe:2.3:a:linuxfoundation:kedro:*:*:*:*:*:python:*:*"}], "references": [{"url": "https://github.com/kedro-org/kedro/pull/5442", "source": "security-advisories@github.com", "tags": ["Issue Tracking"]}, {"url": "https://github.com/kedro-org/kedro/security/advisories/GHSA-6326-w46w-ppjw", "source": "security-advisories@github.com", "tags": ["Vendor Advisory"]}], "published": "2026-04-06T18:16:43.217", "last_modified": "2026-04-14T15:26:03.083", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00059, "epss_percentile": 0.18538, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1083", "name": "File and Directory Discovery", "tactic": "Discovery"}], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35183", "description": "Brave CMS is an open-source CMS. Prior to 2.0.6, an Insecure Direct Object Reference (IDOR) vulnerability exists in the article image deletion feature. It is located in app/Http/Controllers/Dashboard/ArticleController.php within the deleteImage method. The endpoint accepts a filename from the URL but does not verify ownership. This allows an authenticated user with edit permissions to delete images attached to articles owned by other users. This vulnerability is fixed in 2.0.6.", "cvss_score": 7.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-639"], "affected_products": [{"vendor": "ajax30", "product": "bravecms", "cpe": "cpe:2.3:a:ajax30:bravecms:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/Ajax30/BraveCMS-2.0/security/advisories/GHSA-cpf3-fxwg-cwr3", "source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"]}], "published": "2026-04-06T20:16:26.727", "last_modified": "2026-04-14T15:50:08.513", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00033, "epss_percentile": 0.09276, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27144", "description": "The compiler is meant to unwrap pointers which are the operands of a memory move; a no-op interface conversion prevented the compiler from making the correct determination about non-overlapping moves, potentially leading to memory corruption at runtime.", "cvss_score": 7.1, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "cvss_severity": "HIGH", "cwes": [], "affected_products": [], "references": [{"url": "https://go.dev/cl/763764", "source": "security@golang.org", "tags": []}, {"url": "https://go.dev/issue/78371", "source": "security@golang.org", "tags": []}, {"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "source": "security@golang.org", "tags": []}, {"url": "https://pkg.go.dev/vuln/GO-2026-4867", "source": "security@golang.org", "tags": []}], "published": "2026-04-08T02:16:03.130", "last_modified": "2026-04-13T19:16:38.947", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 8e-05, "epss_percentile": 0.00692, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39671", "description": "Cross-Site Request Forgery (CSRF) vulnerability in Dotstore Extra Fees Plugin for WooCommerce woo-conditional-product-fees-for-checkout allows Cross Site Request Forgery.This issue affects Extra Fees Plugin for WooCommerce: from n/a through <= 4.3.3.", "cvss_score": 7.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-352"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/woo-conditional-product-fees-for-checkout/vulnerability/wordpress-extra-fees-plugin-for-woocommerce-plugin-4-3-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:38.553", "last_modified": "2026-04-13T21:16:29.580", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00015, "epss_percentile": 0.03285, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40024", "description": "The Sleuth Kit through 4.14.0 contains a path traversal vulnerability in tsk_recover that allows an attacker to write files to arbitrary locations outside the intended recovery directory via crafted filenames or directory paths with path traversal sequences in a filesystem image. An attacker can craft a malicious filesystem image with embedded /../ sequences in filenames that, when processed by tsk_recover, writes files outside the output directory, potentially achieving code execution by overwriting shell configuration or cron entries.", "cvss_score": 7.1, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-22"], "affected_products": [{"vendor": "sleuthkit", "product": "the_sleuth_kit", "cpe": "cpe:2.3:a:sleuthkit:the_sleuth_kit:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/sleuthkit/sleuthkit/commit/a3f96b3bc36a8bb1a00c297f77110d4a6e7dd31b", "source": "disclosure@vulncheck.com", "tags": ["Patch"]}, {"url": "https://mobasi.ai/sentinel", "source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"]}, {"url": "https://www.vulncheck.com/advisories/sleuth-kit-tsk-recover-path-traversal", "source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"]}], "published": "2026-04-08T22:16:22.430", "last_modified": "2026-04-13T20:28:41.277", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00028, "epss_percentile": 0.07972, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1083", "name": "File and Directory Discovery", "tactic": "Discovery"}], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5441", "description": "An out-of-bounds read vulnerability exists in the `DecodePsmctRle1` function of `DicomImageDecoder.cpp`. The `PMSCT_RLE1` decompression routine, which decodes the proprietary Philips Compression format, does not properly validate escape markers placed near the end of the compressed data stream. A crafted sequence at the end of the buffer can cause the decoder to read beyond the allocated memory region and leak heap data into the rendered image output.", "cvss_score": 7.1, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-125"], "affected_products": [{"vendor": "orthanc-server", "product": "orthanc", "cpe": "cpe:2.3:a:orthanc-server:orthanc:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://kb.cert.org/vuls/id/536588", "source": "cret@cert.org", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://www.machinespirits.de/", "source": "cret@cert.org", "tags": ["Not Applicable"]}, {"url": "https://www.orthanc-server.com/", "source": "cret@cert.org", "tags": ["Product"]}], "published": "2026-04-09T15:16:16.443", "last_modified": "2026-04-14T20:18:01.960", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00017, "epss_percentile": 0.03894, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5444", "description": "A heap buffer overflow vulnerability exists in the PAM image parsing logic. When Orthanc processes a crafted PAM image embedded in a DICOM file, image dimensions are multiplied using 32-bit unsigned arithmetic. Specially chosen values can cause an integer overflow during buffer size calculation, resulting in the allocation of a small buffer followed by a much larger write operation during pixel processing.", "cvss_score": 7.1, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-787"], "affected_products": [{"vendor": "orthanc-server", "product": "orthanc", "cpe": "cpe:2.3:a:orthanc-server:orthanc:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://kb.cert.org/vuls/id/536588", "source": "cret@cert.org", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://www.machinespirits.de/", "source": "cret@cert.org", "tags": ["Not Applicable"]}, {"url": "https://www.orthanc-server.com/", "source": "cret@cert.org", "tags": ["Product"]}], "published": "2026-04-09T15:16:16.760", "last_modified": "2026-04-14T20:20:10.767", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00019, "epss_percentile": 0.04997, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39959", "description": "Tmds.DBus provides .NET libraries for working with D-Bus from .NET. Tmds.DBus and Tmds.DBus.Protocol are vulnerable to malicious D-Bus peers. A peer on the same bus can spoof signals by impersonating the owner of a well-known name, exhaust system resources or cause file descriptor spillover by sending messages with an excessive number of Unix file descriptors, and crash the application by sending malformed message bodies that cause unhandled exceptions on the SynchronizationContext. This vulnerability is fixed in Tmds.DBus 0.92.0 and Tmds.DBus.Protocol 0.92.0 and 0.21.3.", "cvss_score": 7.1, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-290", "CWE-770"], "affected_products": [], "references": [{"url": "https://github.com/tmds/Tmds.DBus/security/advisories/GHSA-xrw6-gwf8-vvr9", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-09T17:16:30.440", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00012, "epss_percentile": 0.01595, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39976", "description": "Laravel Passport provides OAuth2 server support to Laravel. From 13.0.0 to before 13.7.1, there is an Authentication Bypass for client_credentials tokens. the league/oauth2-server library sets the JWT sub claim to the client identifier (since there's no user). The token guard then passes this value to retrieveById() without validating it's actually a user identifier, potentially resolving an unrelated real user. Any machine-to-machine token can inadvertently authenticate as an actual user. This vulnerability is fixed in 13.7.1.", "cvss_score": 7.1, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-287"], "affected_products": [], "references": [{"url": "https://github.com/laravel/passport/issues/1900", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/laravel/passport/pull/1901", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/laravel/passport/pull/1902", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/laravel/passport/security/advisories/GHSA-349c-2h2f-mxf6", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/thephpleague/oauth2-server/issues/1456#issuecomment-2734989996", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-09T17:16:31.267", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00064, "epss_percentile": 0.19936, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1078", "name": "Valid Accounts", "tactic": "Initial Access"}], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35632", "description": "OpenClaw through 2026.2.22 contains a symlink traversal vulnerability in agents.create and agents.update handlers that use fs.appendFile on IDENTITY.md without symlink containment checks. Attackers with workspace access can plant symlinks to append attacker-controlled content to arbitrary files, enabling remote code execution via crontab injection or unauthorized access via SSH key manipulation.", "cvss_score": 7.1, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-61"], "affected_products": [], "references": [{"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-7xr2-q9vf-x4r5", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/openclaw-symlink-traversal-via-identity-md-appendfile-in-agents-create-update", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-7xr2-q9vf-x4r5", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": []}], "published": "2026-04-09T22:16:32.003", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00059, "epss_percentile": 0.18485, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4162", "description": "The Gravity SMTP plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to uninstall and deactivate the plugin and delete plugin options. NOTE: This vulnerability is also exploitable via a Cross-Site Request Forgery vector.", "cvss_score": 7.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://www.gravityforms.com/brand-new-release-gravity-smtp-2-1-5/", "source": "security@wordfence.com", "tags": []}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0f9d18a4-262b-4011-91e9-b29a27a76470?source=cve", "source": "security@wordfence.com", "tags": []}], "published": "2026-04-10T10:16:04.120", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00036, "epss_percentile": 0.10384, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-58920", "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zootemplate Cerato allows Reflected XSS.This issue affects Cerato: from n/a through 2.2.18.", "cvss_score": 7.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/wordpress/theme/cerato/vulnerability/wordpress-cerato-theme-2-2-18-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-10T14:16:25.283", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00033, "epss_percentile": 0.09585, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32894", "description": "Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Insecure Direct Object Reference (IDOR) vulnerability in the gradebook result view page allows any authenticated teacher to delete any student's grade result across the entire platform by manipulating the delete_mark or resultdelete GET parameters. No ownership or course-scope verification is performed. This vulnerability is fixed in 1.11.38 and 2.0.0-RC.3.", "cvss_score": 7.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-476", "CWE-639"], "affected_products": [], "references": [{"url": "https://github.com/chamilo/chamilo-lms/commit/3b03306d1a0301a81b9284e86893b27f518ab151", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/chamilo/chamilo-lms/commit/740f5a6e192a52a3adde3c3241c86401b1d2c519", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-rqpg-p95v-fv98", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-rqpg-p95v-fv98", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": []}], "published": "2026-04-10T18:16:42.117", "last_modified": "2026-04-13T16:16:26.750", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00029, "epss_percentile": 0.08074, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32930", "description": "Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Insecure Direct Object Reference (IDOR) vulnerability in the gradebook evaluation edit page allows any authenticated teacher to view and modify the settings (name, max score, weight) of evaluations belonging to any other course by manipulating the editeval GET parameter. This vulnerability is fixed in 1.11.38 and 2.0.0-RC.3.", "cvss_score": 7.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-639"], "affected_products": [], "references": [{"url": "https://github.com/chamilo/chamilo-lms/commit/63e1e6d3d717bd537c7c61719416da35aaa658dd", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/chamilo/chamilo-lms/commit/f03f681df939db0429edc8414fb3ce4e4b80d79d", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-9h22-wrg7-82q6", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-10T18:16:42.280", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00025, "epss_percentile": 0.06812, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40162", "description": "Bugsink is a self-hosted error tracking tool. In 2.1.0, an authenticated file write vulnerability was identified in Bugsink 2.1.0 in the artifact bundle assembly flow. A user with a valid authentication token could cause the application to write attacker-controlled content to a filesystem location writable by the Bugsink process. This vulnerability is fixed in 2.1.1.", "cvss_score": 7.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-20"], "affected_products": [], "references": [{"url": "https://github.com/bugsink/bugsink/releases/tag/2.1.1", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/bugsink/bugsink/security/advisories/GHSA-8hw4-fhww-273g", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-10T18:16:46.083", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00084, "epss_percentile": 0.2439, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33702", "description": "Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains an Insecure Direct Object Reference (IDOR) vulnerability in the Learning Path progress saving endpoint. The file lp_ajax_save_item.php accepts a uid (user ID) parameter directly from $_REQUEST and uses it to load and modify another user's Learning Path progress — including score, status, completion, and time — without verifying that the requesting user matches the target user ID. Any authenticated user enrolled in a course can overwrite another user's Learning Path progress by simply changing the uid parameter in the request. This vulnerability is fixed in 1.11.38 and 2.0.0-RC.3.", "cvss_score": 7.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-639"], "affected_products": [], "references": [{"url": "https://github.com/chamilo/chamilo-lms/commit/6331d051b4468deb5830c01d1e047c5e5cf2c74f", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/chamilo/chamilo-lms/commit/bf3f6c6949b5c882b48a9914baa19910417e4551", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-3rv7-9fhx-j654", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-3rv7-9fhx-j654", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": []}], "published": "2026-04-10T19:16:23.177", "last_modified": "2026-04-13T16:16:26.960", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00034, "epss_percentile": 0.09638, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33704", "description": "Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user (including students) can write arbitrary content to files on the server via the BigUpload endpoint. The key parameter controls the filename and the raw POST body becomes the file content. While .php extensions are filtered to .phps, the .pht extension passes through unmodified. On Apache configurations where .pht is handled as PHP, this leads to Remote Code Execution. This vulnerability is fixed in 1.11.38.", "cvss_score": 7.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-434"], "affected_products": [], "references": [{"url": "https://github.com/chamilo/chamilo-lms/commit/9748f1ffbdb8b6dc84c0e0591c9d3c1d92e21c00", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-phfx-pwwg-945v", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-10T19:16:23.480", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00215, "epss_percentile": 0.43996, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1105", "name": "Ingress Tool Transfer", "tactic": "Command and Control"}], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.3, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33706", "description": "Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user with a REST API key can modify their own status field via the update_user_from_username endpoint. A student (status=5) can change their status to Teacher/CourseManager (status=1), gaining course creation and management privileges. This vulnerability is fixed in 1.11.38.", "cvss_score": 7.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-269"], "affected_products": [], "references": [{"url": "https://github.com/chamilo/chamilo-lms/commit/0acf8a196307c66c049f97f5ff76cf21c4a08127", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-3gqc-xr75-pcpw", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-10T19:16:23.800", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00025, "epss_percentile": 0.06878, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40185", "description": "TREK is a collaborative travel planner. Prior to 2.7.2, TREK was missing authorization checks on the Immich trip photo management routes. This vulnerability is fixed in 2.7.2.", "cvss_score": 7.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://github.com/mauriceboe/TREK/commit/16277a3811a00c2983f7486fee83c112986cb179", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/mauriceboe/TREK/releases/tag/v2.7.2", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/mauriceboe/TREK/security/advisories/GHSA-pcr3-6647-jh72", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-10T20:16:23.573", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00027, "epss_percentile": 0.07386, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5053", "description": "NoMachine External Control of File Path Arbitrary File Deletion Vulnerability. This vulnerability allows local attackers to delete arbitrary files on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the handling of environment variables. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of root. Was ZDI-CAN-28644.", "cvss_score": 7.1, "cvss_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-73"], "affected_products": [], "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-26-247/", "source": "zdi-disclosures@trendmicro.com", "tags": []}], "published": "2026-04-11T01:16:17.757", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00015, "epss_percentile": 0.02951, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5809", "description": "The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.2. This is due to a two-step logic flaw: the topic_add() and topic_edit() action handlers accept arbitrary user-supplied data[*] arrays from $_REQUEST and store them as postmeta without restricting which fields may contain array values. Because 'body' is included in the allowed topic fields list, an attacker can supply data[body][fileurl] with an arbitrary file path (e.g., wp-config.php or an absolute server path). This poisoned fileurl is persisted to the plugin's custom postmeta database table. Subsequently, when the attacker submits wpftcf_delete[]=body on a topic_edit request, the add_file() method retrieves the stored postmeta record, extracts the attacker-controlled fileurl, passes it through wpforo_fix_upload_dir() which only rewrites legitimate wpforo upload paths and returns all other paths unchanged, and then calls wp_delete_file() on the unvalidated path. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary files writable by the PHP process on the server, including critical files such as wp-config.", "cvss_score": 7.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-73"], "affected_products": [], "references": [{"url": "https://plugins.trac.wordpress.org/browser/wpforo/tags/3.0.2/classes/Actions.php#L746", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/wpforo/tags/3.0.2/classes/Actions.php#L761", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/wpforo/tags/3.0.2/classes/PostMeta.php#L402", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/wpforo/tags/3.0.2/classes/PostMeta.php#L421", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/wpforo/tags/3.0.2/classes/PostMeta.php#L523", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/wpforo/tags/3.0.2/classes/Posts.php#L1961", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/wpforo/tags/3.0.2/includes/functions.php#L2641", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/changeset/3503313/wpforo", "source": "security@wordfence.com", "tags": []}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0e46ac8d-89ee-4480-bb96-83f2044a4323?source=cve", "source": "security@wordfence.com", "tags": []}], "published": "2026-04-11T08:16:05.503", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00034, "epss_percentile": 0.09969, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2018-25257", "description": "Adianti Framework 5.5.0 and 5.6.0 contains an SQL injection vulnerability that allows authenticated users to manipulate database queries by injecting SQL code through the name field in SystemProfileForm. Attackers can submit crafted SQL statements in the profile edit endpoint to modify user credentials and gain administrative access.", "cvss_score": 7.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-89"], "affected_products": [], "references": [{"url": "https://www.exploit-db.com/exploits/46217", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/adianti-framework-and-sql-injection-via-profile", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-12T13:16:31.567", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00026, "epss_percentile": 0.07102, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2019-25693", "description": "ResourceSpace 8.6 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the keywords parameter in collection_edit.php. Attackers can submit POST requests with crafted SQL payloads in the keywords field to extract sensitive database information including schema names, user credentials, and other confidential data.", "cvss_score": 7.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-352"], "affected_products": [], "references": [{"url": "https://www.exploit-db.com/exploits/46274", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.resourcespace.com/", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.resourcespace.com/get", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/resourcespace-sql-injection-via-collection-edit-php", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-12T13:16:32.270", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00013, "epss_percentile": 0.02227, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2019-25699", "description": "Newsbull Haber Script 1.0.0 contains multiple SQL injection vulnerabilities in the search parameter that allow authenticated attackers to extract database information through time-based, blind, and boolean-based injection techniques. Attackers can inject malicious SQL code through the search parameter in endpoints like /admin/comment/records, /admin/category/records, /admin/news/records, and /admin/menu/childs to manipulate database queries and retrieve sensitive data.", "cvss_score": 7.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-89"], "affected_products": [], "references": [{"url": "http://newsbull.org/", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://github.com/gurkanuzunca/newsbull", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.exploit-db.com/exploits/46266", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/newsbull-haber-script-authenticated-sql-injection-via-search-parameter", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-12T13:16:32.770", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00026, "epss_percentile": 0.07016, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2019-25703", "description": "ImpressCMS 1.3.11 contains a time-based blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'bid' parameter. Attackers can send POST requests to the admin.php endpoint with malicious 'bid' values containing SQL commands to extract sensitive database information.", "cvss_score": 7.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-89"], "affected_products": [], "references": [{"url": "http://www.impresscms.org/", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://sourceforge.net/projects/impresscms/files/v1.3.11/impresscms_1.3.11.zip", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.exploit-db.com/exploits/46239", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/impresscms-sql-injection-via-bid-parameter", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-12T13:16:33.113", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00026, "epss_percentile": 0.07016, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2019-25707", "description": "eBrigade ERP 4.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to pdf.php with crafted SQL payloads in the 'id' parameter to extract sensitive database information including table names and schema details.", "cvss_score": 7.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-89"], "affected_products": [], "references": [{"url": "https://ebrigade.net/", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://netcologne.dl.sourceforge.net/project/ebrigade/ebrigade/eBrigade%204.5/ebrigade_4.5.zip", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.exploit-db.com/exploits/46117", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/ebrigade-erp-sql-injection-via-pdf-php", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-12T13:16:33.627", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00026, "epss_percentile": 0.07016, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2019-25713", "description": "MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the Charge[group_total] parameter. Attackers can submit crafted POST requests to the /charge/admin endpoint with error-based, time-based blind, or stacked query payloads to extract sensitive database information or manipulate data.", "cvss_score": 7.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-89"], "affected_products": [], "references": [{"url": "https://manageyourteam.net/", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://sourceforge.net/projects/myt/", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.exploit-db.com/exploits/46084", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/myt-pm-sql-injection-via-charge-group-total-parameter", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-12T13:16:34.620", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00026, "epss_percentile": 0.07016, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-28553", "description": "Vulnerability of improper permission control in the theme setting module.\nImpact: Successful exploitation of this vulnerability may affect service confidentiality.", "cvss_score": 6.9, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-275"], "affected_products": [], "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2026/4/", "source": "psirt@huawei.com", "tags": []}], "published": "2026-04-13T04:16:03.650", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 6e-05, "epss_percentile": 0.00414, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 20.7, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40446", "description": "Access of resource using incompatible type ('type confusion') vulnerability in Samsung Open Source Escargot allows Pointer Manipulation.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335.", "cvss_score": 6.9, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-843"], "affected_products": [], "references": [{"url": "https://github.com/Samsung/escargot/pull/1554", "source": "PSIRT@samsung.com", "tags": []}], "published": "2026-04-13T05:16:04.863", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00012, "epss_percentile": 0.01846, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 20.7, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40436", "description": "The ZTE ZXEDM iEMS product has a password reset vulnerability for any user.Because the management of the cloud EMS portal does not properly control access to the user list acquisition function, attackers can read all user list information through the user list interface. Attackers can reset the passwords of obtained user information, causing risks such as unauthorized operations.", "cvss_score": 7.1, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": [], "affected_products": [], "references": [{"url": "https://support.zte.com.cn/zte-iccp-isupport-webui/support/bulletin/security?lang=en_US&t=0.7465962531829456", "source": "psirt@zte.com.cn", "tags": []}], "published": "2026-04-13T07:16:50.393", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00039, "epss_percentile": 0.11518, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34476", "description": "Server-Side Request Forgery via SW-URL Header vulnerability in Apache SkyWalking MCP.\n\nThis issue affects Apache SkyWalking MCP: 0.1.0.\n\nUsers are recommended to upgrade to version 0.2.0, which fixes this issue.", "cvss_score": 7.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-918"], "affected_products": [], "references": [{"url": "https://lists.apache.org/thread/v0k1xyzzbtnpyrwxwyn36pbspr8rhjnr", "source": "security@apache.org", "tags": []}, {"url": "http://www.openwall.com/lists/oss-security/2026/04/13/4", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2026-04-13T13:16:40.847", "last_modified": "2026-04-13T16:16:27.637", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00028, "epss_percentile": 0.07905, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1090", "name": "Proxy", "tactic": "Command and Control"}], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34256", "description": "Due to a missing authorization check in SAP ERP and SAP S/4HANA (Private Cloud and On-Premise), an authenticated attacker could execute a particular ABAP report to overwrite any existing eight?character executable ABAP report without authorization. If the overwritten report is subsequently executed, the intended functionality could become unavailable. Successful exploitation impacts availability, with a limited impact on integrity confined to the affected report, while confidentiality remains unaffected.", "cvss_score": 7.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://me.sap.com/notes/3731908", "source": "cna@sap.com", "tags": []}, {"url": "https://url.sap/sapsecuritypatchday", "source": "cna@sap.com", "tags": []}], "published": "2026-04-14T01:16:03.530", "last_modified": "2026-04-14T01:16:03.530", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00036, "epss_percentile": 0.10732, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33892", "description": "A vulnerability has been identified in Industrial Edge Management Pro V1 (All versions >= V1.7.6 < V1.15.17), Industrial Edge Management Pro V2 (All versions >= V2.0.0 < V2.1.1), Industrial Edge Management Virtual (All versions >= V2.2.0 < V2.8.0). Affected management systems do not properly enforce user authentication on remote connections to devices.\r\nThis could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user.\r\nSuccessful exploitation requires that the attacker has identified the header and port used for remote connections to devices and that the remote connection feature is enabled for the device.\r\n\r\nExploitation allows the attacker to tunnel to the device. Security features on this device itself (e.g. app specific authentication) are not affected.", "cvss_score": 7.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "cvss_severity": "HIGH", "cwes": ["CWE-305"], "affected_products": [], "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-609469.html", "source": "productcert@siemens.com", "tags": []}], "published": "2026-04-14T09:16:36.097", "last_modified": "2026-04-14T09:16:36.097", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00069, "epss_percentile": 0.21061, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-37980", "description": "A flaw was found in Keycloak, specifically in the organization selection login page. A remote attacker with `manage-realm` or `manage-organizations` administrative privileges can exploit a Stored Cross-Site Scripting (XSS) vulnerability. This flaw occurs because the `organization.alias` is placed into an inline JavaScript `onclick` handler, allowing a crafted JavaScript payload to execute in a user's browser when they view the login page. Successful exploitation enables arbitrary JavaScript execution, potentially leading to session theft, unauthorized account actions, or further attacks against users of the affected realm.", "cvss_score": 6.9, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-37980", "source": "secalert@redhat.com", "tags": []}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455325", "source": "secalert@redhat.com", "tags": []}], "published": "2026-04-14T15:16:34.230", "last_modified": "2026-04-14T15:16:34.230", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 20.7, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4344", "description": "A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process.", "cvss_score": 7.1, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://dl.appstreaming.autodesk.com/production/installers/Fusion%20Client%20Downloader.dmg", "source": "psirt@autodesk.com", "tags": []}, {"url": "https://dl.appstreaming.autodesk.com/production/installers/Fusion%20Client%20Downloader.exe", "source": "psirt@autodesk.com", "tags": []}, {"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0005", "source": "psirt@autodesk.com", "tags": []}], "published": "2026-04-14T15:16:38.467", "last_modified": "2026-04-14T15:16:38.467", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4345", "description": "A maliciously crafted HTML payload, stored in a design name and exported to CSV, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process.", "cvss_score": 7.1, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://dl.appstreaming.autodesk.com/production/installers/Fusion%20Client%20Downloader.dmg", "source": "psirt@autodesk.com", "tags": []}, {"url": "https://dl.appstreaming.autodesk.com/production/installers/Fusion%20Client%20Downloader.exe", "source": "psirt@autodesk.com", "tags": []}, {"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0005", "source": "psirt@autodesk.com", "tags": []}], "published": "2026-04-14T15:16:38.640", "last_modified": "2026-04-14T15:16:38.640", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4369", "description": "A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process.", "cvss_score": 7.1, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://dl.appstreaming.autodesk.com/production/installers/Fusion%20Client%20Downloader.dmg", "source": "psirt@autodesk.com", "tags": []}, {"url": "https://dl.appstreaming.autodesk.com/production/installers/Fusion%20Client%20Downloader.exe", "source": "psirt@autodesk.com", "tags": []}, {"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0005", "source": "psirt@autodesk.com", "tags": []}], "published": "2026-04-14T15:16:38.943", "last_modified": "2026-04-14T15:16:38.943", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-38528", "description": "Krayin CRM v2.2.x was discovered to contain a SQL injection vulnerability via the rotten_lead parameter at /Lead/LeadDataGrid.php.", "cvss_score": 7.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-89"], "affected_products": [], "references": [{"url": "https://github.com/TREXNEGRO/Security-Advisories/tree/main/CVE-2026-38528", "source": "cve@mitre.org", "tags": []}, {"url": "https://github.com/krayin/laravel-crm", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-14T16:16:43.413", "last_modified": "2026-04-14T18:17:37.700", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-25184", "description": "Concurrent execution using shared resource with improper synchronization ('race condition') in Applocker Filter Driver (applockerfltr.sys) allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.0, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-362"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25184", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:16:45.390", "last_modified": "2026-04-14T18:16:45.390", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-26151", "description": "Insufficient ui warning of dangerous operations in Windows Remote Desktop allows an unauthorized attacker to perform spoofing over a network.", "cvss_score": 7.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N", "cvss_severity": "HIGH", "cwes": ["CWE-357"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26151", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:16:45.973", "last_modified": "2026-04-14T18:16:45.973", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-26152", "description": "Insecure storage of sensitive information in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.0, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-922"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26152", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:16:46.310", "last_modified": "2026-04-14T18:16:46.310", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-26165", "description": "Use after free in Windows Shell allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.0, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-416"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26165", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:16:49.807", "last_modified": "2026-04-14T18:16:49.807", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-26166", "description": "Double free in Windows Shell allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.0, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-415"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26166", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:16:50.060", "last_modified": "2026-04-14T18:16:50.060", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-26173", "description": "Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.0, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-362", "CWE-416", "CWE-476"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26173", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:16:52.013", "last_modified": "2026-04-14T18:16:52.013", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}, {"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-26174", "description": "Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Server Update Service allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.0, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-362", "CWE-416"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26174", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:16:52.353", "last_modified": "2026-04-14T18:16:52.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}, {"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-26177", "description": "Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.0, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-416"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26177", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:16:53.350", "last_modified": "2026-04-14T18:16:53.350", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-26182", "description": "Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.0, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-416"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26182", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:16:54.850", "last_modified": "2026-04-14T18:16:54.850", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27908", "description": "Use after free in Windows TDI Translation Driver (tdx.sys) allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.0, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-416"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27908", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:16:57.270", "last_modified": "2026-04-14T18:16:57.270", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27917", "description": "Use after free in Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys) allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.0, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-416"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27917", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:00.233", "last_modified": "2026-04-14T18:17:00.233", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27921", "description": "Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.0, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-362", "CWE-416"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27921", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:01.980", "last_modified": "2026-04-14T18:17:01.980", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}, {"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27922", "description": "Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.0, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-416"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27922", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:02.317", "last_modified": "2026-04-14T18:17:02.317", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27926", "description": "Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.0, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-362", "CWE-416"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27926", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:03.587", "last_modified": "2026-04-14T18:17:03.587", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}, {"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27929", "description": "Time-of-check time-of-use (toctou) race condition in Windows LUAFV allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.0, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-367"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27929", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:04.400", "last_modified": "2026-04-14T18:17:04.400", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32068", "description": "Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.0, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-362"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32068", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:06.577", "last_modified": "2026-04-14T18:17:06.577", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32070", "description": "Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.0, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-416"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32070", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:07.203", "last_modified": "2026-04-14T18:17:07.203", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32073", "description": "Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.0, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-416"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32073", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:08.143", "last_modified": "2026-04-14T18:17:08.143", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32075", "description": "Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.0, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-416"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32075", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:08.780", "last_modified": "2026-04-14T18:17:08.780", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32080", "description": "Use after free in Windows WalletService allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.0, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-416"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32080", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:10.630", "last_modified": "2026-04-14T18:17:10.630", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32082", "description": "Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.0, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-362"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32082", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:11.153", "last_modified": "2026-04-14T18:17:11.153", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32083", "description": "Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.0, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-362"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32083", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:11.493", "last_modified": "2026-04-14T18:17:11.493", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32086", "description": "Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.0, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-362"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32086", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:12.520", "last_modified": "2026-04-14T18:17:12.520", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32087", "description": "Heap-based buffer overflow in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.0, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-122"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32087", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:12.860", "last_modified": "2026-04-14T18:17:12.860", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32093", "description": "Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.0, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-122", "CWE-362", "CWE-367"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32093", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:14.387", "last_modified": "2026-04-14T18:17:14.387", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}, {"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32150", "description": "Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.0, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-362"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32150", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:15.037", "last_modified": "2026-04-14T18:17:15.037", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32188", "description": "Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.", "cvss_score": 7.1, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-125"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32188", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:23.410", "last_modified": "2026-04-14T18:17:23.410", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32195", "description": "Stack-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.0, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-121"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32195", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:25.890", "last_modified": "2026-04-14T18:17:25.890", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32219", "description": "Double free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.0, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-362", "CWE-415"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32219", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:29.650", "last_modified": "2026-04-14T18:17:29.650", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32224", "description": "Use after free in Windows Server Update Service allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.0, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-416"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32224", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:30.690", "last_modified": "2026-04-14T18:17:30.690", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33099", "description": "Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.0, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-416"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33099", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:32.133", "last_modified": "2026-04-14T18:17:32.133", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33100", "description": "Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.0, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-416"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33100", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:32.450", "last_modified": "2026-04-14T18:17:32.450", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33104", "description": "Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.", "cvss_score": 7.0, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "HIGH", "cwes": ["CWE-362", "CWE-416"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33104", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:33.160", "last_modified": "2026-04-14T18:17:33.160", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}, {"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 21, "ats_level": "LOW", "ats_breakdown": {"severity": 21.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2020-26140", "description": "An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-327"], "affected_products": [{"vendor": "alfa", "product": "awus036h_firmware", "cpe": "cpe:2.3:o:alfa:awus036h_firmware:6.1316.1209:*:*:*:*:windows_10:*:*"}, {"vendor": "siemens", "product": "scalance_w1748-1_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w1748-1_firmware:-:*:*:*:*:*:m12:*"}, {"vendor": "siemens", "product": "scalance_w1750d_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w1750d_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_w1788-1_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w1788-1_firmware:-:*:*:*:*:*:m12:*"}, {"vendor": "siemens", "product": "scalance_w1788-2_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w1788-2_firmware:-:*:*:*:*:*:eec_m12:*"}, {"vendor": "siemens", "product": "scalance_w1788-2_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w1788-2_firmware:-:*:*:*:*:*:m12:*"}, {"vendor": "siemens", "product": "scalance_w1788-2ia_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w1788-2ia_firmware:-:*:*:*:*:*:m12:*"}, {"vendor": "siemens", "product": "scalance_w721-1_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w721-1_firmware:-:*:*:*:*:*:rj45:*"}, {"vendor": "siemens", "product": "scalance_w722-1_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w722-1_firmware:-:*:*:*:*:*:rj45:*"}, {"vendor": "siemens", "product": "scalance_w734-1_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w734-1_firmware:-:*:*:*:*:*:rj45:*"}, {"vendor": "siemens", "product": "scalance_w738-1_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w738-1_firmware:-:*:*:*:*:*:m12:*"}, {"vendor": "siemens", "product": "scalance_w748-1_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w748-1_firmware:-:*:*:*:*:*:m12:*"}, {"vendor": "siemens", "product": "scalance_w748-1_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w748-1_firmware:-:*:*:*:*:*:rj45:*"}, {"vendor": "siemens", "product": "scalance_w761-1_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w761-1_firmware:-:*:*:*:*:*:rj45:*"}, {"vendor": "siemens", "product": "scalance_w774-1_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w774-1_firmware:-:*:*:*:*:*:m12_eec:*"}, {"vendor": "siemens", "product": "scalance_w774-1_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w774-1_firmware:-:*:*:*:*:*:rj45:*"}, {"vendor": "siemens", "product": "scalance_w778-1_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w778-1_firmware:-:*:*:*:*:*:m12:*"}, {"vendor": "siemens", "product": "scalance_w778-1_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w778-1_firmware:-:*:*:*:*:*:m12_eec:*"}, {"vendor": "siemens", "product": "scalance_w786-1_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w786-1_firmware:-:*:*:*:*:*:rj45:*"}, {"vendor": "siemens", "product": "scalance_w786-2_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w786-2_firmware:-:*:*:*:*:*:rj45:*"}, {"vendor": "siemens", "product": "scalance_w786-2_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w786-2_firmware:-:*:*:*:*:*:sfp:*"}, {"vendor": "siemens", "product": "scalance_w786-2ia_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w786-2ia_firmware:-:*:*:*:*:*:rj45:*"}, {"vendor": "siemens", "product": "scalance_w788-1_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w788-1_firmware:-:*:*:*:*:*:m12:*"}, {"vendor": "siemens", "product": "scalance_w788-1_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w788-1_firmware:-:*:*:*:*:*:rj45:*"}, {"vendor": "siemens", "product": "scalance_w788-2_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w788-2_firmware:-:*:*:*:*:*:m12:*"}, {"vendor": "siemens", "product": "scalance_w788-2_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w788-2_firmware:-:*:*:*:*:*:m12_eec:*"}, {"vendor": "siemens", "product": "scalance_w788-2_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w788-2_firmware:-:*:*:*:*:*:rj45:*"}, {"vendor": "siemens", "product": "scalance_wam763-1_firmware", "cpe": "cpe:2.3:o:siemens:scalance_wam763-1_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_wam766-1_firmware", "cpe": "cpe:2.3:o:siemens:scalance_wam766-1_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_wam766-1_firmware", "cpe": "cpe:2.3:o:siemens:scalance_wam766-1_firmware:-:*:*:*:*:*:eec:*"}, {"vendor": "siemens", "product": "scalance_wam766-1_6ghz_firmware", "cpe": "cpe:2.3:o:siemens:scalance_wam766-1_6ghz_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_wam766-1_6ghz_firmware", "cpe": "cpe:2.3:o:siemens:scalance_wam766-1_6ghz_firmware:-:*:*:*:*:*:eec:*"}, {"vendor": "siemens", "product": "scalance_wum763-1_firmware", "cpe": "cpe:2.3:o:siemens:scalance_wum763-1_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_wum766-1_firmware", "cpe": "cpe:2.3:o:siemens:scalance_wum766-1_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_wum766-1_6ghz_firmware", "cpe": "cpe:2.3:o:siemens:scalance_wum766-1_6ghz_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "c-100_firmware", "cpe": "cpe:2.3:o:arista:c-100_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "c-110_firmware", "cpe": "cpe:2.3:o:arista:c-110_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "c-120_firmware", "cpe": "cpe:2.3:o:arista:c-120_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "c-130_firmware", "cpe": "cpe:2.3:o:arista:c-130_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "c-200_firmware", "cpe": "cpe:2.3:o:arista:c-200_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "c-230_firmware", "cpe": "cpe:2.3:o:arista:c-230_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "c-235_firmware", "cpe": "cpe:2.3:o:arista:c-235_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "c-250_firmware", "cpe": "cpe:2.3:o:arista:c-250_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "c-260_firmware", "cpe": "cpe:2.3:o:arista:c-260_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "c-65_firmware", "cpe": "cpe:2.3:o:arista:c-65_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "c-75_firmware", "cpe": "cpe:2.3:o:arista:c-75_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "o-105_firmware", "cpe": "cpe:2.3:o:arista:o-105_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "o-90_firmware", "cpe": "cpe:2.3:o:arista:o-90_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "w-118_firmware", "cpe": "cpe:2.3:o:arista:w-118_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "w-68_firmware", "cpe": "cpe:2.3:o:arista:w-68_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "1100_firmware", "cpe": "cpe:2.3:o:cisco:1100_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "1100-4p_firmware", "cpe": "cpe:2.3:o:cisco:1100-4p_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "1100-8p_firmware", "cpe": "cpe:2.3:o:cisco:1100-8p_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "1101-4p_firmware", "cpe": "cpe:2.3:o:cisco:1101-4p_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "1109-2p_firmware", "cpe": "cpe:2.3:o:cisco:1109-2p_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "1109-4p_firmware", "cpe": "cpe:2.3:o:cisco:1109-4p_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_1532_firmware", "cpe": "cpe:2.3:o:cisco:aironet_1532_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_1542d_firmware", "cpe": "cpe:2.3:o:cisco:aironet_1542d_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_1542i_firmware", "cpe": "cpe:2.3:o:cisco:aironet_1542i_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_1552_firmware", "cpe": "cpe:2.3:o:cisco:aironet_1552_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_1552h_firmware", "cpe": "cpe:2.3:o:cisco:aironet_1552h_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_1560_firmware", "cpe": "cpe:2.3:o:cisco:aironet_1560_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_1562d_firmware", "cpe": "cpe:2.3:o:cisco:aironet_1562d_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_1562e_firmware", "cpe": "cpe:2.3:o:cisco:aironet_1562e_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_1562i_firmware", "cpe": "cpe:2.3:o:cisco:aironet_1562i_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_1572_firmware", "cpe": "cpe:2.3:o:cisco:aironet_1572_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_1702_firmware", "cpe": "cpe:2.3:o:cisco:aironet_1702_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_1800_firmware", "cpe": "cpe:2.3:o:cisco:aironet_1800_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_1800i_firmware", "cpe": "cpe:2.3:o:cisco:aironet_1800i_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_1810_firmware", "cpe": "cpe:2.3:o:cisco:aironet_1810_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_1810w_firmware", "cpe": "cpe:2.3:o:cisco:aironet_1810w_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_1815_firmware", "cpe": "cpe:2.3:o:cisco:aironet_1815_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_1815i_firmware", "cpe": "cpe:2.3:o:cisco:aironet_1815i_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_1832_firmware", "cpe": "cpe:2.3:o:cisco:aironet_1832_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_1842_firmware", "cpe": "cpe:2.3:o:cisco:aironet_1842_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_1852_firmware", "cpe": "cpe:2.3:o:cisco:aironet_1852_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_2702_firmware", "cpe": "cpe:2.3:o:cisco:aironet_2702_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_2800_firmware", "cpe": "cpe:2.3:o:cisco:aironet_2800_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_2800e_firmware", "cpe": "cpe:2.3:o:cisco:aironet_2800e_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_2800i_firmware", "cpe": "cpe:2.3:o:cisco:aironet_2800i_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_3702_firmware", "cpe": "cpe:2.3:o:cisco:aironet_3702_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_3800_firmware", "cpe": "cpe:2.3:o:cisco:aironet_3800_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_3800e_firmware", "cpe": "cpe:2.3:o:cisco:aironet_3800e_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_3800i_firmware", "cpe": "cpe:2.3:o:cisco:aironet_3800i_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_3800p_firmware", "cpe": "cpe:2.3:o:cisco:aironet_3800p_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_4800_firmware", "cpe": "cpe:2.3:o:cisco:aironet_4800_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_ap803_firmware", "cpe": "cpe:2.3:o:cisco:aironet_ap803_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_iw3702_firmware", "cpe": "cpe:2.3:o:cisco:aironet_iw3702_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_9105_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_9105_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_9105axi_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_9105axi_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_9105axw_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_9105axw_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_9115_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_9115_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_9115_ap_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_9115_ap_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_9115axe_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_9115axe_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_9115axi_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_9115axi_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_9117_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_9117_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_9117_ap_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_9117_ap_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_9117axi_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_9117axi_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_9120_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_9120_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_9120_ap_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_9120_ap_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_9120axe_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_9120axe_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_9120axi_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_9120axi_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_9120axp_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_9120axp_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_9124_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_9124_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_9124axd_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_9124axd_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_9124axi_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_9124axi_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_9130_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_9130_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_9130_ap_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_9130_ap_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_9130axe_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_9130axe_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_9130axi_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_9130axi_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_iw6300_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_iw6300_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_iw6300_ac_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_iw6300_ac_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_iw6300_dc_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_iw6300_dc_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_iw6300_dcw_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_iw6300_dcw_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "esw-6300-con-x-k9_firmware", "cpe": "cpe:2.3:o:cisco:esw-6300-con-x-k9_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "esw6300_firmware", "cpe": "cpe:2.3:o:cisco:esw6300_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "ip_phone_6861_firmware", "cpe": "cpe:2.3:o:cisco:ip_phone_6861_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "ip_phone_8821_firmware", "cpe": "cpe:2.3:o:cisco:ip_phone_8821_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "ip_phone_8832_firmware", "cpe": "cpe:2.3:o:cisco:ip_phone_8832_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "ip_phone_8861_firmware", "cpe": "cpe:2.3:o:cisco:ip_phone_8861_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "ip_phone_8865_firmware", "cpe": "cpe:2.3:o:cisco:ip_phone_8865_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "ir829-2lte-ea-ak9_firmware", "cpe": "cpe:2.3:o:cisco:ir829-2lte-ea-ak9_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "ir829-2lte-ea-bk9_firmware", "cpe": "cpe:2.3:o:cisco:ir829-2lte-ea-bk9_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "ir829-2lte-ea-ek9_firmware", "cpe": "cpe:2.3:o:cisco:ir829-2lte-ea-ek9_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "ir829gw-lte-ga-ck9_firmware", "cpe": "cpe:2.3:o:cisco:ir829gw-lte-ga-ck9_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "ir829gw-lte-ga-ek9_firmware", "cpe": "cpe:2.3:o:cisco:ir829gw-lte-ga-ek9_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "ir829gw-lte-ga-sk9_firmware", "cpe": "cpe:2.3:o:cisco:ir829gw-lte-ga-sk9_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "ir829gw-lte-ga-zk9_firmware", "cpe": "cpe:2.3:o:cisco:ir829gw-lte-ga-zk9_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "ir829gw-lte-na-ak9_firmware", "cpe": "cpe:2.3:o:cisco:ir829gw-lte-na-ak9_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "ir829gw-lte-vz-ak9_firmware", "cpe": "cpe:2.3:o:cisco:ir829gw-lte-vz-ak9_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_gr10_firmware", "cpe": "cpe:2.3:o:cisco:meraki_gr10_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_gr60_firmware", "cpe": "cpe:2.3:o:cisco:meraki_gr60_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr12_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr12_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr20_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr20_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr26_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr26_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr30h_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr30h_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr32_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr32_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr33_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr33_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr34_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr34_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr36_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr36_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr42_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr42_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr42e_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr42e_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr44_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr44_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr45_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr45_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr46_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr46_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr46e_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr46e_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr52_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr52_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr53_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr53_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr53e_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr53e_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr55_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr55_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr56_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr56_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr62_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr62_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr66_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr66_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr70_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr70_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr72_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr72_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr74_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr74_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr76_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr76_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr84_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr84_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr86_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr86_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mx64w_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mx64w_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mx65w_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mx65w_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mx67cw_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mx67cw_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mx67w_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mx67w_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mx68cw_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mx68cw_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mx68w_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mx68w_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_z3_firmware", "cpe": "cpe:2.3:o:cisco:meraki_z3_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_z3c_firmware", "cpe": "cpe:2.3:o:cisco:meraki_z3c_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "webex_board_55_firmware", "cpe": "cpe:2.3:o:cisco:webex_board_55_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "webex_board_55s_firmware", "cpe": "cpe:2.3:o:cisco:webex_board_55s_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "webex_board_70_firmware", "cpe": "cpe:2.3:o:cisco:webex_board_70_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "webex_board_70s_firmware", "cpe": "cpe:2.3:o:cisco:webex_board_70s_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "webex_board_85s_firmware", "cpe": "cpe:2.3:o:cisco:webex_board_85s_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "webex_dx70_firmware", "cpe": "cpe:2.3:o:cisco:webex_dx70_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "webex_dx80_firmware", "cpe": "cpe:2.3:o:cisco:webex_dx80_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "webex_room_55_firmware", "cpe": "cpe:2.3:o:cisco:webex_room_55_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "webex_room_55_dual_firmware", "cpe": "cpe:2.3:o:cisco:webex_room_55_dual_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "webex_room_70_firmware", "cpe": "cpe:2.3:o:cisco:webex_room_70_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "webex_room_70_dual_firmware", "cpe": "cpe:2.3:o:cisco:webex_room_70_dual_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "webex_room_70_dual_g2_firmware", "cpe": "cpe:2.3:o:cisco:webex_room_70_dual_g2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "webex_room_70_single_firmware", "cpe": "cpe:2.3:o:cisco:webex_room_70_single_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "webex_room_70_single_g2_firmware", "cpe": "cpe:2.3:o:cisco:webex_room_70_single_g2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "webex_room_kit_firmware", "cpe": "cpe:2.3:o:cisco:webex_room_kit_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "webex_room_kit_mini_firmware", "cpe": "cpe:2.3:o:cisco:webex_room_kit_mini_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "intel", "product": "ac_8260_firmware", "cpe": "cpe:2.3:o:intel:ac_8260_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "intel", "product": "ac_8265_firmware", "cpe": "cpe:2.3:o:intel:ac_8265_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "intel", "product": "ac_9260_firmware", "cpe": "cpe:2.3:o:intel:ac_9260_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "intel", "product": "ac_9560_firmware", "cpe": "cpe:2.3:o:intel:ac_9560_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "intel", "product": "killer_ac_1550_firmware", "cpe": "cpe:2.3:o:intel:killer_ac_1550_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "intel", "product": "killer_wi-fi_6_ax1650_firmware", "cpe": "cpe:2.3:o:intel:killer_wi-fi_6_ax1650_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "intel", "product": "killer_wi-fi_6e_ax1675_firmware", "cpe": "cpe:2.3:o:intel:killer_wi-fi_6e_ax1675_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "intel", "product": "proset_ac_3165_firmware", "cpe": "cpe:2.3:o:intel:proset_ac_3165_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "intel", "product": "proset_ac_3168_firmware", "cpe": "cpe:2.3:o:intel:proset_ac_3168_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "intel", "product": "proset_ac_8260_firmware", "cpe": "cpe:2.3:o:intel:proset_ac_8260_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "intel", "product": "proset_ac_8265_firmware", "cpe": "cpe:2.3:o:intel:proset_ac_8265_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "intel", "product": "proset_ac_9260_firmware", "cpe": "cpe:2.3:o:intel:proset_ac_9260_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "intel", "product": "proset_ac_9461_firmware", "cpe": "cpe:2.3:o:intel:proset_ac_9461_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "intel", "product": "proset_ac_9462_firmware", "cpe": "cpe:2.3:o:intel:proset_ac_9462_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "intel", "product": "proset_ac_9560_firmware", "cpe": "cpe:2.3:o:intel:proset_ac_9560_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "intel", "product": "proset_wi-fi_6_ax200_firmware", "cpe": "cpe:2.3:o:intel:proset_wi-fi_6_ax200_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "intel", "product": "proset_wi-fi_6_ax201_firmware", "cpe": "cpe:2.3:o:intel:proset_wi-fi_6_ax201_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "intel", "product": "proset_wi-fi_6e_ax210_firmware", "cpe": "cpe:2.3:o:intel:proset_wi-fi_6e_ax210_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "intel", "product": "proset_wireless_7265_\\(rev_d\\)_firmware", "cpe": "cpe:2.3:o:intel:proset_wireless_7265_\\(rev_d\\)_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "intel", "product": "wi-fi_6_ax200_firmware", "cpe": "cpe:2.3:o:intel:wi-fi_6_ax200_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "intel", "product": "wi-fi_6_ax201_firmware", "cpe": "cpe:2.3:o:intel:wi-fi_6_ax201_firmware:-:*:*:*:*:*:*:*"}], "references": [{"url": "http://www.openwall.com/lists/oss-security/2021/05/11/12", "source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf", "source": "cve@mitre.org", "tags": ["Third Party Advisory"]}, {"url": "https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md", "source": "cve@mitre.org", "tags": ["Third Party Advisory"]}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu", "source": "cve@mitre.org", "tags": ["Third Party Advisory"]}, {"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63", "source": "cve@mitre.org", "tags": ["Third Party Advisory"]}, {"url": "https://www.fragattacks.com", "source": "cve@mitre.org", "tags": ["Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2021/05/11/12", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://www.fragattacks.com", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-019200.html", "source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e", "tags": []}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-913875.html", "source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e", "tags": []}], "published": "2021-05-11T20:15:08.687", "last_modified": "2026-04-14T09:16:22.753", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00156, "epss_percentile": 0.36351, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1557", "name": "Adversary-in-the-Middle", "tactic": "Credential Access"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2020-26141", "description": "An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-354"], "affected_products": [{"vendor": "alfa", "product": "awus036h_firmware", "cpe": "cpe:2.3:o:alfa:awus036h_firmware:6.1316.1209:*:*:*:*:windows_10:*:*"}, {"vendor": "cisco", "product": "meraki_gr10_firmware", "cpe": "cpe:2.3:o:cisco:meraki_gr10_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_gr60_firmware", "cpe": "cpe:2.3:o:cisco:meraki_gr60_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr20_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr20_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr30h_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr30h_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr33_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr33_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr36_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr36_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr42_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr42_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr42e_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr42e_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr44_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr44_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr45_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr45_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr46_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr46_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr46e_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr46e_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr52_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr52_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr53_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr53_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr53e_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr53e_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr55_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr55_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr56_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr56_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr70_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr70_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr74_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr74_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr76_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr76_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr84_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr84_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr86_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr86_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr12_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr12_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr18_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr18_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr26_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr26_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr32_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr32_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr34_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr34_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr62_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr62_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr66_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr66_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr72_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr72_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mx64w_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mx64w_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mx65w_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mx65w_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mx67w_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mx67w_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mx67cw_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mx67cw_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mx68w_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mx68w_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mx68cw_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mx68cw_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_z3_firmware", "cpe": "cpe:2.3:o:cisco:meraki_z3_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_z3c_firmware", "cpe": "cpe:2.3:o:cisco:meraki_z3c_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "wireless_ip_phone_8821_firmware", "cpe": "cpe:2.3:o:cisco:wireless_ip_phone_8821_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "ip_phone_6861_firmware", "cpe": "cpe:2.3:o:cisco:ip_phone_6861_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "ip_phone_8861_firmware", "cpe": "cpe:2.3:o:cisco:ip_phone_8861_firmware:*:*:*:*:*:3pcc:*:*"}, {"vendor": "cisco", "product": "ip_phone_8861_firmware", "cpe": "cpe:2.3:o:cisco:ip_phone_8861_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "ip_phone_8865_firmware", "cpe": "cpe:2.3:o:cisco:ip_phone_8865_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "ip_conference_phone_8832_firmware", "cpe": "cpe:2.3:o:cisco:ip_conference_phone_8832_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "webex_room_series_firmware", "cpe": "cpe:2.3:o:cisco:webex_room_series_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "webex_desk_series_firmware", "cpe": "cpe:2.3:o:cisco:webex_desk_series_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "webex_board_series_firmware", "cpe": "cpe:2.3:o:cisco:webex_board_series_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "webex_wireless_phone_860_firmware", "cpe": "cpe:2.3:o:cisco:webex_wireless_phone_860_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "webex_wireless_phone_840_firmware", "cpe": "cpe:2.3:o:cisco:webex_wireless_phone_840_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5778-1gy00-0ab0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5778-1gy00-0ab0_firmware:-:*:*:*:*:*:m12:*"}, {"vendor": "siemens", "product": "6gk5778-1gy00-0aa0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5778-1gy00-0aa0_firmware:-:*:*:*:*:*:m12:*"}, {"vendor": "siemens", "product": "6gk5721-1fc00-0aa0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5721-1fc00-0aa0_firmware:-:*:*:*:*:*:rj45:*"}, {"vendor": "siemens", "product": "6gk5721-1fc00-0ab0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5721-1fc00-0ab0_firmware:-:*:*:*:*:*:rj45:*"}, {"vendor": "siemens", "product": "6gk5722-1fc00-0aa0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5722-1fc00-0aa0_firmware:-:*:*:*:*:*:rj45:*"}, {"vendor": "siemens", "product": "6gk5722-1fc00-0ab0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5722-1fc00-0ab0_firmware:-:*:*:*:*:*:rj45:*"}, {"vendor": "siemens", "product": "6gk5722-1fc00-0ac0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5722-1fc00-0ac0_firmware:-:*:*:*:*:*:rj45:*"}, {"vendor": "siemens", "product": "6gk5734-1fx00-0aa0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5734-1fx00-0aa0_firmware:-:*:*:*:*:*:rj45:*"}, {"vendor": "siemens", "product": "6gk5734-1fx00-0aa6_firmware", "cpe": "cpe:2.3:o:siemens:6gk5734-1fx00-0aa6_firmware:-:*:*:*:*:*:rj45:*"}, {"vendor": "siemens", "product": "6gk5734-1fx00-0ab0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5734-1fx00-0ab0_firmware:-:*:*:*:*:*:rj45:*"}, {"vendor": "siemens", "product": "6gk5734-1fx00-0ab6_firmware", "cpe": "cpe:2.3:o:siemens:6gk5734-1fx00-0ab6_firmware:-:*:*:*:*:*:rj45:*"}, {"vendor": "siemens", "product": "6gk5738-1gy00-0aa0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5738-1gy00-0aa0_firmware:-:*:*:*:*:*:m12:*"}, {"vendor": "siemens", "product": "6gk5738-1gy00-0ab0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5738-1gy00-0ab0_firmware:-:*:*:*:*:*:m12:*"}, {"vendor": "siemens", "product": "6gk5748-1fc00-0aa0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5748-1fc00-0aa0_firmware:-:*:*:*:*:*:rj45:*"}, {"vendor": "siemens", "product": "6gk5748-1fc00-0ab0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5748-1fc00-0ab0_firmware:-:*:*:*:*:*:rj45:*"}, {"vendor": "siemens", "product": "6gk5748-1gd00-0aa0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5748-1gd00-0aa0_firmware:-:*:*:*:*:*:m12:*"}, {"vendor": "siemens", "product": "6gk5748-1gd00-0ab0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5748-1gd00-0ab0_firmware:-:*:*:*:*:*:m12:*"}, {"vendor": "siemens", "product": "6gk5761-1fc00-0aa0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5761-1fc00-0aa0_firmware:-:*:*:*:*:*:rj45:*"}, {"vendor": "siemens", "product": "6gk5761-1fc00-0ab0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5761-1fc00-0ab0_firmware:-:*:*:*:*:*:rj45:*"}, {"vendor": "siemens", "product": "6gk5774-1fx00-0aa0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5774-1fx00-0aa0_firmware:-:*:*:*:*:*:rj45:*"}, {"vendor": "siemens", "product": "6gk5774-1fx00-0aa6_firmware", "cpe": "cpe:2.3:o:siemens:6gk5774-1fx00-0aa6_firmware:-:*:*:*:*:*:rj45:*"}, {"vendor": "siemens", "product": "6gk5774-1fx00-0ab0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5774-1fx00-0ab0_firmware:-:*:*:*:*:*:rj45:*"}, {"vendor": "siemens", "product": "6gk5774-1fx00-0ab6_firmware", "cpe": "cpe:2.3:o:siemens:6gk5774-1fx00-0ab6_firmware:-:*:*:*:*:*:rj45:*"}, {"vendor": "siemens", "product": "6gk5774-1fy00-0ta0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5774-1fy00-0ta0_firmware:-:*:*:*:*:*:m12_ecc:*"}, {"vendor": "siemens", "product": "6gk5774-1fy00-0tb0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5774-1fy00-0tb0_firmware:-:*:*:*:*:*:m12_ecc:*"}, {"vendor": "siemens", "product": "6gk5778-1gy00-0ta0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5778-1gy00-0ta0_firmware:-:*:*:*:*:*:m12_ecc:*"}, {"vendor": "siemens", "product": "6gk5778-1gy00-0tb0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5778-1gy00-0tb0_firmware:-:*:*:*:*:*:m12_ecc:*"}, {"vendor": "siemens", "product": "6gk5786-1fc00-0aa0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5786-1fc00-0aa0_firmware:-:*:*:*:*:*:rj45:*"}, {"vendor": "siemens", "product": "6gk5786-1fc00-0ab0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5786-1fc00-0ab0_firmware:-:*:*:*:*:*:rj45:*"}, {"vendor": "siemens", "product": "6gk5786-2fc00-0aa0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5786-2fc00-0aa0_firmware:-:*:*:*:*:*:rj45:*"}, {"vendor": "siemens", "product": "6gk5786-2fc00-0ab0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5786-2fc00-0ab0_firmware:-:*:*:*:*:*:rj45:*"}, {"vendor": "siemens", "product": "6gk5786-2fc00-0ac0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5786-2fc00-0ac0_firmware:-:*:*:*:*:*:rj45:*"}, {"vendor": "siemens", "product": "6gk5786-2hc00-0aa0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5786-2hc00-0aa0_firmware:-:*:*:*:*:*:rj45:*"}, {"vendor": "siemens", "product": "6gk5786-2hc00-0ab0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5786-2hc00-0ab0_firmware:-:*:*:*:*:*:rj45:*"}, {"vendor": "siemens", "product": "6gk5788-1fc00-0aa0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5788-1fc00-0aa0_firmware:-:*:*:*:*:*:rj45:*"}, {"vendor": "siemens", "product": "6gk5788-1fc00-0ab0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5788-1fc00-0ab0_firmware:-:*:*:*:*:*:rj45:*"}, {"vendor": "siemens", "product": "6gk5788-1gd00-0aa0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5788-1gd00-0aa0_firmware:-:*:*:*:*:*:m12:*"}, {"vendor": "siemens", "product": "6gk5788-1gd00-0ab0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5788-1gd00-0ab0_firmware:-:*:*:*:*:*:m12:*"}, {"vendor": "siemens", "product": "6gk5788-2fc00-0aa0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5788-2fc00-0aa0_firmware:-:*:*:*:*:*:rj45:*"}, {"vendor": "siemens", "product": "6gk5788-2fc00-0ab0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5788-2fc00-0ab0_firmware:-:*:*:*:*:*:rj45:*"}, {"vendor": "siemens", "product": "6gk5788-2fc00-0ac0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5788-2fc00-0ac0_firmware:-:*:*:*:*:*:rj45:*"}, {"vendor": "siemens", "product": "6gk5788-2gd00-0aa0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5788-2gd00-0aa0_firmware:-:*:*:*:*:*:m12:*"}, {"vendor": "siemens", "product": "6gk5788-2gd00-0ab0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5788-2gd00-0ab0_firmware:-:*:*:*:*:*:m12:*"}, {"vendor": "siemens", "product": "6gk5788-2gd00-0ta0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5788-2gd00-0ta0_firmware:-:*:*:*:*:*:m12_ecc:*"}, {"vendor": "siemens", "product": "6gk5788-2gd00-0tb0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5788-2gd00-0tb0_firmware:-:*:*:*:*:*:m12_ecc:*"}, {"vendor": "siemens", "product": "6gk5788-2gd00-0tc0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5788-2gd00-0tc0_firmware:-:*:*:*:*:*:m12_ecc:*"}], "references": [{"url": "http://www.openwall.com/lists/oss-security/2021/05/11/12", "source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf", "source": "cve@mitre.org", "tags": ["Third Party Advisory"]}, {"url": "https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md", "source": "cve@mitre.org", "tags": ["Third Party Advisory"]}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu", "source": "cve@mitre.org", "tags": ["Third Party Advisory"]}, {"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63", "source": "cve@mitre.org", "tags": ["Third Party Advisory"]}, {"url": "https://www.fragattacks.com", "source": "cve@mitre.org", "tags": ["Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2021/05/11/12", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://www.fragattacks.com", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-019200.html", "source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e", "tags": []}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-913875.html", "source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e", "tags": []}], "published": "2021-05-11T20:15:08.727", "last_modified": "2026-04-14T09:16:23.660", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00236, "epss_percentile": 0.46574, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2020-26143", "description": "An issue was discovered in the ALFA Windows 10 driver 1030.36.604 for AWUS036ACH. The WEP, WPA, WPA2, and WPA3 implementations accept fragmented plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-20"], "affected_products": [{"vendor": "alfa", "product": "awus036h_firmware", "cpe": "cpe:2.3:o:alfa:awus036h_firmware:1030.36.604:*:*:*:*:windows_10:*:*"}, {"vendor": "arista", "product": "c-75_firmware", "cpe": "cpe:2.3:o:arista:c-75_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "o-90_firmware", "cpe": "cpe:2.3:o:arista:o-90_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "c-65_firmware", "cpe": "cpe:2.3:o:arista:c-65_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "w-68_firmware", "cpe": "cpe:2.3:o:arista:w-68_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_w700_ieee_802.11n_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w700_ieee_802.11n_firmware:*:*:*:*:*:*:*:*"}], "references": [{"url": "http://www.openwall.com/lists/oss-security/2021/05/11/12", "source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf", "source": "cve@mitre.org", "tags": ["Third Party Advisory"]}, {"url": "https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md", "source": "cve@mitre.org", "tags": ["Third Party Advisory"]}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu", "source": "cve@mitre.org", "tags": ["Third Party Advisory"]}, {"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63", "source": "cve@mitre.org", "tags": ["Third Party Advisory"]}, {"url": "https://www.fragattacks.com", "source": "cve@mitre.org", "tags": ["Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2021/05/11/12", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://www.fragattacks.com", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-019200.html", "source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e", "tags": []}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-913875.html", "source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e", "tags": []}], "published": "2021-05-11T20:15:08.800", "last_modified": "2026-04-14T09:16:24.443", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.004, "epss_percentile": 0.60696, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2020-26144", "description": "An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext A-MSDU frames as long as the first 8 bytes correspond to a valid RFC1042 (i.e., LLC/SNAP) header for EAPOL. An adversary can abuse this to inject arbitrary network packets independent of the network configuration.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-20"], "affected_products": [{"vendor": "samsung", "product": "galaxy_i9305_firmware", "cpe": "cpe:2.3:o:samsung:galaxy_i9305_firmware:4.4.4:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "c-250_firmware", "cpe": "cpe:2.3:o:arista:c-250_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "c-260_firmware", "cpe": "cpe:2.3:o:arista:c-260_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "c-230_firmware", "cpe": "cpe:2.3:o:arista:c-230_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "c-235_firmware", "cpe": "cpe:2.3:o:arista:c-235_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "c-200_firmware", "cpe": "cpe:2.3:o:arista:c-200_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "c-120_firmware", "cpe": "cpe:2.3:o:arista:c-120_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "c-130_firmware", "cpe": "cpe:2.3:o:arista:c-130_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "c-100_firmware", "cpe": "cpe:2.3:o:arista:c-100_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "c-110_firmware", "cpe": "cpe:2.3:o:arista:c-110_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "o-105_firmware", "cpe": "cpe:2.3:o:arista:o-105_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "w-118_firmware", "cpe": "cpe:2.3:o:arista:w-118_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "c-75_firmware", "cpe": "cpe:2.3:o:arista:c-75_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "o-90_firmware", "cpe": "cpe:2.3:o:arista:o-90_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "c-65_firmware", "cpe": "cpe:2.3:o:arista:c-65_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "w-68_firmware", "cpe": "cpe:2.3:o:arista:w-68_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_w700_ieee_802.11ax_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w700_ieee_802.11ax_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_w700_ieee_802.11n_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w700_ieee_802.11n_firmware:*:*:*:*:*:*:*:*"}], "references": [{"url": "http://www.openwall.com/lists/oss-security/2021/05/11/12", "source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf", "source": "cve@mitre.org", "tags": ["Third Party Advisory"]}, {"url": "https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md", "source": "cve@mitre.org", "tags": ["Third Party Advisory"]}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu", "source": "cve@mitre.org", "tags": ["Third Party Advisory"]}, {"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63", "source": "cve@mitre.org", "tags": ["Third Party Advisory"]}, {"url": "https://www.fragattacks.com", "source": "cve@mitre.org", "tags": ["Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2021/05/11/12", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://www.fragattacks.com", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-019200.html", "source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e", "tags": []}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-913875.html", "source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e", "tags": []}], "published": "2021-05-11T20:15:08.837", "last_modified": "2026-04-14T09:16:25.173", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00524, "epss_percentile": 0.66941, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2020-26145", "description": "An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-20"], "affected_products": [{"vendor": "samsung", "product": "galaxy_i9305_firmware", "cpe": "cpe:2.3:o:samsung:galaxy_i9305_firmware:4.4.4:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5763-1al00-7da0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5763-1al00-7da0_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5766-1ge00-7da0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5766-1ge00-7da0_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5766-1ge00-7db0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5766-1ge00-7db0_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5766-1je00-7da0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5766-1je00-7da0_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5766-1ge00-7ta0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5766-1ge00-7ta0_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5766-1ge00-7tb0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5766-1ge00-7tb0_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5766-1je00-7ta0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5766-1je00-7ta0_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5763-1al00-3aa0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5763-1al00-3aa0_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5763-1al00-3da0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5763-1al00-3da0_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5766-1ge00-3da0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5766-1ge00-3da0_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5766-1ge00-3db0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5766-1ge00-3db0_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "6gk5766-1je00-3da0_firmware", "cpe": "cpe:2.3:o:siemens:6gk5766-1je00-3da0_firmware:*:*:*:*:*:*:*:*"}], "references": [{"url": "http://www.openwall.com/lists/oss-security/2021/05/11/12", "source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf", "source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"]}, {"url": "https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md", "source": "cve@mitre.org", "tags": ["Third Party Advisory"]}, {"url": "https://www.fragattacks.com", "source": "cve@mitre.org", "tags": ["Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2021/05/11/12", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"]}, {"url": "https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://www.fragattacks.com", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-913875.html", "source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e", "tags": []}], "published": "2021-05-11T20:15:08.873", "last_modified": "2026-04-14T09:16:25.947", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.02727, "epss_percentile": 0.85952, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.7, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2022-36325", "description": "Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with administrative privileges to inject code and lead to a DOM-based XSS.", "cvss_score": 6.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-80"], "affected_products": [{"vendor": "siemens", "product": "scalance_m-800_firmware", "cpe": "cpe:2.3:o:siemens:scalance_m-800_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_s615_firmware", "cpe": "cpe:2.3:o:siemens:scalance_s615_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_sc-600_firmware", "cpe": "cpe:2.3:o:siemens:scalance_sc-600_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_sc622-2c_firmware", "cpe": "cpe:2.3:o:siemens:scalance_sc622-2c_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_sc632-2c_firmware", "cpe": "cpe:2.3:o:siemens:scalance_sc632-2c_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_sc636-2c_firmware", "cpe": "cpe:2.3:o:siemens:scalance_sc636-2c_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_sc642-2c_firmware", "cpe": "cpe:2.3:o:siemens:scalance_sc642-2c_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_sc646-2c_firmware", "cpe": "cpe:2.3:o:siemens:scalance_sc646-2c_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_w700_ieee_802.11ax_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w700_ieee_802.11ax_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_w700_ieee_802.11n_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w700_ieee_802.11n_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_w700_ieee_802.11ac_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w700_ieee_802.11ac_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xb-200_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xb-200_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xb205-3_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xb205-3_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xb205-3ld_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xb205-3ld_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xb208_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xb208_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xb213-3_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xb213-3_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xb213-3ld_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xb213-3ld_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xb216_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xb216_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc-200_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc-200_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc206-2_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc206-2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc206-2g_poe__firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc206-2g_poe__firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc206-2g_poe_eec_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc206-2g_poe_eec_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc206-2sfp_eec_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc206-2sfp_eec_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc206-2sfp_g_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc206-2sfp_g_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc206-2sfp_g_\\(e\\/ip\\)_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc206-2sfp_g_\\(e\\/ip\\)_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc206-2sfp_g_eec_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc206-2sfp_g_eec_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc208_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc208_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc208eec_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc208eec_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc208g_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc208g_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc208g_\\(e\\/ip\\)_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc208g_\\(e\\/ip\\)_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc208g_eec_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc208g_eec_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc208g_poe_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc208g_poe_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc216_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc216_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc216-4c_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc216-4c_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc216-4c_g_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc216-4c_g_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc216-4c_g_\\(e\\/ip\\)_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc216-4c_g_\\(e\\/ip\\)_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc216-4c_g_eec_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc216-4c_g_eec_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc216eec_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc216eec_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc224__firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc224__firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc224-4c_g__firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc224-4c_g__firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc224-4c_g_\\(e\\/ip\\)_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc224-4c_g_\\(e\\/ip\\)_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xc224-4c_g_eec_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xc224-4c_g_eec_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xf-200ba_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xf-200ba_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xf204-2ba_dna_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xf204-2ba_dna_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xf204-2ba_irt_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xf204-2ba_irt_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xm400_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xm400_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xm408-4c_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xm408-4c_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xm408-4c_l3_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xm408-4c_l3_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xm408-8c_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xm408-8c_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xm408-8c_l3_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xm408-8c_l3_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xm416-4c_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xm416-4c_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xm416-4c_l3_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xm416-4c_l3_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xp-200_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xp-200_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xp208_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xp208_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xp208_\\(eip\\)_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xp208_\\(eip\\)_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xp208eec_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xp208eec_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xp208poe_eec_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xp208poe_eec_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xp216_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xp216_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xp216_\\(eip\\)_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xp216_\\(eip\\)_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xp216eec_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xp216eec_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xp216poe_eec_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xp216poe_eec_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr-300_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr-300_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr-300eec_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr-300eec_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr-300poe_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr-300poe_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr-300wg_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr-300wg_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr324-12m_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr324-12m_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr324-12m_ts_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr324-12m_ts_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr324-4m_eec_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr324-4m_eec_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr324-4m_poe_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr324-4m_poe_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr324-4m_poe_ts_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr324-4m_poe_ts_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr324wg_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr324wg_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr326-2c_poe_wg_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr326-2c_poe_wg_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr328-4c_wg_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr328-4c_wg_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr500_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr500_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr524_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr524_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr524-8c_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr524-8c_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr524-8c_l3_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr524-8c_l3_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr526_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr526_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr526-8c_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr526-8c_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr526-8c_l3_firmware", "cpe": "cpe:2.3:h:siemens:scalance_xr526-8c_l3_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr528_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr528_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr528-6m_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr528-6m_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr528-6m_2hr2_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr528-6m_2hr2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr528-6m_2hr2_l3_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr528-6m_2hr2_l3_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr528-6m_l3_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr528-6m_l3_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr552_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr552_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr552-12_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr552-12_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr552-12m_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr552-12m_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr552-12m_2hr2_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr552-12m_2hr2_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_xr552-12m_2hr2_l3_firmware", "cpe": "cpe:2.3:o:siemens:scalance_xr552-12m_2hr2_l3_firmware:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-019200.html", "source": "productcert@siemens.com", "tags": []}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-710008.html", "source": "productcert@siemens.com", "tags": []}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-710008.pdf", "source": "productcert@siemens.com", "tags": ["Mitigation", "Vendor Advisory"]}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-710008.pdf", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Vendor Advisory"]}], "published": "2022-08-10T12:15:12.997", "last_modified": "2026-04-14T09:16:32.137", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00434, "epss_percentile": 0.62851, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 20.4, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2022-2785", "description": "There exists an arbitrary memory read within the Linux Kernel BPF - Constants provided to fill pointers in structs passed in to bpf_sys_bpf are not verified and can point anywhere, including memory not owned by BPF. An attacker with CAP_BPF can arbitrarily read memory from anywhere on the system. We recommend upgrading past commit 86f44fcec22c", "cvss_score": 6.7, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-125", "CWE-125"], "affected_products": [{"vendor": "linux", "product": "linux_kernel", "cpe": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://git.kernel.org/bpf/bpf/c/86f44fcec22c", "source": "cve-coordination@google.com", "tags": ["Patch", "Vendor Advisory"]}, {"url": "https://lore.kernel.org/bpf/20220816205517.682470-1-zhuyifei%40google.com/T/#t", "source": "cve-coordination@google.com", "tags": ["Vendor Advisory"]}, {"url": "https://git.kernel.org/bpf/bpf/c/86f44fcec22c", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"]}, {"url": "https://lore.kernel.org/bpf/20220816205517.682470-1-zhuyifei%40google.com/T/#t", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"]}], "published": "2022-09-23T11:15:09.510", "last_modified": "2026-04-14T15:23:49.830", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0005, "epss_percentile": 0.15367, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 20.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-0242", "description": "Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 115.18, Firefox ESR 128.5, Thunderbird 115.18, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Firefox ESR 115.19, Thunderbird 134, and Thunderbird 128.6.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-787"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1874523%2C1926454%2C1931873%2C1932169", "source": "security@mozilla.org", "tags": ["Broken Link", "Issue Tracking"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-01/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-02/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-03/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-04/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-05/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00004.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-01-07T16:15:38.860", "last_modified": "2026-04-13T15:16:34.257", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.02914, "epss_percentile": 0.86384, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.7, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-0246", "description": "When using an invalid protocol scheme, an attacker could spoof the address bar. \n*Note: This issue only affected Android operating systems. Other operating systems are unaffected.*\n*Note: This issue is a different issue from CVE-2025-0244. This vulnerability was fixed in Firefox 134.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": [], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1912709", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-01/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-01-07T16:15:39.260", "last_modified": "2026-04-13T15:16:35.003", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00136, "epss_percentile": 0.3335, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-23109", "description": "Long hostnames in URLs could be leveraged to obscure the actual host of the website or spoof the website address. This vulnerability was fixed in Firefox for iOS 134.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-346"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:iphone_os:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1419275", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-06/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-01-11T04:15:06.367", "last_modified": "2026-04-13T15:16:54.600", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00884, "epss_percentile": 0.75424, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.2, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-0510", "description": "Thunderbird displayed an incorrect sender address if the From field of an email used the invalid group name syntax that is described in CVE-2024-49040. This vulnerability was fixed in Thunderbird 128.7 and Thunderbird 135.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-345"], "affected_products": [{"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1940570", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-10/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-11/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-02-04T14:15:31.550", "last_modified": "2026-04-13T15:16:35.363", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00376, "epss_percentile": 0.5922, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-1013", "description": "A race condition could have led to private browsing tabs being opened in normal browsing windows. This could have resulted in a potential privacy leak. This vulnerability was fixed in Firefox 135, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-362"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1932555", "source": "security@mozilla.org", "tags": ["Issue Tracking"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-07/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-09/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-10/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-11/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00006.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-02-04T14:15:32.123", "last_modified": "2026-04-13T15:16:49.900", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0025, "epss_percentile": 0.48215, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-1414", "description": "Memory safety bugs present in Firefox 135. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 135.0.1.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-787"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1943179", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-12/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-02-18T14:15:28.670", "last_modified": "2026-04-13T15:16:51.410", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00285, "epss_percentile": 0.52027, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-1934", "description": "It was possible to interrupt the processing of a RegExp bailout and run additional JavaScript, potentially triggering garbage collection when the engine was not expecting it. This vulnerability was fixed in Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": [], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1942881", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-14/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-16/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-17/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-18/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00006.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-03-04T14:15:38.273", "last_modified": "2026-04-13T15:16:52.437", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00283, "epss_percentile": 0.51738, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-1938", "description": "Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-787"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1922889%2C1935004%2C1943586%2C1943912%2C1948111", "source": "security@mozilla.org", "tags": ["Issue Tracking"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-14/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-16/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-17/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-18/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00006.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-03-04T14:15:38.730", "last_modified": "2026-04-13T15:16:53.227", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00259, "epss_percentile": 0.49266, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-3028", "description": "JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free. This vulnerability was fixed in Firefox 137, Firefox ESR 115.22, Firefox ESR 128.9, Thunderbird 137, and Thunderbird 128.9.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-416"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1941002", "source": "security@mozilla.org", "tags": ["Exploit", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-20/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-21/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-22/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-23/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-24/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00005.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-04-01T13:15:41.190", "last_modified": "2026-04-13T15:16:56.250", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00715, "epss_percentile": 0.72352, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.2, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-3031", "description": "An attacker could read 32 bits of values spilled onto the stack in a JIT compiled function. This vulnerability was fixed in Firefox 137 and Thunderbird 137.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-200"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1947141", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-20/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-23/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-04-01T13:15:41.493", "last_modified": "2026-04-13T15:16:56.830", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00282, "epss_percentile": 0.51567, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1005", "name": "Data from Local System", "tactic": "Collection"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-3608", "description": "A race condition existed in nsHttpTransaction that could have been exploited to cause memory corruption, potentially leading to an exploitable condition. This vulnerability was fixed in Firefox 137.0.2.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-362"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1951554", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.cve.org/CVERecord?id=CVE-2025-3608", "source": "security@mozilla.org", "tags": ["Third Party Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-25/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-04-15T13:15:55.590", "last_modified": "2026-04-13T15:16:58.020", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00185, "epss_percentile": 0.40201, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-4086", "description": "A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog.\n*This bug only affects Thunderbird for Android. Other versions of Thunderbird are unaffected.*. This vulnerability was fixed in Firefox 138 and Thunderbird 138.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-451"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1945705", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-28/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-31/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-04-29T14:15:35.267", "last_modified": "2026-04-13T15:17:00.047", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00242, "epss_percentile": 0.47445, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-4088", "description": "A security vulnerability in Thunderbird allowed malicious sites to use redirects to send credentialed requests to arbitrary endpoints on any site that had invoked the Storage Access API. This enabled potential Cross-Site Request Forgery attacks across origins. This vulnerability was fixed in Firefox 138 and Thunderbird 138.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-352"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1953521", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-28/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-31/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-04-29T14:15:35.450", "last_modified": "2026-04-13T15:17:00.397", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00116, "epss_percentile": 0.30237, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-4092", "description": "Memory safety bugs present in Firefox 137 and Thunderbird 137. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 138 and Thunderbird 138.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-119"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1924108%2C1950780%2C1959367", "source": "security@mozilla.org", "tags": ["Broken Link"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-28/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-31/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-04-29T14:15:35.820", "last_modified": "2026-04-13T15:17:01.073", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00282, "epss_percentile": 0.51567, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-3932", "description": "It was possible to craft an email that showed a tracking link as an attachment. If the user attempted to open the attachment, Thunderbird automatically accessed the link. The configuration to block remote content did not prevent that. Thunderbird has been fixed to no longer allow access to web pages listed in the X-Mozilla-External-Attachment-URL header of an email. This vulnerability was fixed in Thunderbird 128.10.1 and Thunderbird 138.0.1.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-288"], "affected_products": [{"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1960412", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-34/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-35/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00022.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-05-14T17:15:48.763", "last_modified": "2026-04-13T15:16:58.747", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00281, "epss_percentile": 0.51527, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-0921", "description": "Execution with Unnecessary Privileges vulnerability in multiple services of Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric AnalytiX versions 10.97.3 and prior, Mitsubishi Electric IoTWorX version 10.95, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric BizViz all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS versions 11.00, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions IoTWorX version 10.95, Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions, Mitsubishi Electric Iconics Digital Solutions BizViz all versions,  and Mitsubishi Electric Iconics Digital Solutions GENESIS versions 11.00 allows a local authenticated attacker to make an unauthorized write to arbitrary files, by creating a symbolic link from a file used as a write destination by the services of the affected products to a target file. This could allow the attacker to destroy the file on a PC with the affected products installed, resulting in a denial-of-service (DoS) condition on the PC if the destroyed file is necessary for the operation of the PC.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-250"], "affected_products": [], "references": [{"url": "https://jvn.jp/vu/JVNVU93838985", "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "tags": []}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-140-04", "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "tags": []}, {"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-002_en.pdf", "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "tags": []}], "published": "2025-05-15T23:15:58.943", "last_modified": "2026-04-13T23:16:27.090", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00067, "epss_percentile": 0.20733, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-5271", "description": "Previewing a response in Devtools ignored CSP headers, which could have allowed content injection attacks. This vulnerability was fixed in Firefox 139 and Thunderbird 139.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-116"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1920348", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-42/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-45/", "source": "security@mozilla.org", "tags": []}], "published": "2025-05-27T13:15:22.923", "last_modified": "2026-04-13T15:17:05.267", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00282, "epss_percentile": 0.51567, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-2884", "description": "TCG TPM2.0 Reference implementation's CryptHmacSign helper function is vulnerable to Out-of-Bounds read due to the lack of validation the signature scheme with the signature key's algorithm. See Errata Revision 1.83 and advisory TCGVRT0009 for TCG standard TPM2.0", "cvss_score": 6.6, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-125"], "affected_products": [], "references": [{"url": "https://github.com/stefanberger/libtpms/commit/04b2d8e9afc0a9b6bffe562a23e58c0de11532d1", "source": "cret@cert.org", "tags": []}, {"url": "https://trustedcomputinggroup.org/about/security/", "source": "cret@cert.org", "tags": []}, {"url": "https://trustedcomputinggroup.org/wp-content/uploads/TPM2.0-Library-Spec-v1.83-Errata_v1_pub.pdf", "source": "cret@cert.org", "tags": []}, {"url": "https://trustedcomputinggroup.org/wp-content/uploads/VRT0009-Advisory-FINAL.pdf", "source": "cret@cert.org", "tags": []}, {"url": "https://www.cve.org/CVERecord?id=CVE-2025-49133", "source": "cret@cert.org", "tags": []}, {"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01209.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://www.kb.cert.org/vuls/id/282450", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-628843.html", "source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e", "tags": []}], "published": "2025-06-10T18:15:30.617", "last_modified": "2026-04-14T10:16:26.457", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00072, "epss_percentile": 0.21792, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.8, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-5986", "description": "A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is disabled. This behavior can be abused to fill the disk with garbage data (e.g. using /dev/urandom on Linux) or to leak Windows credentials via SMB links when the email is viewed in HTML mode. While user interaction is required to download the .pdf file, visual obfuscation can conceal the download trigger. Viewing the email in HTML mode is enough to load external content. This vulnerability was fixed in Thunderbird 128.11.1 and Thunderbird 139.0.2.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-451"], "affected_products": [{"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1958580%2C1968012", "source": "security@mozilla.org", "tags": ["Broken Link"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-49/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-50/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00002.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-06-11T12:15:29.183", "last_modified": "2026-04-13T15:17:05.767", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00583, "epss_percentile": 0.68978, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-6429", "description": "Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an `embed` tag.  This could have bypassed website security checks that restricted which domains users were allowed to embed. This vulnerability was fixed in Firefox 140, Firefox ESR 128.12, Thunderbird 140, and Thunderbird 128.12.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-116"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1970658", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-51/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-53/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-54/", "source": "security@mozilla.org", "tags": []}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-55/", "source": "security@mozilla.org", "tags": []}, {"url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00029.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00002.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-06-24T13:15:23.877", "last_modified": "2026-04-13T15:17:07.070", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00119, "epss_percentile": 0.30754, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-6431", "description": "When a link can be opened in an external application, Firefox for Android will, by default, prompt the user before doing so. An attacker could have bypassed this prompt, potentially exposing the user to security vulnerabilities or privacy leaks in external applications. \n*This bug only affects Firefox for Android. Other versions of Firefox are unaffected.*. This vulnerability was fixed in Firefox 140.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-285"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1942716", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-51/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-06-24T13:15:24.103", "last_modified": "2026-04-13T15:17:07.460", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0005, "epss_percentile": 0.15266, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-32990", "description": "A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-122"], "affected_products": [{"vendor": "gnu", "product": "gnutls", "cpe": "cpe:2.3:a:gnu:gnutls:-:*:*:*:*:*:*:*"}, {"vendor": "redhat", "product": "openshift_container_platform", "cpe": "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*"}, {"vendor": "redhat", "product": "enterprise_linux", "cpe": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*"}, {"vendor": "redhat", "product": "enterprise_linux", "cpe": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*"}, {"vendor": "redhat", "product": "enterprise_linux", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*"}, {"vendor": "redhat", "product": "enterprise_linux", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*"}, {"vendor": "redhat", "product": "enterprise_linux", "cpe": "cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*"}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2025:16115", "source": "secalert@redhat.com", "tags": []}, {"url": "https://access.redhat.com/errata/RHSA-2025:16116", "source": "secalert@redhat.com", "tags": []}, {"url": "https://access.redhat.com/errata/RHSA-2025:17181", "source": "secalert@redhat.com", "tags": []}, {"url": "https://access.redhat.com/errata/RHSA-2025:17348", "source": "secalert@redhat.com", "tags": []}, {"url": "https://access.redhat.com/errata/RHSA-2025:17361", "source": "secalert@redhat.com", "tags": []}, {"url": "https://access.redhat.com/errata/RHSA-2025:17415", "source": "secalert@redhat.com", "tags": []}, {"url": "https://access.redhat.com/errata/RHSA-2025:19088", "source": "secalert@redhat.com", "tags": []}, {"url": "https://access.redhat.com/errata/RHSA-2025:22529", "source": "secalert@redhat.com", "tags": []}, {"url": "https://access.redhat.com/security/cve/CVE-2025-32990", "source": "secalert@redhat.com", "tags": ["Vendor Advisory"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359620", "source": "secalert@redhat.com", "tags": ["Issue Tracking"]}, {"url": "https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html", "source": "secalert@redhat.com", "tags": []}, {"url": "http://www.openwall.com/lists/oss-security/2025/07/11/3", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-07-10T10:15:33.060", "last_modified": "2026-04-14T11:16:25.037", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00072, "epss_percentile": 0.22012, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-8027", "description": "On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-457"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1968423", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-56/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-57/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-58/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-59/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-61/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-62/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-63/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00016.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-07-22T21:15:49.830", "last_modified": "2026-04-13T15:17:08.497", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00111, "epss_percentile": 0.29547, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-8033", "description": "The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-476"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1973990", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-56/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-57/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-58/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-59/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-61/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-62/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-63/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00016.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-07-22T21:15:50.457", "last_modified": "2026-04-13T15:17:09.897", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00116, "epss_percentile": 0.3023, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-55028", "description": "Malicious scripts utilizing repetitive JavaScript alerts could prevent client user interaction in some scenarios and allow for denial of service attacks. This vulnerability was fixed in Firefox for iOS 142.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-400"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:iphone_os:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1850240", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-68/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-08-19T21:15:27.973", "last_modified": "2026-04-13T15:17:02.333", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00069, "epss_percentile": 0.21149, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-9181", "description": "Uninitialized memory in the JavaScript Engine component. This vulnerability was fixed in Firefox 142, Firefox ESR 128.14, Firefox ESR 140.2, Thunderbird 142, Thunderbird 128.14, and Thunderbird 140.2.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-457"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1977130", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-64/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-66/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-67/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-70/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-71/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-72/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00016.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00018.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-08-19T21:15:30.520", "last_modified": "2026-04-13T15:17:13.777", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00062, "epss_percentile": 0.19194, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-9183", "description": "Spoofing issue in the Address Bar component. This vulnerability was fixed in Firefox 142 and Firefox ESR 140.2.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-451"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1976102", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-64/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-67/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-08-19T21:15:30.777", "last_modified": "2026-04-13T15:17:14.140", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00029, "epss_percentile": 0.0821, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-9186", "description": "Spoofing issue in the Address Bar component of Firefox Focus for Android. This vulnerability was fixed in Firefox 142.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-451"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1445758", "source": "security@mozilla.org", "tags": ["Issue Tracking"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-64/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-08-19T21:15:31.180", "last_modified": "2026-04-13T15:17:14.673", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00027, "epss_percentile": 0.07534, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-10290", "description": "Opening links via the contextual menu in Focus iOS for certain URL schemes would fail to load but would not refresh the toolbar correctly, allowing attackers to spoof websites if users were coerced into opening a link explicitly through a long-press. This vulnerability was fixed in Focus for iOS 143.0.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-451"], "affected_products": [{"vendor": "mozilla", "product": "firefox_focus", "cpe": "cpe:2.3:a:mozilla:firefox_focus:*:*:*:*:*:iphone_os:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1975566", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-76/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-09-16T13:15:41.520", "last_modified": "2026-04-13T15:16:35.563", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00028, "epss_percentile": 0.07969, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-10529", "description": "Same-origin policy bypass in the Layout component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-942"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1970490", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-73/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-75/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-77/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-78/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00020.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00026.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-09-16T13:15:45.550", "last_modified": "2026-04-13T15:16:36.150", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00063, "epss_percentile": 0.19402, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-10530", "description": "Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability was fixed in Firefox 143 and Thunderbird 143.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-290"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1974025", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-73/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-77/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-09-16T13:15:46.090", "last_modified": "2026-04-13T15:16:36.337", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0004, "epss_percentile": 0.12165, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-10532", "description": "Incorrect boundary conditions in the JavaScript: GC component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-754"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1979502", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-73/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-75/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-77/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-78/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00020.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00026.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-09-16T13:15:47.067", "last_modified": "2026-04-13T15:16:36.677", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00065, "epss_percentile": 0.20013, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-11711", "description": "There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-591"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1989978", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-81/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-82/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-83/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-84/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-85/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00015.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00031.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-10-14T13:15:37.330", "last_modified": "2026-04-13T15:16:39.793", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00029, "epss_percentile": 0.08007, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-11716", "description": "Links in a sandboxed iframe could open an external app on Android without the required \"allow-\" permission. This vulnerability was fixed in Firefox 144 and Thunderbird 144.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-284"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1818679", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-81/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-84/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-10-14T13:15:37.910", "last_modified": "2026-04-13T15:16:40.740", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00028, "epss_percentile": 0.07938, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-11718", "description": "When the address bar was hidden due to scrolling on Android, a malicious page could create a fake address bar to fool the user in response to a visibilitychange event. This vulnerability was fixed in Firefox 144.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-451"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1980808", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-81/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-10-14T13:15:38.150", "last_modified": "2026-04-13T15:16:41.083", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00026, "epss_percentile": 0.07343, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-14331", "description": "Same-origin policy bypass in the Request Handling component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-346", "CWE-346"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2000218", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-92/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-93/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-94/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-95/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-96/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-12-09T16:17:40.773", "last_modified": "2026-04-13T15:16:46.673", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00045, "epss_percentile": 0.13508, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-14744", "description": "Unicode RTLO characters could allow malicious websites to spoof filenames in the downloads UI for Firefox for iOS, potentially tricking users into saving files of an unexpected file type. This vulnerability was fixed in Firefox for iOS 144.0.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-451"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:iphone_os:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1984683", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-97/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-12-18T15:15:52.500", "last_modified": "2026-04-13T15:16:47.220", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00036, "epss_percentile": 0.104, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-0885", "description": "Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-416"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2003607", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-03/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-05/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-01-13T14:16:39.050", "last_modified": "2026-04-13T15:17:17.567", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00021, "epss_percentile": 0.05659, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-24868", "description": "Mitigation bypass in the Privacy: Anti-Tracking component. This vulnerability was fixed in Firefox 147.0.2.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-693"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2007302", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-06/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-01-27T16:16:36.173", "last_modified": "2026-04-13T15:17:19.340", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00054, "epss_percentile": 0.16746, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-67480", "description": "Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiQueryRevisionsBase.Php.\n\nThis issue affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-20"], "affected_products": [{"vendor": "mediawiki", "product": "mediawiki", "cpe": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*"}, {"vendor": "mediawiki", "product": "mediawiki", "cpe": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*"}, {"vendor": "mediawiki", "product": "mediawiki", "cpe": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*"}, {"vendor": "mediawiki", "product": "mediawiki", "cpe": "cpe:2.3:a:mediawiki:mediawiki:1.45.0:*:*:*:*:*:*:*"}], "references": [{"url": "https://phabricator.wikimedia.org/T401053", "source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc", "tags": ["Permissions Required"]}], "published": "2026-02-03T02:16:09.083", "last_modified": "2026-04-14T13:50:10.893", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00157, "epss_percentile": 0.365, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27735", "description": "Model Context Protocol Servers is a collection of reference implementations for the model context protocol (MCP). In mcp-server-git versions prior to 2026.1.14, the git_add tool did not validate that file paths provided in the files argument were within the repository boundaries. Because the tool used GitPython's repo.index.add() rather than the Git CLI, relative paths containing `../` sequences that resolve outside the repository were accepted and staged into the Git index. Users are advised to upgrade to 2026.1.14 or newer to remediate this issue.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-22"], "affected_products": [{"vendor": "lfprojects", "product": "model_context_protocol_servers", "cpe": "cpe:2.3:a:lfprojects:model_context_protocol_servers:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/modelcontextprotocol/servers/pull/3164", "source": "security-advisories@github.com", "tags": ["Issue Tracking", "Patch"]}, {"url": "https://github.com/modelcontextprotocol/servers/security/advisories/GHSA-vjqx-cfc4-9h6v", "source": "security-advisories@github.com", "tags": ["Patch", "Vendor Advisory"]}], "published": "2026-02-26T00:16:25.017", "last_modified": "2026-04-14T00:44:04.070", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00034, "epss_percentile": 0.09818, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1083", "name": "File and Directory Discovery", "tactic": "Discovery"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-3846", "description": "Same-origin policy bypass in the CSS Parsing and Computation component. This vulnerability was fixed in Firefox 148.0.2.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-346"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2018400", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-19/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-03-10T18:19:05.673", "last_modified": "2026-04-13T15:17:34.970", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00018, "epss_percentile": 0.04478, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-62843", "description": "An improper restriction of communication channel to intended endpoints vulnerability has been reported to affect QHora. If an attacker gains physical access, they can then exploit the vulnerability to gain the privileges that were intended for the original endpoint.\n\nWe have already fixed the vulnerability in the following version:\nQuRouter 2.6.3.009 and later", "cvss_score": 6.8, "cvss_vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-923"], "affected_products": [{"vendor": "qnap", "product": "qurouter", "cpe": "cpe:2.3:o:qnap:qurouter:2.6.0.239:build_20250625:*:*:*:*:*:*"}, {"vendor": "qnap", "product": "qurouter", "cpe": "cpe:2.3:o:qnap:qurouter:2.6.0.688:build_20250818:*:*:*:*:*:*"}, {"vendor": "qnap", "product": "qurouter", "cpe": "cpe:2.3:o:qnap:qurouter:2.6.1.028:build_20251001:*:*:*:*:*:*"}, {"vendor": "qnap", "product": "qurouter", "cpe": "cpe:2.3:o:qnap:qurouter:2.6.2.007:build_20251027:*:*:*:*:*:*"}], "references": [{"url": "https://www.qnap.com/en/security-advisory/qsa-26-12", "source": "security@qnapsecurity.com.tw", "tags": ["Vendor Advisory"]}], "published": "2026-03-20T17:16:42.180", "last_modified": "2026-04-14T14:19:26.883", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00023, "epss_percentile": 0.06249, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 20.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-62845", "description": "An improper neutralization of escape, meta, or control sequences vulnerability has been reported to affect QHora. If a local attacker gains an administrator account, they can then exploit the vulnerability to cause unexpected behavior.\n\nWe have already fixed the vulnerability in the following version:\nQuRouter 2.6.3.009 and later", "cvss_score": 6.7, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-150"], "affected_products": [{"vendor": "qnap", "product": "qurouter", "cpe": "cpe:2.3:o:qnap:qurouter:2.6.0.239:build_20250625:*:*:*:*:*:*"}, {"vendor": "qnap", "product": "qurouter", "cpe": "cpe:2.3:o:qnap:qurouter:2.6.0.688:build_20250818:*:*:*:*:*:*"}, {"vendor": "qnap", "product": "qurouter", "cpe": "cpe:2.3:o:qnap:qurouter:2.6.1.028:build_20251001:*:*:*:*:*:*"}, {"vendor": "qnap", "product": "qurouter", "cpe": "cpe:2.3:o:qnap:qurouter:2.6.2.007:build_20251027:*:*:*:*:*:*"}], "references": [{"url": "https://www.qnap.com/en/security-advisory/qsa-26-12", "source": "security@qnapsecurity.com.tw", "tags": ["Vendor Advisory"]}], "published": "2026-03-20T17:16:42.560", "last_modified": "2026-04-14T14:25:40.667", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00017, "epss_percentile": 0.04132, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 20.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-62846", "description": "An SQL injection vulnerability has been reported to affect QHora. If a local attacker gains an administrator account, they can then exploit the vulnerability to execute unauthorized code or commands.\n\nWe have already fixed the vulnerability in the following version:\nQuRouter 2.6.2.007 and later", "cvss_score": 6.7, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-89"], "affected_products": [{"vendor": "qnap", "product": "qurouter", "cpe": "cpe:2.3:o:qnap:qurouter:2.6.0.239:build_20250625:*:*:*:*:*:*"}, {"vendor": "qnap", "product": "qurouter", "cpe": "cpe:2.3:o:qnap:qurouter:2.6.0.688:build_20250818:*:*:*:*:*:*"}, {"vendor": "qnap", "product": "qurouter", "cpe": "cpe:2.3:o:qnap:qurouter:2.6.1.028:build_20251001:*:*:*:*:*:*"}], "references": [{"url": "https://www.qnap.com/en/security-advisory/qsa-26-12", "source": "security@qnapsecurity.com.tw", "tags": ["Vendor Advisory"]}], "published": "2026-03-20T17:16:43.110", "last_modified": "2026-04-14T14:18:06.637", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00022, "epss_percentile": 0.0578, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 20.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4728", "description": "Spoofing issue in the Privacy: Anti-Tracking component. This vulnerability was fixed in Firefox 149 and Thunderbird 149.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-290"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2013179", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-03-24T13:16:08.680", "last_modified": "2026-04-13T15:17:45.423", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0001, "epss_percentile": 0.01037, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-3889", "description": "Spoofing issue in Thunderbird. This vulnerability was fixed in Thunderbird 149 and Thunderbird 140.9.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-451"], "affected_products": [{"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2020723", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-03-24T21:16:29.330", "last_modified": "2026-04-13T15:17:35.317", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00027, "epss_percentile": 0.07421, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27663", "description": "A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.10), RTUM85 RTU Base (All versions < V26.10). The affected application contains denial-of-service (DoS) vulnerability. The remote operation mode is susceptible to a resource exhaustion condition when subjected to a high volume of requests. Sending multiple requests can exhaust resources, preventing parameterization and requiring a reset or reboot to restore functionality.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-770"], "affected_products": [], "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-246443.html", "source": "productcert@siemens.com", "tags": []}, {"url": "http://seclists.org/fulldisclosure/2026/Apr/6", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2026-03-26T15:16:34.147", "last_modified": "2026-04-14T19:16:34.127", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00019, "epss_percentile": 0.04806, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4400", "description": "Insecure Direct Object Reference (IDOR) vulnerability in 1millionbot Millie chat that allows private conversations of other users being viewed by simply changing the conversation ID. The vulnerability is present in the endpoint 'api.1millionbot.com/api/public/conversations/' and, if exploited, could allow a remote attacker to access other users private chatbot conversations, revealing sensitive or confidential data without requiring credentials or impersonating users. In order for the vulnerability to be exploited, the attacker must have the user's conversation ID.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-639"], "affected_products": [{"vendor": "1millionbot", "product": "millie_chat_bot", "cpe": "cpe:2.3:a:1millionbot:millie_chat_bot:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-1millionbot-millie-chatbot", "source": "cve-coordination@incibe.es", "tags": ["Third Party Advisory"]}], "published": "2026-03-31T11:16:14.470", "last_modified": "2026-04-13T13:01:09.037", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00054, "epss_percentile": 0.16707, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-24029", "description": "When the early_acl_drop (earlyACLDrop in Lua) option is disabled (default is enabled) on a DNS over HTTPs frontend using the nghttp2 provider, the ACL check is skipped, allowing all clients to send DoH queries regardless of the configured ACL.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-863"], "affected_products": [{"vendor": "powerdns", "product": "dnsdist", "cpe": "cpe:2.3:a:powerdns:dnsdist:*:*:*:*:*:*:*:*"}, {"vendor": "powerdns", "product": "dnsdist", "cpe": "cpe:2.3:a:powerdns:dnsdist:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html", "source": "security@open-xchange.com", "tags": ["Vendor Advisory"]}], "published": "2026-03-31T12:16:27.633", "last_modified": "2026-04-14T16:24:27.147", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 3e-05, "epss_percentile": 0.0009, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34586", "description": "PdfDing is a selfhosted PDF manager, viewer and editor offering a seamless user experience on multiple devices. Prior to version 1.7.1, check_shared_access_allowed() validates only session existence — it does not check SharedPdf.inactive (expiration / max views) or SharedPdf.deleted. The Serve and Download endpoints rely solely on this function, allowing previously-authorized users to access shared PDF content after expiration, view limit, or soft-deletion. This issue has been patched in version 1.7.1.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-863"], "affected_products": [{"vendor": "pdfding", "product": "pdfding", "cpe": "cpe:2.3:a:pdfding:pdfding:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/mrmn2/PdfDing/commit/a6783b259b25c839c52c6f2380333827a52e89eb", "source": "security-advisories@github.com", "tags": ["Patch"]}, {"url": "https://github.com/mrmn2/PdfDing/releases/tag/v1.7.1", "source": "security-advisories@github.com", "tags": ["Product", "Release Notes"]}, {"url": "https://github.com/mrmn2/PdfDing/security/advisories/GHSA-vfqx-2464-38wf", "source": "security-advisories@github.com", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}], "published": "2026-03-31T21:16:31.123", "last_modified": "2026-04-13T16:53:41.963", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00033, "epss_percentile": 0.09494, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34401", "description": "XML Notepad is a Windows program that provides a simple intuitive User Interface for browsing and editing XML documents. Prior to version 2.9.0.21, XML Notepad does not disable DTD processing by default which means external entities are resolved automatically. There is a well known attack related to malicious DTD files where an attacker to craft a malicious XML file that loads a DTD that causes XML Notepad to make outbound HTTP/SMB requests, potentially leaking local file contents or capturing the victim's NTLM credentials. This issue has been patched in version 2.9.0.21.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-611"], "affected_products": [{"vendor": "microsoft", "product": "xml_notepad", "cpe": "cpe:2.3:a:microsoft:xml_notepad:*:*:*:*:*:windows:*:*"}], "references": [{"url": "https://github.com/microsoft/XmlNotepad/commit/3665603d61ba10b7827a3724e854748cb780140c", "source": "security-advisories@github.com", "tags": ["Patch"]}, {"url": "https://github.com/microsoft/XmlNotepad/commit/c03ab2311ac6960452eb1ab49098768f851dcc53", "source": "security-advisories@github.com", "tags": ["Patch"]}, {"url": "https://github.com/microsoft/XmlNotepad/releases/tag/2.9.0.21", "source": "security-advisories@github.com", "tags": ["Product", "Release Notes"]}, {"url": "https://github.com/microsoft/XmlNotepad/security/advisories/GHSA-5j32-486h-42ch", "source": "security-advisories@github.com", "tags": ["Mitigation", "Vendor Advisory"]}, {"url": "https://github.com/microsoft/XmlNotepad/security/advisories/GHSA-5j32-486h-42ch", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Mitigation", "Vendor Advisory"]}], "published": "2026-03-31T22:16:18.490", "last_modified": "2026-04-13T15:19:47.710", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.003, "epss_percentile": 0.53368, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2394", "description": "Buffer Over-read vulnerability in RTI Connext Professional (Core Libraries) allows Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.3x before 5.2.*.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-126", "CWE-125"], "affected_products": [{"vendor": "rti", "product": "connext_professional", "cpe": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*"}, {"vendor": "rti", "product": "connext_professional", "cpe": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*"}, {"vendor": "rti", "product": "connext_professional", "cpe": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*"}, {"vendor": "rti", "product": "connext_professional", "cpe": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*"}, {"vendor": "rti", "product": "connext_professional", "cpe": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*"}, {"vendor": "rti", "product": "connext_professional", "cpe": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://www.rti.com/vulnerabilities/#cve-2026-2394", "source": "3f572a00-62e2-4423-959a-7ea25eff1638", "tags": ["Vendor Advisory"]}], "published": "2026-04-01T01:16:40.990", "last_modified": "2026-04-14T18:00:20.590", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00036, "epss_percentile": 0.10603, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34750", "description": "Payload is a free and open source headless content management system. Prior to version 3.78.0 in @payloadcms/storage-azure, @payloadcms/storage-gcs, @payloadcms/storage-r2, and @payloadcms/storage-s3, the client-upload signed-URL endpoints for S3, GCS, Azure, and R2 did not properly sanitize filenames. An attacker could craft filenames to escape the intended storage location. This issue has been patched in version 3.78.0 for @payloadcms/storage-azure, @payloadcms/storage-gcs, @payloadcms/storage-r2, and @payloadcms/storage-s3.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-22"], "affected_products": [{"vendor": "payloadcms", "product": "payload", "cpe": "cpe:2.3:a:payloadcms:payload:*:*:*:*:*:node.js:*:*"}], "references": [{"url": "https://github.com/payloadcms/payload/security/advisories/GHSA-frq9-7j6g-v74x", "source": "security-advisories@github.com", "tags": ["Vendor Advisory", "Mitigation"]}], "published": "2026-04-01T20:16:27.337", "last_modified": "2026-04-13T19:15:38.330", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00071, "epss_percentile": 0.2176, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1083", "name": "File and Directory Discovery", "tactic": "Discovery"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34591", "description": "Poetry is a dependency manager for Python. From version 1.4.0 to before version 2.3.3, a crafted wheel can contain ../ paths that Poetry writes to disk without containment checks, allowing arbitrary file write with the privileges of the Poetry process. It is reachable from untrusted package artifacts during normal install flows. (Normally, installing a malicious wheel is not sufficient for execution of malicious code. Malicious code will only be executed after installation if the malicious package is imported or invoked by the user.). This issue has been patched in version 2.3.3.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-22"], "affected_products": [{"vendor": "python-poetry", "product": "poetry", "cpe": "cpe:2.3:a:python-poetry:poetry:*:*:*:*:*:python:*:*"}], "references": [{"url": "http://github.com/python-poetry/poetry/commit/ed59537ac3709cfbdbf95d957de801c13872991a", "source": "security-advisories@github.com", "tags": ["Patch"]}, {"url": "https://github.com/python-poetry/poetry/pull/10792", "source": "security-advisories@github.com", "tags": ["Issue Tracking", "Patch"]}, {"url": "https://github.com/python-poetry/poetry/releases/tag/2.3.3", "source": "security-advisories@github.com", "tags": ["Product", "Release Notes"]}, {"url": "https://github.com/python-poetry/poetry/security/advisories/GHSA-2599-h6xx-hpxp", "source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"]}, {"url": "https://github.com/python-poetry/poetry/security/advisories/GHSA-2599-h6xx-hpxp", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"]}], "published": "2026-04-02T18:16:31.163", "last_modified": "2026-04-13T18:38:38.063", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00039, "epss_percentile": 0.11573, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1083", "name": "File and Directory Discovery", "tactic": "Discovery"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35559", "description": "Out-of-bounds write in the query processing components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to crash the driver by using specially crafted data that is processed by the driver during query operations.\n\nTo remediate this issue, users should upgrade to version 2.1.0.0.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-787"], "affected_products": [{"vendor": "amazon", "product": "athena_odbc", "cpe": "cpe:2.3:a:amazon:athena_odbc:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://aws.amazon.com/security/security-bulletins/2026-013-aws/", "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "tags": ["Vendor Advisory"]}, {"url": "https://docs.aws.amazon.com/athena/latest/ug/odbc-v2-driver-release-notes.html", "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "tags": ["Release Notes"]}, {"url": "https://downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Linux/AmazonAthenaODBC-2.1.0.0.rpm", "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "tags": ["Patch", "Product"]}, {"url": "https://downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Mac/Intel/AmazonAthenaODBC-2.1.0.0_x86.pkg", "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "tags": ["Patch", "Product"]}, {"url": "https://downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Mac/arm/AmazonAthenaODBC-2.1.0.0_arm.pkg", "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "tags": ["Patch", "Product"]}, {"url": "https://downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Windows/AmazonAthenaODBC-2.1.0.0.msi", "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "tags": ["Patch", "Product"]}], "published": "2026-04-03T21:17:11.900", "last_modified": "2026-04-14T16:14:00.203", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00058, "epss_percentile": 0.17968, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34228", "description": "Emlog is an open source website building system. Prior to version 2.6.8, the backend upgrade interface accepts remote SQL and ZIP URLs via GET parameters. The server first downloads and executes the SQL file, then downloads the ZIP file and extracts it directly into the web root directory. This process does not validate a CSRF token. Therefore, an attacker only needs to trick an authenticated administrator into visiting a malicious link to achieve arbitrary SQL execution and arbitrary file write. This issue has been patched in version 2.6.8.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-352"], "affected_products": [{"vendor": "emlog", "product": "emlog", "cpe": "cpe:2.3:a:emlog:emlog:*:*:*:*:pro:*:*:*"}], "references": [{"url": "https://github.com/emlog/emlog/commit/4c3b8f3486e2c9caafee38a5eedb3cd16f8c8d6f", "source": "security-advisories@github.com", "tags": ["Patch"]}, {"url": "https://github.com/emlog/emlog/security/advisories/GHSA-2rcc-jg83-34vp", "source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"]}], "published": "2026-04-03T23:17:04.100", "last_modified": "2026-04-13T17:38:32.883", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00019, "epss_percentile": 0.04992, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34787", "description": "Emlog is an open source website building system. In versions 2.6.2 and prior, a Local File Inclusion (LFI) vulnerability exists in admin/plugin.php at line 80. The $plugin parameter from the GET request is directly used in a require_once path without proper sanitization. If the CSRF token check can be bypassed (see potential bypass conditions), an attacker can include arbitrary PHP files from the server filesystem, leading to code execution. At time of publication, there are no publicly available patches.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-98"], "affected_products": [{"vendor": "emlog", "product": "emlog", "cpe": "cpe:2.3:a:emlog:emlog:*:*:*:*:pro:*:*:*"}], "references": [{"url": "https://github.com/emlog/emlog/security/advisories/GHSA-7mvq-qj5x-5phm", "source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"]}], "published": "2026-04-03T23:17:04.757", "last_modified": "2026-04-13T17:32:52.333", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0006, "epss_percentile": 0.18732, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34788", "description": "Emlog is an open source website building system. In versions 2.6.2 and prior, a SQL injection vulnerability exists in include/model/tag_model.php at line 168. The updateTagName() function directly interpolates user input into the SQL query string without using parameterized queries or proper escaping ($this->db->escape_string()), making it vulnerable to SQL injection attacks. At time of publication, there are no publicly available patches.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-89"], "affected_products": [{"vendor": "emlog", "product": "emlog", "cpe": "cpe:2.3:a:emlog:emlog:*:*:*:*:pro:*:*:*"}], "references": [{"url": "https://github.com/emlog/emlog/security/advisories/GHSA-32mg-33qq-p3gf", "source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"]}], "published": "2026-04-03T23:17:05.063", "last_modified": "2026-04-13T17:29:51.857", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00028, "epss_percentile": 0.07824, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34779", "description": "Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8, on macOS, app.moveToApplicationsFolder() used an AppleScript fallback path that did not properly handle certain characters in the application bundle path. Under specific conditions, a crafted launch path could lead to arbitrary AppleScript execution when the user accepted the move-to-Applications prompt. Apps are only affected if they call app.moveToApplicationsFolder(). Apps that do not use this API are not affected. This issue has been patched in versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-78"], "affected_products": [{"vendor": "electronjs", "product": "electron", "cpe": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:node.js:*:*"}, {"vendor": "electronjs", "product": "electron", "cpe": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:node.js:*:*"}, {"vendor": "electronjs", "product": "electron", "cpe": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:node.js:*:*"}, {"vendor": "electronjs", "product": "electron", "cpe": "cpe:2.3:a:electronjs:electron:41.0.0:alpha1:*:*:*:node.js:*:*"}, {"vendor": "electronjs", "product": "electron", "cpe": "cpe:2.3:a:electronjs:electron:41.0.0:alpha2:*:*:*:node.js:*:*"}, {"vendor": "electronjs", "product": "electron", "cpe": "cpe:2.3:a:electronjs:electron:41.0.0:alpha3:*:*:*:node.js:*:*"}, {"vendor": "electronjs", "product": "electron", "cpe": "cpe:2.3:a:electronjs:electron:41.0.0:alpha4:*:*:*:node.js:*:*"}, {"vendor": "electronjs", "product": "electron", "cpe": "cpe:2.3:a:electronjs:electron:41.0.0:alpha5:*:*:*:node.js:*:*"}, {"vendor": "electronjs", "product": "electron", "cpe": "cpe:2.3:a:electronjs:electron:41.0.0:alpha6:*:*:*:node.js:*:*"}, {"vendor": "electronjs", "product": "electron", "cpe": "cpe:2.3:a:electronjs:electron:41.0.0:beta1:*:*:*:node.js:*:*"}, {"vendor": "electronjs", "product": "electron", "cpe": "cpe:2.3:a:electronjs:electron:41.0.0:beta2:*:*:*:node.js:*:*"}, {"vendor": "electronjs", "product": "electron", "cpe": "cpe:2.3:a:electronjs:electron:41.0.0:beta3:*:*:*:node.js:*:*"}, {"vendor": "electronjs", "product": "electron", "cpe": "cpe:2.3:a:electronjs:electron:41.0.0:beta4:*:*:*:node.js:*:*"}, {"vendor": "electronjs", "product": "electron", "cpe": "cpe:2.3:a:electronjs:electron:41.0.0:beta5:*:*:*:node.js:*:*"}, {"vendor": "electronjs", "product": "electron", "cpe": "cpe:2.3:a:electronjs:electron:41.0.0:beta6:*:*:*:node.js:*:*"}, {"vendor": "electronjs", "product": "electron", "cpe": "cpe:2.3:a:electronjs:electron:41.0.0:beta7:*:*:*:node.js:*:*"}], "references": [{"url": "https://github.com/electron/electron/security/advisories/GHSA-5rqw-r77c-jp79", "source": "security-advisories@github.com", "tags": ["Vendor Advisory"]}], "published": "2026-04-04T00:16:19.213", "last_modified": "2026-04-14T18:55:03.110", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00026, "epss_percentile": 0.07034, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35173", "description": "Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, an IDOR / Mass Assignment issue exists in the Post model that allows authenticated users with post editing permissions (Edit Post, Edit Draft, Edit Own Post, Edit Own Draft) to modify posts they do not own and do not have permission to edit. By passing internal class properties such as id into the post_attributes payload, an attacker can alter the object being instantiated. As a result, further actions are performed on another user’s post rather than the attacker’s own post, effectively enabling post takeover. This vulnerability is fixed in 2026.01.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-639", "CWE-914"], "affected_products": [{"vendor": "chyrplite", "product": "chyrp_lite", "cpe": "cpe:2.3:a:chyrplite:chyrp_lite:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/xenocrat/chyrp-lite/security/advisories/GHSA-8c3h-rh2j-fxr9", "source": "security-advisories@github.com", "tags": ["Vendor Advisory"]}], "published": "2026-04-06T18:16:43.523", "last_modified": "2026-04-14T15:36:44.207", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00025, "epss_percentile": 0.06999, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-1900", "description": "The Link Whisper Free WordPress plugin before 0.9.1 has a publicly accessible REST endpoint that allows unauthenticated settings updates.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-306"], "affected_products": [{"vendor": "linkwhisper", "product": "link_whisper", "cpe": "cpe:2.3:a:linkwhisper:link_whisper:*:*:*:*:free:wordpress:*:*"}], "references": [{"url": "https://wpscan.com/vulnerability/dc10b627-7981-4c53-bc9d-e87418f3fcfc/", "source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"]}], "published": "2026-04-07T07:16:23.803", "last_modified": "2026-04-13T19:52:53.183", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00033, "epss_percentile": 0.09482, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33033", "description": "An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30.\n`MultiPartParser` allows remote attackers to degrade performance by submitting multipart uploads with `Content-Transfer-Encoding: base64` including excessive whitespace.\nEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\nDjango would like to thank Seokchan Yoon for reporting this issue.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-407"], "affected_products": [{"vendor": "djangoproject", "product": "django", "cpe": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*"}, {"vendor": "djangoproject", "product": "django", "cpe": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*"}, {"vendor": "djangoproject", "product": "django", "cpe": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://docs.djangoproject.com/en/dev/releases/security/", "source": "6a34fbeb-21d4-45e7-8e0a-62b95bc12c92", "tags": ["Patch", "Vendor Advisory"]}, {"url": "https://groups.google.com/g/django-announce", "source": "6a34fbeb-21d4-45e7-8e0a-62b95bc12c92", "tags": ["Release Notes"]}, {"url": "https://www.djangoproject.com/weblog/2026/apr/07/security-releases/", "source": "6a34fbeb-21d4-45e7-8e0a-62b95bc12c92", "tags": ["Patch", "Vendor Advisory"]}], "published": "2026-04-07T15:17:39.220", "last_modified": "2026-04-13T17:39:05.543", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00133, "epss_percentile": 0.32846, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39482", "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PublishPress Post Expirator post-expirator allows DOM-Based XSS.This issue affects Post Expirator: from n/a through <= 4.9.4.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/post-expirator/vulnerability/wordpress-post-expirator-plugin-4-9-4-cross-site-scripting-xss-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:22.830", "last_modified": "2026-04-13T20:16:35.097", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00034, "epss_percentile": 0.09683, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39483", "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hidekazu Ishikawa VK All in One Expansion Unit vk-all-in-one-expansion-unit allows Stored XSS.This issue affects VK All in One Expansion Unit: from n/a through <= 9.113.3.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/vk-all-in-one-expansion-unit/vulnerability/wordpress-vk-all-in-one-expansion-unit-plugin-9-113-3-cross-site-scripting-xss-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:22.970", "last_modified": "2026-04-13T17:16:30.077", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00034, "epss_percentile": 0.09683, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39500", "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themesflat themesflat-addons-for-elementor themesflat-addons-for-elementor allows Stored XSS.This issue affects themesflat-addons-for-elementor: from n/a through <= 2.3.2.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/themesflat-addons-for-elementor/vulnerability/wordpress-themesflat-addons-for-elementor-plugin-2-3-2-cross-site-scripting-xss-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:24.230", "last_modified": "2026-04-13T20:16:36.007", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00034, "epss_percentile": 0.09683, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39632", "description": "Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Blog grandblog allows Cross Site Request Forgery.This issue affects Grand Blog: from n/a through <= 3.1.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-352"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Theme/grandblog/vulnerability/wordpress-grand-blog-theme-3-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:33.750", "last_modified": "2026-04-14T15:16:36.430", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00011, "epss_percentile": 0.01302, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39636", "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in livemesh Livemesh Addons for Elementor addons-for-elementor allows Stored XSS.This issue affects Livemesh Addons for Elementor: from n/a through <= 9.0.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/addons-for-elementor/vulnerability/wordpress-livemesh-addons-for-elementor-plugin-9-0-cross-site-scripting-xss-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:34.270", "last_modified": "2026-04-13T20:16:38.627", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00034, "epss_percentile": 0.09683, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39665", "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vladimir Prelovac SEO Friendly Images seo-image allows DOM-Based XSS.This issue affects SEO Friendly Images: from n/a through <= 3.0.5.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/seo-image/vulnerability/wordpress-seo-friendly-images-plugin-3-0-5-cross-site-scripting-xss-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:37.743", "last_modified": "2026-04-13T20:16:39.703", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00034, "epss_percentile": 0.09683, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39703", "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpbits WPBITS Addons For Elementor Page Builder wpbits-addons-for-elementor allows Stored XSS.This issue affects WPBITS Addons For Elementor Page Builder: from n/a through <= 1.8.1.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/wpbits-addons-for-elementor/vulnerability/wordpress-wpbits-addons-for-elementor-page-builder-plugin-1-8-1-cross-site-scripting-xss-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:42.950", "last_modified": "2026-04-13T20:16:42.443", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00034, "epss_percentile": 0.09683, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27102", "description": "Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.6 and versions 9.11.0.0 through 9.13.0.1, contains an incorrect privilege assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges.", "cvss_score": 6.6, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-266"], "affected_products": [{"vendor": "dell", "product": "powerscale_onefs", "cpe": "cpe:2.3:o:dell:powerscale_onefs:*:*:*:*:*:*:*:*"}, {"vendor": "dell", "product": "powerscale_onefs", "cpe": "cpe:2.3:o:dell:powerscale_onefs:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000449337/dsa-2026-125-security-update-for-dell-powerscale-onefs-multiple-vulnerabilities", "source": "security_alert@emc.com", "tags": ["Vendor Advisory"]}], "published": "2026-04-08T13:16:41.370", "last_modified": "2026-04-13T11:38:11.023", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00013, "epss_percentile": 0.01969, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.8, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33459", "description": "Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of service via Excessive Allocation (CAPEC-130). An authenticated user with access to the automatic import feature can submit specially crafted requests with excessively large input values. When multiple such requests are sent concurrently, the backend services become unstable, resulting in service disruption and deployment unavailability for all users.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-400"], "affected_products": [{"vendor": "elastic", "product": "kibana", "cpe": "cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*"}, {"vendor": "elastic", "product": "kibana", "cpe": "cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*"}, {"vendor": "elastic", "product": "kibana", "cpe": "cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://discuss.elastic.co/t/kibana-8-19-14-9-2-8-9-3-3-security-update-esa-2026-26/385814", "source": "security@elastic.co", "tags": ["Vendor Advisory"]}], "published": "2026-04-08T18:26:00.407", "last_modified": "2026-04-13T18:21:25.010", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00046, "epss_percentile": 0.13858, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-30650", "description": "A Missing Authentication for Critical Function vulnerability in command processing of Juniper Networks Junos OS allows a privileged local attacker to gain access to Linux-based line cards as root.\n\nThis issue affects systems running Junos OS using Linux-based line cards. Affected line cards include:\n  *  MPC7, MPC8, MPC9, MPC10, MPC11\n  *  LC2101, LC2103\n  *  LC480, LC4800, LC9600\n  *  MX304 (built-in FPC)\n  *  MX-SPC3\n  *  SRX5K-SPC3\n  *  EX9200-40XS\n\n\n  *  FPC3-PTX-U2, FPC3-PTX-U3\n  *  FPC3-SFF-PTX\n  *  LC1101, LC1102, LC1104, LC1105\n\n\n\n\n\nThis issue affects Junos OS: \n\n\n\n  *  all versions before 22.4R3-S8, \n  *  from 23.2 before 23.2R2-S6, \n  *  from 23.4 before 23.4R2-S6, \n  *  from 24.2 before 24.2R2-S3, \n  *  from 24.4 before 24.4R2,\n  *  from 25.2 before 25.2R2.", "cvss_score": 6.7, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-306"], "affected_products": [], "references": [{"url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-fwhc-gh5m-v8fq", "source": "sirt@juniper.net", "tags": []}, {"url": "https://kb.juniper.net/JSA107863", "source": "sirt@juniper.net", "tags": []}], "published": "2026-04-08T19:24:00.440", "last_modified": "2026-04-13T22:16:26.640", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00022, "epss_percentile": 0.05737, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 20.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40037", "description": "OpenClaw before 2026.3.31 (patched in 2026.4.8) contains a request body replay vulnerability in fetchWithSsrFGuard that allows unsafe request bodies to be resent across cross-origin redirects. Attackers can exploit this by triggering redirects to exfiltrate sensitive request data or headers to unintended origins.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-601"], "affected_products": [{"vendor": "openclaw", "product": "openclaw", "cpe": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*"}], "references": [{"url": "https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5", "source": "disclosure@vulncheck.com", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-qx8j-g322-qj6m", "source": "disclosure@vulncheck.com", "tags": ["Vendor Advisory"]}, {"url": "https://www.vulncheck.com/advisories/openclaw-unsafe-request-body-replay-via-fetchwithssrfguard-cross-origin-redirects", "source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"]}], "published": "2026-04-08T22:16:24.370", "last_modified": "2026-04-13T20:27:30.960", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00034, "epss_percentile": 0.09966, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5876", "description": "Side-channel information leakage in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-1300", "CWE-1300"], "affected_products": [{"vendor": "google", "product": "chrome", "cpe": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html", "source": "chrome-cve-admin@google.com", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://issues.chromium.org/issues/41485206", "source": "chrome-cve-admin@google.com", "tags": ["Permissions Required"]}], "published": "2026-04-08T22:16:27.210", "last_modified": "2026-04-13T17:40:36.747", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00035, "epss_percentile": 0.10277, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5881", "description": "Policy bypass in LocalNetworkAccess in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-284"], "affected_products": [{"vendor": "google", "product": "chrome", "cpe": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html", "source": "chrome-cve-admin@google.com", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://issues.chromium.org/issues/454162508", "source": "chrome-cve-admin@google.com", "tags": ["Permissions Required"]}], "published": "2026-04-08T22:16:27.753", "last_modified": "2026-04-14T20:01:36.043", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00021, "epss_percentile": 0.05717, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5885", "description": "Insufficient validation of untrusted input in WebML in Google Chrome on Windows prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-20", "CWE-20"], "affected_products": [{"vendor": "google", "product": "chrome", "cpe": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html", "source": "chrome-cve-admin@google.com", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://issues.chromium.org/issues/485203823", "source": "chrome-cve-admin@google.com", "tags": ["Issue Tracking", "Permissions Required"]}], "published": "2026-04-08T22:16:28.167", "last_modified": "2026-04-13T21:17:41.877", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00044, "epss_percentile": 0.13218, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5888", "description": "Uninitialized Use in WebCodecs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-457", "CWE-457"], "affected_products": [{"vendor": "google", "product": "chrome", "cpe": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html", "source": "chrome-cve-admin@google.com", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://issues.chromium.org/issues/486506202", "source": "chrome-cve-admin@google.com", "tags": ["Issue Tracking", "Permissions Required"]}], "published": "2026-04-08T22:16:28.667", "last_modified": "2026-04-13T21:17:24.590", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00031, "epss_percentile": 0.08644, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5892", "description": "Insufficient policy enforcement in PWAs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to install a PWA without user consent via a crafted HTML page. (Chromium security severity: Medium)", "cvss_score": 6.6, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-1268"], "affected_products": [{"vendor": "google", "product": "chrome", "cpe": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html", "source": "chrome-cve-admin@google.com", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://issues.chromium.org/issues/487568011", "source": "chrome-cve-admin@google.com", "tags": ["Issue Tracking", "Permissions Required"]}], "published": "2026-04-08T22:16:29.083", "last_modified": "2026-04-14T17:06:16.100", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00046, "epss_percentile": 0.1397, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.8, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5893", "description": "Race in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)", "cvss_score": 6.8, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-362"], "affected_products": [{"vendor": "google", "product": "chrome", "cpe": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html", "source": "chrome-cve-admin@google.com", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://issues.chromium.org/issues/487768771", "source": "chrome-cve-admin@google.com", "tags": ["Issue Tracking", "Permissions Required"]}], "published": "2026-04-08T22:16:29.180", "last_modified": "2026-04-13T21:17:51.610", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0003, "epss_percentile": 0.08347, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 20.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5901", "description": "Insufficient policy enforcement in DevTools in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to bypass enterprise host restrictions for cookie modification via a crafted Chrome Extension. (Chromium security severity: Low)", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-602"], "affected_products": [{"vendor": "google", "product": "chrome", "cpe": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html", "source": "chrome-cve-admin@google.com", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://issues.chromium.org/issues/479673903", "source": "chrome-cve-admin@google.com", "tags": ["Issue Tracking", "Permissions Required"]}], "published": "2026-04-08T22:16:29.983", "last_modified": "2026-04-13T21:14:24.103", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00021, "epss_percentile": 0.0549, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5903", "description": "Policy bypass in IFrameSandbox in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-693"], "affected_products": [{"vendor": "google", "product": "chrome", "cpe": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html", "source": "chrome-cve-admin@google.com", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://issues.chromium.org/issues/483771899", "source": "chrome-cve-admin@google.com", "tags": ["Issue Tracking", "Permissions Required"]}], "published": "2026-04-08T22:16:30.197", "last_modified": "2026-04-13T21:14:01.307", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00031, "epss_percentile": 0.08871, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5905", "description": "Incorrect security UI in Permissions in Google Chrome on Windows prior to 147.0.7727.55 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-451"], "affected_products": [{"vendor": "google", "product": "chrome", "cpe": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html", "source": "chrome-cve-admin@google.com", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://issues.chromium.org/issues/483899628", "source": "chrome-cve-admin@google.com", "tags": ["Permissions Required"]}], "published": "2026-04-08T22:16:30.397", "last_modified": "2026-04-14T14:51:30.833", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00018, "epss_percentile": 0.04648, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5919", "description": "Insufficient validation of untrusted input in WebSockets in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-20", "CWE-20"], "affected_products": [{"vendor": "google", "product": "chrome", "cpe": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html", "source": "chrome-cve-admin@google.com", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://issues.chromium.org/issues/483423893", "source": "chrome-cve-admin@google.com", "tags": ["Permissions Required"]}], "published": "2026-04-08T22:16:31.667", "last_modified": "2026-04-13T18:19:56.910", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00037, "epss_percentile": 0.11075, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-1101", "description": "GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to cause denial of service to the GitLab instance due to improper input validation in GraphQL queries.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-1284"], "affected_products": [{"vendor": "gitlab", "product": "gitlab", "cpe": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*"}, {"vendor": "gitlab", "product": "gitlab", "cpe": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*"}, {"vendor": "gitlab", "product": "gitlab", "cpe": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*"}], "references": [{"url": "https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/", "source": "cve@gitlab.com", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/586488", "source": "cve@gitlab.com", "tags": ["Broken Link"]}, {"url": "https://hackerone.com/reports/3460228", "source": "cve@gitlab.com", "tags": ["Permissions Required"]}], "published": "2026-04-08T23:16:57.667", "last_modified": "2026-04-14T14:05:39.397", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0002, "epss_percentile": 0.05412, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34538", "description": "Apache Airflow versions 3.0.0 through 3.1.8 DagRun wait endpoint returns XCom result values even to users who only have DAG Run read permissions, such as the Viewer role.This behavior conflicts with the FAB RBAC model, which treats XCom as a separate protected resource, and with the security model documentation that defines the Viewer role as read-only.\n\nAirflow uses the FAB Auth Manager to manage access control on a per-resource basis. The Viewer role is intended to be read-only by default, and the security model documentation defines Viewer users as those who can inspect DAGs without accessing sensitive execution results.\n\nUsers are recommended to upgrade to Apache Airflow 3.2.0 which resolves this issue.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-668"], "affected_products": [], "references": [{"url": "https://github.com/apache/airflow/pull/64415", "source": "security@apache.org", "tags": []}, {"url": "https://lists.apache.org/thread/9mq3msqhmgjwdzbr6bgthj4brb3oz9fl", "source": "security@apache.org", "tags": []}, {"url": "http://www.openwall.com/lists/oss-security/2026/04/09/9", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2026-04-09T10:16:22.407", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00037, "epss_percentile": 0.10805, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5959", "description": "A security flaw has been discovered in GL.iNet GL-RM1, GL-RM10, GL-RM10RC and GL-RM1PE 1.8.1. Affected by this issue is some unknown functionality of the component Factory Reset Handler. Performing a manipulation results in improper authentication. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 1.8.2 can resolve this issue. It is advisable to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.", "cvss_score": 6.6, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-287"], "affected_products": [], "references": [{"url": "https://dl.gl-inet.com/kvm/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/gl-inet/CVE-issues/blob/main/KVM/1.8.1/Remote%20Access%20Authentication%20Bypass%20After%20Factory%20Reset.md", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/786688", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356512", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356512/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-09T15:16:17.760", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00116, "epss_percentile": 0.30247, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1078", "name": "Valid Accounts", "tactic": "Initial Access"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.8, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4878", "description": "A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.", "cvss_score": 6.7, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-367"], "affected_products": [], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-4878", "source": "secalert@redhat.com", "tags": []}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447554", "source": "secalert@redhat.com", "tags": []}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451615", "source": "secalert@redhat.com", "tags": []}, {"url": "http://www.openwall.com/lists/oss-security/2026/04/07/14", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "http://www.openwall.com/lists/oss-security/2026/04/07/4", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "http://www.openwall.com/lists/oss-security/2026/04/08/9", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "http://www.openwall.com/lists/oss-security/2026/04/09/5", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "http://www.openwall.com/lists/oss-security/2026/04/09/6", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2026-04-09T16:16:31.987", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00011, "epss_percentile": 0.01284, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 20.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39943", "description": "Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus stores revision records (in directus_revisions) whenever items are created or updated. Due to the revision snapshot code not consistently calling the prepareDelta sanitization pipeline, sensitive fields (including user tokens, two-factor authentication secrets, external auth identifiers, auth data, stored credentials, and AI provider API keys) could be stored in plaintext within revision records. This vulnerability is fixed in 11.17.0.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-200", "CWE-312"], "affected_products": [{"vendor": "monospace", "product": "directus", "cpe": "cpe:2.3:a:monospace:directus:*:*:*:*:*:node.js:*:*"}], "references": [{"url": "https://github.com/directus/directus/releases/tag/v11.17.0", "source": "security-advisories@github.com", "tags": ["Product", "Release Notes"]}, {"url": "https://github.com/directus/directus/security/advisories/GHSA-mvv8-v4jj-g47j", "source": "security-advisories@github.com", "tags": ["Vendor Advisory"]}], "published": "2026-04-09T17:16:29.960", "last_modified": "2026-04-14T17:34:15.280", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00043, "epss_percentile": 0.13046, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1005", "name": "Data from Local System", "tactic": "Collection"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39961", "description": "Aiven Operator allows you to provision and manage Aiven Services from your Kubernetes cluster. From 0.31.0 to before 0.37.0, a developer with create permission on ClickhouseUser CRDs in their own namespace can exfiltrate secrets from any other namespace — production database credentials, API keys, service tokens — with a single kubectl apply. The operator reads the victim's secret using its ClusterRole and writes the password into a new secret in the attacker's namespace. The operator acts as a confused deputy: its ServiceAccount has cluster-wide secret read/write (aiven-operator-role ClusterRole), and it trusts user-supplied namespace values in spec.connInfoSecretSource.namespace without validation. No admission webhook enforces this boundary — the ServiceUser webhook returns nil, and no ClickhouseUser webhook exists. This vulnerability is fixed in 0.37.0.", "cvss_score": 6.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-269", "CWE-441"], "affected_products": [], "references": [{"url": "https://github.com/aiven/aiven-operator/commit/032c9ba63257fdd2fddfb7f73f71830e371ff182", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/aiven/aiven-operator/releases/tag/v0.37.0", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/aiven/aiven-operator/security/advisories/GHSA-99j8-wv67-4c72", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-09T18:17:02.053", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00025, "epss_percentile": 0.06665, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 20.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34500", "description": "CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M14 through 11.0.20, from 10.1.22 through 10.1.53, from 9.0.92 through 9.0.116.\n\nUsers are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fixes the issue.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-287"], "affected_products": [{"vendor": "apache", "product": "tomcat", "cpe": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*"}, {"vendor": "apache", "product": "tomcat", "cpe": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*"}, {"vendor": "apache", "product": "tomcat", "cpe": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*"}, {"vendor": "apache", "product": "tomcat", "cpe": "cpe:2.3:a:apache:tomcat:11.0.0:milestone14:*:*:*:*:*:*"}, {"vendor": "apache", "product": "tomcat", "cpe": "cpe:2.3:a:apache:tomcat:11.0.0:milestone15:*:*:*:*:*:*"}, {"vendor": "apache", "product": "tomcat", "cpe": "cpe:2.3:a:apache:tomcat:11.0.0:milestone16:*:*:*:*:*:*"}, {"vendor": "apache", "product": "tomcat", "cpe": "cpe:2.3:a:apache:tomcat:11.0.0:milestone17:*:*:*:*:*:*"}, {"vendor": "apache", "product": "tomcat", "cpe": "cpe:2.3:a:apache:tomcat:11.0.0:milestone18:*:*:*:*:*:*"}, {"vendor": "apache", "product": "tomcat", "cpe": "cpe:2.3:a:apache:tomcat:11.0.0:milestone19:*:*:*:*:*:*"}, {"vendor": "apache", "product": "tomcat", "cpe": "cpe:2.3:a:apache:tomcat:11.0.0:milestone20:*:*:*:*:*:*"}, {"vendor": "apache", "product": "tomcat", "cpe": "cpe:2.3:a:apache:tomcat:11.0.0:milestone21:*:*:*:*:*:*"}, {"vendor": "apache", "product": "tomcat", "cpe": "cpe:2.3:a:apache:tomcat:11.0.0:milestone22:*:*:*:*:*:*"}, {"vendor": "apache", "product": "tomcat", "cpe": "cpe:2.3:a:apache:tomcat:11.0.0:milestone23:*:*:*:*:*:*"}, {"vendor": "apache", "product": "tomcat", "cpe": "cpe:2.3:a:apache:tomcat:11.0.0:milestone24:*:*:*:*:*:*"}, {"vendor": "apache", "product": "tomcat", "cpe": "cpe:2.3:a:apache:tomcat:11.0.0:milestone25:*:*:*:*:*:*"}, {"vendor": "apache", "product": "tomcat", "cpe": "cpe:2.3:a:apache:tomcat:11.0.0:milestone26:*:*:*:*:*:*"}], "references": [{"url": "https://lists.apache.org/thread/7rcl4zdxryc8hy3htyfyxkbqpxjtfdl2", "source": "security@apache.org", "tags": ["Vendor Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2026/04/09/29", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}], "published": "2026-04-09T20:16:25.330", "last_modified": "2026-04-14T12:43:28.680", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0005, "epss_percentile": 0.15446, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1078", "name": "Valid Accounts", "tactic": "Initial Access"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35577", "description": "Apollo MCP Server is a Model Context Protocol server that exposes GraphQL operations as MCP tools. Prior to version 1.7.0, the Apollo MCP Server did not validate the Host header on incoming HTTP requests when using StreamableHTTP transport. In configurations where an HTTP-based MCP server is run on localhost without additional authentication or network-level controls, this could potentially allow a malicious website—visited by a user running the server locally—to use DNS rebinding techniques to bypass same-origin policy restrictions and issue requests to the local MCP server. If successfully exploited, this could allow an attacker to invoke tools or access resources exposed by the MCP server on behalf of the local user. This issue is limited to HTTP-based transport modes (StreamableHTTP). It does not affect servers using stdio transport. The practical risk is further reduced in deployments that use authentication, network-level access controls, or are not bound to localhost. This vulnerability is fixed in 1.7.0.", "cvss_score": 6.8, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-346"], "affected_products": [], "references": [{"url": "https://github.com/apollographql/apollo-mcp-server/pull/602", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/apollographql/apollo-mcp-server/pull/635", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/apollographql/apollo-mcp-server/security/advisories/GHSA-wqrj-vp8w-f8vh", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-09T20:16:25.987", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00017, "epss_percentile": 0.04093, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 20.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-59969", "description": "A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the advanced forwarding toolkit (evo-aftmand/evo-pfemand) of Juniper Networks Junos OS Evolved on PTX Series or QFX5000 Series allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).An attacker sending crafted multicast packets will cause line cards running evo-aftmand/evo-pfemand to crash and restart or non-line card devices to crash and restart. Continued receipt and processing of these packets will sustain the Denial of Service (DoS) condition.\n\nThis issue affects Junos OS Evolved PTX Series:\n\n\n\n  *  All versions before 22.4R3-S8-EVO,\n  *  from 23.2 before 23.2R2-S5-EVO,\n  *  from 23.4 before 23.4R2-EVO,\n  *  from 24.2 before 24.2R2-EVO,\n  *  from 24.4 before 24.4R2-EVO.\n\n\n\n\nThis issue affects Junos OS Evolved on QFX5000 Series:\n\n\n\n  *  22.2-EVO version before 22.2R3-S7-EVO,\n  *  22.4-EVO version before 22.4R3-S7-EVO,\n  *  23.2-EVO versions before 23.2R2-S4-EVO,\n  *  23.4-EVO versions before 23.4R2-S5-EVO, \n  *  24.2-EVO versions before 24.2R2-S1-EVO,\n  *  24.4-EVO versions before 24.4R1-S3-EVO, 24.4R2-EVO.\n\n\nThis issue does not affect Junos OS Evolved on QFX5000 Series versions before: 21.2R2-S1-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, and 22.1R1-EVO.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-120"], "affected_products": [], "references": [{"url": "https://kb.juniper.net/JSA103159", "source": "sirt@juniper.net", "tags": []}], "published": "2026-04-09T22:16:24.100", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00015, "epss_percentile": 0.03285, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-21915", "description": "A Permissive List of Allowed Input vulnerability in the CLI of Juniper Networks Support Insights (JSI) Virtual Lightweight Collector (vLWC) allows a local, high privileged attacker to escalate their privileges to root.\n\nThe CLI menu accepts input without carefully validating it, which allows for shell command injection. These shell commands are executed with root permissions and can be used to gain complete control of the system.\n\nThis issue affects all JSI vLWC versions before 3.0.94.", "cvss_score": 6.7, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-183"], "affected_products": [], "references": [{"url": "https://kb.juniper.net/JSA106016", "source": "sirt@juniper.net", "tags": []}], "published": "2026-04-09T22:16:24.747", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00033, "epss_percentile": 0.09509, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 20.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-21919", "description": "An Incorrect Synchronization vulnerability in the management daemon (mgd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based attacker with low privileges to cause a complete Denial-of-Service (DoS) of the management plane.\n\nWhen NETCONF sessions are quickly established and disconnected, a locking issue causes mgd processes to hang in an unusable state. When the maximum number of mgd processes has been reached, no new logins are possible. This leads to the inability to manage the device and requires a power-cycle to recover.\n\nThis issue can be monitored by checking for mgd processes in lockf state in the output of 'show system processes extensive':\n\nuser@host> show system processes extensive | match mgd\n<pid> root         20    0   501M  4640K lockf    1   0:01   0.00% mgd\n\n\nIf the system still can be accessed (either via the CLI or as root, which might still be possible as last resort as this won't invoke mgd), mgd processes in this state can be killed with 'request system process terminate <PID>' from the CLI or with 'kill -9 <PID>' from the shell. \n\n\n\n\nThis issue affects:\n\nJunos OS:\n\n  *  23.4 versions before 23.4R2-S4,\n  *  24.2 versions before 24.2R2-S1,\n  *  24.4 versions before 24.4R1-S3, 24.4R2;\n\n\n\n\nThis issue does not affect Junos OS versions before 23.4R1;\n\n\n\nJunos OS Evolved:\n\n  *  23.4 versions before 23.4R2-S5-EVO,\n  *  24.2 versions before 24.2R2-S1-EVO,\n  *  24.4 versions before 24.4R1-S3-EVO, 24.4R2-EVO.\n\n\n\n\n\n\nThis issue does not affect Junos OS Evolved versions before 23.4R1-EVO;", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-821"], "affected_products": [], "references": [{"url": "https://kb.juniper.net/JSA106019", "source": "sirt@juniper.net", "tags": []}], "published": "2026-04-09T22:16:25.173", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00036, "epss_percentile": 0.10474, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33774", "description": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to bypass the configured firewall filter and access the control-plane of the device.\n\nOn MX platforms with \n\nMPC10, MPC11, LC4800 or LC9600\n\nline cards, and MX304, firewall filters applied on a loopback interface lo0.n (where n is a non-0 number) don't get executed when lo0.n is in the global VRF / default routing-instance.\n\n An affected configuration would be:\n\nuser@host# show configuration interfaces lo0 | display set\nset interfaces lo0 unit 1 family inet filter input <filter-name>\n\nwhere a firewall filter is applied to a non-0 loopback interface, but that loopback interface is not referred to in any routing-instance (RI) configuration, which implies that it's used in the default RI.\n\nThe issue can be observed with the CLI command:\n\nuser@device> show firewall counter filter <filter_name> \n\nnot showing any matches.\n\nThis issue affects Junos OS on MX Series:\n\n  *  all versions before 23.2R2-S6,\n  *  23.4 versions before 23.4R2-S7,\n  *  24.2 versions before 24.2R2,\n  *  24.4 versions before 24.4R2.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-754"], "affected_products": [], "references": [{"url": "https://kb.juniper.net/JSA107865", "source": "sirt@juniper.net", "tags": []}], "published": "2026-04-09T22:16:25.803", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00028, "epss_percentile": 0.07701, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33775", "description": "A Missing Release of Memory after Effective Lifetime vulnerability in the BroadBand Edge subscriber management daemon (bbe-smgd) of Juniper Networks Junos OS on MX Series allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS).\n\nIf the authentication packet-type option is configured and a received packet does not match that packet type, the memory leak occurs. When all memory \n\navailable to bbe-smgd has been consumed, no new subscribers will be able to login.\n\nThe memory utilization of bbe-smgd can be monitored with the following show command:\n\nuser@host> show system processes extensive | match bbe-smgd\n\nThe below log message can be observed when this limit has been reached:\n\nbbesmgd[<PID>]: %DAEMON-3-SMD_DPROF_RSMON_ERROR: Resource unavailability, Reason: Daemon Heap Memory exhaustion\n\n\nThis issue affects Junos OS on MX Series:\n  *  all versions before 22.4R3-S8,\n  *  23.2 versions before 23.2R2-S5,\n  *  23.4 versions before 23.4R2-S6,\n  *  24.2 versions before 24.2R2-S2,\n  *  24.4 versions before 24.4R2,\n  *  25.2 versions before 25.2R2.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-401"], "affected_products": [], "references": [{"url": "https://kb.juniper.net/JSA107821", "source": "sirt@juniper.net", "tags": []}], "published": "2026-04-09T22:16:26.020", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00024, "epss_percentile": 0.06392, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33779", "description": "An Improper Following of a Certificate's Chain of Trust vulnerability in J-Web of Juniper Networks Junos OS on SRX Series allows a PITM to intercept the communication of the device and get access to confidential information and potentially modify it.\n\nWhen an SRX device is provisioned to connect to Security Director (SD) cloud, it doesn't perform sufficient verification of the received server certificate. This allows a PITM to intercept the communication between the SRX and SD cloud and access credentials and other sensitive information.\n\nThis issue affects Junos OS:\n  *  all versions before 22.4R3-S9,\n  *  23.2 versions before 23.2R2-S6,\n  *  23.4 versions before 23.4R2-S7,\n  *  24.2 versions before 24.2R2-S3,\n  *  24.4 versions before 24.4R2-S2,\n  *  25.2 versions before 25.2R1-S2, 25.2R2.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-296"], "affected_products": [], "references": [{"url": "https://kb.juniper.net/JSA107823", "source": "sirt@juniper.net", "tags": []}], "published": "2026-04-09T22:16:26.720", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00017, "epss_percentile": 0.04121, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33780", "description": "A Missing Release of Memory after Effective Lifetime vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a memory leak ultimately leading to a Denial of Service (DoS).\n\n\n\nIn an EVPN-MPLS scenario, routes learned from remote multi-homed Provider Edge (PE) devices are programmed as ESI routes. Due to a logic issue in the l2ald memory management, memory allocated for these routes is not released when there is churn for these routes. As a result, memory leaks in the l2ald process which will ultimately lead to a crash and restart of l2ald.\n\nUse the following command to monitor the memory consumption by l2ald:\n\nuser@device> show system process extensive | match \"PID|l2ald\" \n\n\n\nThis issue affects:\n\nJunos OS:\n\n\n\n  *  all versions before 22.4R3-S5,\n  *  23.2 versions before 23.2R2-S3,\n  *  23.4 versions before 23.4R2-S4,\n  *  24.2 versions before 24.2R2;\n\n\n\n\nJunos OS Evolved:\n\n\n\n  *  all versions before 22.4R3-S5-EVO,\n  *  23.2 versions before 23.2R2-S3-EVO,\n  *  23.4 versions before 23.4R2-S4-EVO,\n  *  24.2 versions before 24.2R2-EVO.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-401"], "affected_products": [], "references": [{"url": "https://kb.juniper.net/JSA107819", "source": "sirt@juniper.net", "tags": []}], "published": "2026-04-09T22:16:26.960", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00016, "epss_percentile": 0.03765, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33781", "description": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on specific EX and QFX Series devices allow an unauthenticated, adjacent attacker to cause a complete Denial of Service (DoS).\n\nOn EX4k, and QFX5k platforms configured as service-provider edge devices, if L2PT is enabled on the UNI and VSTP is enabled on NNI in VXLAN scenarios, receiving VSTP BPDUs on UNI leads to packet buffer allocation failures, resulting in the device to not pass traffic anymore until it is manually recovered with a restart.This issue affects Junos OS:\n\n\n\n  *  24.4 releases before 24.4R2,\n  *  25.2 releases before 25.2R1-S1, 25.2R2.\n\n\n\n\nThis issue does not affect Junos OS releases before 24.4R1.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-754"], "affected_products": [], "references": [{"url": "https://kb.juniper.net/JSA107869", "source": "sirt@juniper.net", "tags": []}], "published": "2026-04-09T22:16:27.193", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00016, "epss_percentile": 0.03297, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33782", "description": "A Missing Release of Memory after Effective Lifetime vulnerability in the DHCP daemon (jdhcpd) of Juniper Networks Junos OS on MX Series, allows an adjacent, unauthenticated attacker to cause a memory leak, that will eventually cause a complete Denial-of-Service (DoS).\n\nIn a DHCPv6 over PPPoE, or DHCPv6 over VLAN with Active lease query or Bulk lease query scenario, every subscriber logout will leak a small amount of memory. When all available memory has been exhausted, jdhcpd will crash and restart which causes a complete service impact until the process has recovered.\n\nThe memory usage of jdhcpd can be monitored with:\n\nuser@host> show system processes extensive | match jdhcpd\n\n\n\nThis issue affects Junos OS:\n\n  *  all versions before 22.4R3-S1,\n  *  23.2 versions before 23.2R2,\n  *  23.4 versions before 23.4R2.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-401"], "affected_products": [], "references": [{"url": "https://kb.juniper.net/JSA107820", "source": "sirt@juniper.net", "tags": []}], "published": "2026-04-09T22:16:27.393", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00036, "epss_percentile": 0.10567, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33783", "description": "A Function Call With Incorrect Argument Type vulnerability in the sensor interface of Juniper Networks Junos OS Evolved on PTX Series allows a network-based, authenticated attacker with low privileges to cause a complete Denial of Service (DoS).\n\n\nIf colored SRTE policy tunnels are provisioned via PCEP, and gRPC is used to monitor traffic in these tunnels, evo-aftmand crashes and doesn't restart which leads to a complete and persistent service impact. The system has to be manually restarted to recover. The issue is seen only when the Originator ASN field in PCEP contains a value larger than 65,535 (32-bit ASN). The issue is not reproducible when SRTE policy tunnels are statically configured.\n\n\nThis issue affects Junos OS Evolved on PTX Series: \n\n\n\n  *  all versions before 22.4R3-S9-EVO,\n  *  23.2 versions before 23.2R2-S6-EVO,\n  *  23.4 versions before 23.4R2-S7-EVO,\n  *  24.2 versions before 24.2R2-S4-EVO,\n  *  24.4 versions before 24.4R2-S2-EVO,\n  *  25.2 versions before 25.2R1-S2-EVO, 25.2R2-EVO.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-686"], "affected_products": [], "references": [{"url": "https://kb.juniper.net/JSA107870", "source": "sirt@juniper.net", "tags": []}], "published": "2026-04-09T22:16:27.590", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00046, "epss_percentile": 0.13949, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33791", "description": "An OS Command Injection vulnerability in the CLI processing of Juniper Networks Junos OS and Junos OS Evolved allows a local, high-privileged attacker executing specific, crafted CLI commands to inject arbitrary shell commands as root, leading to a complete compromise of the system.\n\nCertain 'set system' commands, when executed with crafted arguments, are not properly sanitized, allowing for arbitrary shell injection. These shell commands are executed as root, potentially allowing for complete control of the vulnerable system.\nThis issue affects:\n\nJunos OS: \n\n\n\n  *  all versions before 22.4R3-S8, \n  *  from 23.2 before 23.2R2-S5, \n  *  from 23.4 before 23.4R2-S7, \n  *  from 24.2 before 24.2R2-S2, \n  *  from 24.4 before 24.4R2, \n  *  from 25.2 before 25.2R2; \n\n\n\n\nJunos OS Evolved: \n\n\n\n  *  all versions before 22.4R3-S8-EVO, \n  *  from 23.2 before 23.2R2-S5-EVO, \n  *  from 23.4 before 23.4R2-S7-EVO, \n  *  from 24.2 before 24.2R2-S2-EVO, \n  *  from 24.4 before 24.4R2-EVO, \n  *  from 25.2 before 25.2R1-S1-EVO, 25.2R2-EVO.", "cvss_score": 6.7, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-78"], "affected_products": [], "references": [{"url": "https://kb.juniper.net/JSA107875", "source": "sirt@juniper.net", "tags": []}], "published": "2026-04-09T22:16:29.047", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00041, "epss_percentile": 0.12443, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 20.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35618", "description": "OpenClaw before 2026.3.23 contains a replay identity vulnerability in Plivo V2 signature verification that allows attackers to bypass replay protection by modifying query parameters. The verification path derives replay keys from the full URL including query strings instead of the canonicalized base URL, enabling attackers to mint new verified request keys through unsigned query-only changes to signed requests.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-294"], "affected_products": [], "references": [{"url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://github.com/openclaw/openclaw/commit/b0ce53a79cf63834660270513e26d921899b4e5b", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-cg6c-q2hx-69h7", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/openclaw-replay-identity-drift-via-query-only-variants-in-plivo-v2-verification", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-09T22:16:30.143", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00028, "epss_percentile": 0.07893, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35627", "description": "OpenClaw before 2026.3.22 performs cryptographic and dispatch operations on inbound Nostr direct messages before enforcing sender and pairing policy validation. Attackers can trigger unauthorized pre-authentication computation by sending crafted DM messages, enabling denial of service through resource exhaustion.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-696"], "affected_products": [], "references": [{"url": "https://github.com/openclaw/openclaw/commit/1ee9611079e81b9122f4bed01abb3d9f56206c77", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-65h8-27jh-q8wv", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/openclaw-unauthenticated-cryptographic-work-in-nostr-inbound-dm-handling", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-09T22:16:31.240", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00082, "epss_percentile": 0.24048, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35631", "description": "OpenClaw before 2026.3.22 fails to enforce operator.admin scope on mutating internal ACP chat commands, allowing unauthorized modifications. Attackers without admin privileges can execute mutating control-plane actions by directly invoking affected ACP commands to bypass authorization gates.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://github.com/openclaw/openclaw/commit/229426a257e49694a59fa4e3895861d02a4d767f", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-3w6x-gv34-mqpf", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/openclaw-missing-authorization-enforcement-in-internal-acp-chat-commands", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-09T22:16:31.790", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00026, "epss_percentile": 0.07341, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35636", "description": "OpenClaw versions 2026.3.11 through 2026.3.24 contain a session isolation bypass vulnerability where session_status resolves sessionId to canonical session keys before enforcing visibility checks. Sandboxed child sessions can exploit this to access parent or sibling sessions that should be blocked by explicit sessionKey restrictions.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-696"], "affected_products": [], "references": [{"url": "https://github.com/openclaw/openclaw/commit/d9810811b6c3c9266d7580f00574e5e02f7663de", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-q2qc-744p-66r2", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/openclaw-session-isolation-bypass-via-sessionid-resolution", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-09T22:16:32.750", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00029, "epss_percentile": 0.08109, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35644", "description": "OpenClaw before 2026.3.22 contains an information disclosure vulnerability that allows attackers with operator.read scope to expose credentials embedded in channel baseUrl and httpUrl fields. Attackers can access gateway snapshots via config.get and channels.status endpoints to retrieve sensitive authentication information from URL userinfo components.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-312"], "affected_products": [], "references": [{"url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://github.com/openclaw/openclaw/commit/f0202264d0de7ad345382b9008c5963bcefb01b7", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-ppwq-6v66-5m6j", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/openclaw-credential-exposure-via-baseurl-fields-in-gateway-snapshots", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-09T22:16:33.873", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00025, "epss_percentile": 0.06809, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39848", "description": "Dockyard is a Docker container management app. Prior to 1.1.0, Docker container start and stop operations are performed through GET requests without CSRF protection. A remote attacker can cause a logged-in administrator's browser to request /apps/action.php?action=stop&name=<container> or /apps/action.php?action=start&name=<container>, which starts or stops the target container. This vulnerability is fixed in 1.1.0.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-306"], "affected_products": [], "references": [{"url": "https://github.com/10ij/dockyard/security/advisories/GHSA-jrf6-3j4j-q36g", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/10ij/dockyard/security/advisories/GHSA-jrf6-3j4j-q36g", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": []}], "published": "2026-04-09T22:16:34.407", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00034, "epss_percentile": 0.09622, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40148", "description": "PraisonAI is a multi-agent teams system. Prior to 4.5.128, the _safe_extractall() function in PraisonAI's recipe registry validates archive members against path traversal attacks but performs no checks on individual member sizes, cumulative extracted size, or member count before calling tar.extractall(). An attacker can publish a malicious recipe bundle containing highly compressible data (e.g., 10GB of zeros compressing to ~10MB) that exhausts the victim's disk when pulled via LocalRegistry.pull() or HttpRegistry.pull(). This vulnerability is fixed in 4.5.128.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-409"], "affected_products": [], "references": [{"url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-f2h6-7xfr-xm8w", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-09T22:16:35.600", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00034, "epss_percentile": 0.09836, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-14545", "description": "The YML for Yandex Market WordPress plugin before 5.0.26 is vulnerable to Remote Code Execution via the feed generation process.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": [], "affected_products": [], "references": [{"url": "https://wpscan.com/vulnerability/9bb1a4ca-976c-461d-82de-8a3b04a56fbc/", "source": "contact@wpscan.com", "tags": []}], "published": "2026-04-10T07:16:19.607", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00079, "epss_percentile": 0.23402, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4432", "description": "The YITH WooCommerce Wishlist WordPress plugin before 4.13.0 does not properly validate wishlist ownership in the save_title() AJAX handler before allowing wishlist renaming operations. The function only checks for a valid nonce, which is publicly exposed in the page source of the /wishlist/ page, making it possible for unauthenticated attackers to rename any wishlist belonging to any user on the site.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": [], "affected_products": [], "references": [{"url": "https://wpscan.com/vulnerability/2f052086-b691-48df-9b08-2cb1db65e14e/", "source": "contact@wpscan.com", "tags": []}], "published": "2026-04-10T07:16:21.237", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00036, "epss_percentile": 0.10541, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2021-47960", "description": "A files or directories accessible to external parties vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access files within the installation directory via a local HTTP server bound to the loopback interface. By leveraging user interaction with a crafted web page, attackers may retrieve sensitive files such as configuration files, certificates, and logs, leading to information disclosure.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-552"], "affected_products": [], "references": [{"url": "https://www.synology.com/en-global/security/advisory/Synology_SA_26_05", "source": "security@synology.com", "tags": []}], "published": "2026-04-10T10:16:02.853", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00028, "epss_percentile": 0.07889, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6068", "description": "NASM contains a heap use after free vulnerability in response file (-@) processing where a dangling pointer to freed memory is stored in the global depend_file and later dereferenced, as the response-file buffer is freed before the pointer is used, allowing for data corruption or unexpected behavior.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": [], "affected_products": [], "references": [{"url": "https://github.com/netwide-assembler/nasm/issues/222", "source": "cret@cert.org", "tags": []}], "published": "2026-04-10T14:16:38.723", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00028, "epss_percentile": 0.07701, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35594", "description": "Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, Vikunja's link share authentication (GetLinkShareFromClaims in pkg/models/link_sharing.go) constructs authorization objects entirely from JWT claims without any server-side database validation. When a project owner deletes a link share or downgrades its permissions, all previously issued JWTs continue to grant the original permission level for up to 72 hours (the default service.jwtttl). This vulnerability is fixed in 2.3.0.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-613"], "affected_products": [], "references": [{"url": "https://github.com/go-vikunja/vikunja/commit/379d8a5c19334ffe4846003f590e202c31a75479", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/go-vikunja/vikunja/pull/2581", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/go-vikunja/vikunja/releases/tag/v2.3.0", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/go-vikunja/vikunja/security/advisories/GHSA-96q5-xm3p-7m84", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/go-vikunja/vikunja/security/advisories/GHSA-96q5-xm3p-7m84", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": []}], "published": "2026-04-10T16:16:32.000", "last_modified": "2026-04-14T15:16:29.387", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00038, "epss_percentile": 0.11202, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40224", "description": "In systemd 259 before 260, there is local privilege escalation in systemd-machined because varlink can be used to reach the root namespace.", "cvss_score": 6.7, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-863"], "affected_products": [], "references": [{"url": "https://github.com/systemd/systemd/security/advisories/GHSA-6pwp-j5vg-5j6m", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-10T16:16:33.113", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00012, "epss_percentile": 0.01622, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 20.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35599", "description": "Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the addRepeatIntervalToTime function uses an O(n) loop that advances a date by the task's RepeatAfter duration until it exceeds the current time. By creating a repeating task with a 1-second interval and a due date far in the past, an attacker triggers billions of loop iterations, consuming CPU and holding a database connection for minutes per request. This vulnerability is fixed in 2.3.0.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-407"], "affected_products": [], "references": [{"url": "https://github.com/go-vikunja/vikunja/commit/6df0d6c8f54b01db6464c42810e40e55f12b481b", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/go-vikunja/vikunja/pull/2577", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/go-vikunja/vikunja/releases/tag/v2.3.0", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/go-vikunja/vikunja/security/advisories/GHSA-r4fg-73rc-hhh7", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-10T17:17:03.520", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00041, "epss_percentile": 0.12357, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35621", "description": "OpenClaw before 2026.3.24 contains a privilege escalation vulnerability where the /allowlist command fails to re-validate gateway client scopes for internal callers, allowing operator.write-scoped clients to mutate channel authorization policy. Attackers can exploit chat.send to build an internal command-authorized context and persist channel allowFrom and groupAllowFrom policy changes reserved for operator.admin scope.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-862"], "affected_products": [{"vendor": "openclaw", "product": "openclaw", "cpe": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*"}], "references": [{"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-94pw-c6m8-p9p9", "source": "disclosure@vulncheck.com", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}, {"url": "https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-chat-send-to-allowlist-persistence", "source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"]}], "published": "2026-04-10T17:17:04.520", "last_modified": "2026-04-13T20:14:25.677", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00029, "epss_percentile": 0.08232, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35649", "description": "OpenClaw before 2026.3.22 contains a settings reconciliation vulnerability that allows attackers to bypass intended deny-all revocations by exploiting empty allowlist handling. The vulnerability treats explicit empty allowlists as unset during reconciliation, silently undoing intended access control denials and restoring previously revoked permissions.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-183"], "affected_products": [{"vendor": "openclaw", "product": "openclaw", "cpe": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*"}], "references": [{"url": "https://github.com/openclaw/openclaw/commit/3cbf932413e41d1836cb91aed1541a28a3122f93", "source": "disclosure@vulncheck.com", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87", "source": "disclosure@vulncheck.com", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-pw7h-9g6p-c378", "source": "disclosure@vulncheck.com", "tags": ["Vendor Advisory"]}, {"url": "https://www.vulncheck.com/advisories/openclaw-settings-reconciliation-bypass-via-empty-allowlist", "source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"]}], "published": "2026-04-10T17:17:05.437", "last_modified": "2026-04-13T20:46:37.303", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00023, "epss_percentile": 0.06179, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35652", "description": "OpenClaw before 2026.3.22 contains an authorization bypass vulnerability in interactive callback dispatch that allows non-allowlisted senders to execute action handlers. Attackers can bypass sender authorization checks by dispatching callbacks before normal security validation completes, enabling unauthorized actions.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-696"], "affected_products": [{"vendor": "openclaw", "product": "openclaw", "cpe": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*"}], "references": [{"url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87", "source": "disclosure@vulncheck.com", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/commit/a47722de7e3c9cbda8d5512747ca7e3bb8f6ee66", "source": "disclosure@vulncheck.com", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-8883-9w57-vwv6", "source": "disclosure@vulncheck.com", "tags": ["Vendor Advisory"]}, {"url": "https://www.vulncheck.com/advisories/openclaw-unauthorized-action-execution-via-callback-dispatch", "source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"]}], "published": "2026-04-10T17:17:05.987", "last_modified": "2026-04-13T21:06:31.013", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00044, "epss_percentile": 0.13281, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35656", "description": "OpenClaw before 2026.3.22 contains an authentication bypass vulnerability in the X-Forwarded-For header processing when trustedProxies is configured, allowing attackers to spoof loopback hops. Remote attackers can inject forged forwarding headers to bypass canvas authentication and rate-limiting protections by masquerading as loopback clients.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-290"], "affected_products": [{"vendor": "openclaw", "product": "openclaw", "cpe": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*"}], "references": [{"url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87", "source": "disclosure@vulncheck.com", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/commit/fc2d29ea926f47c428c556e92ec981441228d2a4", "source": "disclosure@vulncheck.com", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-844j-xrrq-wgh4", "source": "disclosure@vulncheck.com", "tags": ["Vendor Advisory"]}, {"url": "https://www.vulncheck.com/advisories/openclaw-xff-loopback-spoofing-bypass-in-canvas-authentication-and-rate-limiter", "source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"]}], "published": "2026-04-10T17:17:06.733", "last_modified": "2026-04-13T21:07:56.597", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00131, "epss_percentile": 0.32548, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35657", "description": "OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in the HTTP /sessions/:sessionKey/history route that skips operator.read scope validation. Attackers can access session history without proper operator read permissions by sending HTTP requests to the vulnerable endpoint.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-863"], "affected_products": [{"vendor": "openclaw", "product": "openclaw", "cpe": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*"}], "references": [{"url": "https://github.com/openclaw/openclaw/commit/1c45123231516fa50f8cf8522ba5ff2fb2ca7aea", "source": "disclosure@vulncheck.com", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-5jvj-hxmh-6h6j", "source": "disclosure@vulncheck.com", "tags": ["Vendor Advisory"]}, {"url": "https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-http-session-history-route", "source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"]}], "published": "2026-04-10T17:17:06.913", "last_modified": "2026-04-13T21:08:02.290", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00023, "epss_percentile": 0.06137, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35658", "description": "OpenClaw before 2026.3.2 contains a filesystem boundary bypass vulnerability in the image tool that fails to honor tools.fs.workspaceOnly restrictions. Attackers can traverse sandbox bridge mounts outside the workspace to read files that other filesystem tools would reject.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-668"], "affected_products": [{"vendor": "openclaw", "product": "openclaw", "cpe": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*"}], "references": [{"url": "https://github.com/openclaw/openclaw/commit/14baadda2c456f3cf749f1f97e8678746a34a7f4", "source": "disclosure@vulncheck.com", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87", "source": "disclosure@vulncheck.com", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/commit/ccfeecb6887cd97937e33a71877ad512741e82b2", "source": "disclosure@vulncheck.com", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/commit/dd9d9c1c609dcb4579f9e57bd7b5c879d0146b53", "source": "disclosure@vulncheck.com", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-cfp9-w5v9-3q4h", "source": "disclosure@vulncheck.com", "tags": ["Vendor Advisory"]}, {"url": "https://www.vulncheck.com/advisories/openclaw-filesystem-boundary-bypass-in-image-tool", "source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"]}], "published": "2026-04-10T17:17:07.090", "last_modified": "2026-04-13T20:31:46.713", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00033, "epss_percentile": 0.09524, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33141", "description": "Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Direct Object Reference (IDOR) vulnerability in the REST API stats endpoint allows any authenticated user (including low-privilege students with ROLE_USER) to read any other user's learning progress, certificates, and gradebook scores for any course, without enrollment or supervisory relationship. This vulnerability is fixed in 2.0.0-RC.3.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-639", "CWE-862"], "affected_products": [], "references": [{"url": "https://github.com/chamilo/chamilo-lms/commit/792ba05953470ca971617fe2674ed14c1479fa80", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-j2pr-2r5w-jrpj", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-10T18:16:42.743", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00017, "epss_percentile": 0.03844, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27460", "description": "Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.5, a critical Denial of Service (DoS) vulnerability was in the recipe import functionality. This vulnerability allows an authenticated user to crash the server or make a significantly degrade its performance by uploading a large size ZIP file (ZIP Bomb). This vulnerability is fixed in 2.6.5.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-409"], "affected_products": [{"vendor": "tandoor", "product": "recipes", "cpe": "cpe:2.3:a:tandoor:recipes:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-w8pq-4pwf-r2m8", "source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"]}, {"url": "https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-w8pq-4pwf-r2m8", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"]}], "published": "2026-04-10T19:16:21.427", "last_modified": "2026-04-14T17:29:17.780", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00039, "epss_percentile": 0.11798, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33708", "description": "Chamilo LMS is a learning management system. Prior to 1.11.38, the get_user_info_from_username REST API endpoint returns personal information (email, first name, last name, user ID, active status) of any user to any authenticated user, including students. There is no authorization check. This vulnerability is fixed in 1.11.38.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://github.com/chamilo/chamilo-lms/commit/4a119f93abbfba6fe833580f2463c8d4afa500c2", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-qwch-82q9-q999", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-10T19:16:24.107", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00028, "epss_percentile": 0.07905, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33736", "description": "Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, any authenticated user (including ROLE_STUDENT) can enumerate all platform users and access personal information (email, phone, roles) via GET /api/users, including administrator accounts. This vulnerability is fixed in 2.0.0-RC.3.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-639"], "affected_products": [], "references": [{"url": "https://github.com/chamilo/chamilo-lms/commit/1739371ce1c562c007c7f5d53e6d65b7a4ff4109", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-fp2p-fj6c-x3x9", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-10T19:16:24.410", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00028, "epss_percentile": 0.07905, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40199", "description": "Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow IP ACL bypass.\n\n_pack_ipv6() includes the sentinel byte from _pack_ipv4() when building the packed representation of IPv4 mapped addresses like ::ffff:192.168.1.1. This produces an 18 byte value instead of 17 bytes, misaligning the IPv4 part of the address.\n\nThe wrong length causes incorrect results in mask operations (bitwise AND truncates to the shorter operand) and in find() / bin_find() which use Perl string comparison (lt/gt). This can cause find() to incorrectly match or miss addresses.\n\nExample:\n\n  my $cidr = Net::CIDR::Lite->new(\"::ffff:192.168.1.0/120\");\n  $cidr->find(\"::ffff:192.168.2.0\");  # incorrectly returns true\n\nThis is triggered by valid RFC 4291 IPv4 mapped addresses (::ffff:x.x.x.x).\n\nSee also CVE-2026-40198, a related issue in the same function affecting malformed IPv6 addresses.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-130"], "affected_products": [], "references": [{"url": "https://github.com/stigtsp/Net-CIDR-Lite/commit/b7166b1fa17b3b14b4c795ace5b3fbf71a0bd04a.patch", "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "tags": []}, {"url": "https://metacpan.org/release/STIGTSP/Net-CIDR-Lite-0.23/changes", "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "tags": []}, {"url": "https://www.cve.org/CVERecord?id=CVE-2026-40198", "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "tags": []}], "published": "2026-04-10T22:16:21.597", "last_modified": "2026-04-13T15:17:35.870", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00027, "epss_percentile": 0.07592, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-3689", "description": "OpenClaw Canvas Path Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenClaw. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of the path parameters provided to the canvas gateway endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of the service account. Was ZDI-CAN-29312.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-22"], "affected_products": [], "references": [{"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-jq4x-98m3-ggq6", "source": "zdi-disclosures@trendmicro.com", "tags": []}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-26-227/", "source": "zdi-disclosures@trendmicro.com", "tags": []}], "published": "2026-04-11T01:16:15.837", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00276, "epss_percentile": 0.51021, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1083", "name": "File and Directory Discovery", "tactic": "Discovery"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5207", "description": "The LifterLMS plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 9.2.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Instructor-level access and above who have the edit_post capability on the quiz, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-89"], "affected_products": [], "references": [{"url": "https://plugins.trac.wordpress.org/browser/lifterlms/trunk/includes/admin/reporting/tables/llms.table.quiz.non.attempts.php#L190", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/lifterlms/trunk/includes/admin/reporting/tables/llms.table.quiz.non.attempts.php#L240", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/lifterlms/trunk/includes/class.llms.ajax.handler.php#L243", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/changeset/3495818/lifterlms/trunk/includes/admin/reporting/tables/llms.table.quiz.non.attempts.php", "source": "security@wordfence.com", "tags": []}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/43d31d1e-0f4f-4f51-8274-650151642d03?source=cve", "source": "security@wordfence.com", "tags": []}], "published": "2026-04-11T02:16:02.800", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00027, "epss_percentile": 0.07436, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-23900", "description": "Various stored XSS vulnerabilities in the maps- and icon rendering logic in Phoca Maps component 5.0.0-6.0.2 have been discovered.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://phoca.cz/", "source": "security@joomla.org", "tags": []}], "published": "2026-04-11T14:16:03.377", "last_modified": "2026-04-13T18:16:28.577", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00029, "epss_percentile": 0.08133, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-25206", "description": "Out-of-bounds read vulnerability in Samsung Open Source Escargot allows Resource Leak Exposure.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335.", "cvss_score": 6.7, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-125"], "affected_products": [], "references": [{"url": "https://github.com/Samsung/escargot/pull/1554", "source": "PSIRT@samsung.com", "tags": []}], "published": "2026-04-13T05:16:02.540", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00013, "epss_percentile": 0.02102, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 20.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-25209", "description": "Out-of-bounds read vulnerability in Samsung Open Source Escargot allows Resource Leak Exposure.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-125"], "affected_products": [], "references": [{"url": "https://github.com/Samsung/escargot/pull/1554", "source": "PSIRT@samsung.com", "tags": []}], "published": "2026-04-13T05:16:02.927", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00042, "epss_percentile": 0.12511, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34863", "description": "Out-of-bounds write vulnerability in the file system.\nImpact: Successful exploitation of this vulnerability may affect availability.", "cvss_score": 6.7, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-787"], "affected_products": [], "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2026/4/", "source": "psirt@huawei.com", "tags": []}], "published": "2026-04-13T05:16:04.250", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 6e-05, "epss_percentile": 0.00328, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 20.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34864", "description": "Boundary-unlimited vulnerability in the application read module.\nImpact: Successful exploitation of this vulnerability may affect availability.", "cvss_score": 6.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-119"], "affected_products": [], "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2026/4/", "source": "psirt@huawei.com", "tags": []}, {"url": "https://consumer.huawei.com/en/support/bulletinwearables/2026/4/", "source": "psirt@huawei.com", "tags": []}], "published": "2026-04-13T05:16:04.550", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 6e-05, "epss_percentile": 0.00396, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 20.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35553", "description": "Bluetooth ACPI Drivers provided by Dynabook Inc. contain a stack-based buffer overflow vulnerability. An attacker may execute arbitrary code by modifying certain registry values.", "cvss_score": 6.7, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-121"], "affected_products": [], "references": [{"url": "https://corporate.jp.sharp/info/product-security/advisory-list/2026-001/", "source": "vultures@jpcert.or.jp", "tags": []}, {"url": "https://global.sharp/corporate/info/product-security/advisory-list/2026-001/", "source": "vultures@jpcert.or.jp", "tags": []}, {"url": "https://jvn.jp/en/vu/JVNVU96334293/", "source": "vultures@jpcert.or.jp", "tags": []}], "published": "2026-04-13T05:16:04.693", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00012, "epss_percentile": 0.01665, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 20.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-21007", "description": "Improper check for exceptional conditions in Device Care prior to SMR Apr-2026 Release 1 allows physical attackers to bypass Knox Guard.", "cvss_score": 6.8, "cvss_vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-754"], "affected_products": [{"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:-:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-apr-2022-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-apr-2023-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-apr-2024-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-apr-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-aug-2022-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-aug-2023-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-aug-2024-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-aug-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-dec-2021-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-dec-2022-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-dec-2023-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-dec-2024-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-dec-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-feb-2022-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-feb-2023-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-feb-2024-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-feb-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-feb-2026-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-jan-2022-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-jan-2023-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-jan-2024-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-jan-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-jan-2026-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-jul-2022-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-jul-2023-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-jul-2024-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-jul-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-jun-2022-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-jun-2023-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-jun-2024-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-jun-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-mar-2022-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-mar-2023-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-mar-2024-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-mar-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-mar-2026-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-may-2022-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-may-2023-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-may-2024-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-may-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-nov-2021-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-nov-2022-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-nov-2023-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-nov-2024-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-nov-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-oct-2022-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-oct-2023-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-oct-2024-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-oct-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-sep-2022-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-sep-2023-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-sep-2024-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-sep-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:-:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-apr-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-aug-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-dec-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-feb-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-feb-2026-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-jan-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-jan-2026-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-jul-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-jun-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-mar-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-mar-2026-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-may-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-nov-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-oct-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-sep-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:16.0:-:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:16.0:smr-aug-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:16.0:smr-dec-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:16.0:smr-feb-2026-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:16.0:smr-jan-2026-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:16.0:smr-mar-2026-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:16.0:smr-nov-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:16.0:smr-oct-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:16.0:smr-sep-2025-r1:*:*:*:*:*:*"}], "references": [{"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=04", "source": "mobile.security@samsung.com", "tags": ["Vendor Advisory"]}], "published": "2026-04-13T06:16:05.190", "last_modified": "2026-04-13T18:38:21.820", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00022, "epss_percentile": 0.05899, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 20.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-21008", "description": "Exposure of sensitive information in S Share prior to SMR Apr-2026 Release 1 allows adjacent attacker to access sensitive information.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": [], "affected_products": [{"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:-:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-apr-2022-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-apr-2023-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-apr-2024-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-apr-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-aug-2022-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-aug-2023-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-aug-2024-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-aug-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-dec-2021-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-dec-2022-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-dec-2023-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-dec-2024-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-dec-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-feb-2022-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-feb-2023-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-feb-2024-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-feb-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-feb-2026-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-jan-2022-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-jan-2023-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-jan-2024-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-jan-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-jan-2026-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-jul-2022-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-jul-2023-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-jul-2024-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-jul-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-jun-2022-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-jun-2023-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-jun-2024-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-jun-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-mar-2022-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-mar-2023-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-mar-2024-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-mar-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-mar-2026-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-may-2022-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-may-2023-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-may-2024-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-may-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-nov-2021-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-nov-2022-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-nov-2023-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-nov-2024-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-nov-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-oct-2022-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-oct-2023-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-oct-2024-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-oct-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-sep-2022-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-sep-2023-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-sep-2024-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-sep-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:-:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-apr-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-aug-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-dec-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-feb-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-feb-2026-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-jan-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-jan-2026-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-jul-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-jun-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-mar-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-mar-2026-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-may-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-nov-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-oct-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-sep-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:16.0:-:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:16.0:smr-aug-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:16.0:smr-dec-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:16.0:smr-feb-2026-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:16.0:smr-jan-2026-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:16.0:smr-mar-2026-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:16.0:smr-nov-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:16.0:smr-oct-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:16.0:smr-sep-2025-r1:*:*:*:*:*:*"}], "references": [{"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=04", "source": "mobile.security@samsung.com", "tags": ["Vendor Advisory"]}], "published": "2026-04-13T06:16:05.360", "last_modified": "2026-04-13T18:38:06.243", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00014, "epss_percentile": 0.02433, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-21010", "description": "Improper input validation in Retail Mode prior to SMR Apr-2026 Release 1 allows local attackers to trigger privileged functions.", "cvss_score": 6.6, "cvss_vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "MEDIUM", "cwes": [], "affected_products": [{"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:-:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-apr-2022-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-apr-2023-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-apr-2024-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-apr-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-aug-2022-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-aug-2023-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-aug-2024-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-aug-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-dec-2021-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-dec-2022-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-dec-2023-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-dec-2024-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-dec-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-feb-2022-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-feb-2023-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-feb-2024-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-feb-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-feb-2026-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-jan-2022-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-jan-2023-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-jan-2024-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-jan-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-jan-2026-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-jul-2022-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-jul-2023-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-jul-2024-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-jul-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-jun-2022-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-jun-2023-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-jun-2024-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-jun-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-mar-2022-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-mar-2023-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-mar-2024-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-mar-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-mar-2026-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-may-2022-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-may-2023-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-may-2024-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-may-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-nov-2021-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-nov-2022-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-nov-2023-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-nov-2024-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-nov-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-oct-2022-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-oct-2023-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-oct-2024-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-oct-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-sep-2022-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-sep-2023-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-sep-2024-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-sep-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:-:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-apr-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-aug-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-dec-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-feb-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-feb-2026-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-jan-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-jan-2026-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-jul-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-jun-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-mar-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-mar-2026-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-may-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-nov-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-oct-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-sep-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:16.0:-:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:16.0:smr-aug-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:16.0:smr-dec-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:16.0:smr-feb-2026-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:16.0:smr-jan-2026-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:16.0:smr-mar-2026-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:16.0:smr-nov-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:16.0:smr-oct-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:16.0:smr-sep-2025-r1:*:*:*:*:*:*"}], "references": [{"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=04", "source": "mobile.security@samsung.com", "tags": ["Vendor Advisory"]}], "published": "2026-04-13T06:16:05.613", "last_modified": "2026-04-13T18:14:08.993", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0002, "epss_percentile": 0.05164, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.8, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-21011", "description": "Incorrect privilege assignment in Bluetooth in Maintenance mode prior to SMR Apr-2026 Release 1 allows physical attackers to bypass Extend Unlock.", "cvss_score": 6.8, "cvss_vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-732"], "affected_products": [{"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:-:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-apr-2022-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-apr-2023-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-apr-2024-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-apr-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-aug-2022-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-aug-2023-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-aug-2024-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-aug-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-dec-2021-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-dec-2022-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-dec-2023-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-dec-2024-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-dec-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-feb-2022-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-feb-2023-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-feb-2024-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-feb-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-feb-2026-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-jan-2022-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-jan-2023-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-jan-2024-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-jan-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-jan-2026-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-jul-2022-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-jul-2023-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-jul-2024-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-jul-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-jun-2022-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-jun-2023-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-jun-2024-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-jun-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-mar-2022-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-mar-2023-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-mar-2024-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-mar-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-mar-2026-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-may-2022-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-may-2023-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-may-2024-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-may-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-nov-2021-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-nov-2022-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-nov-2023-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-nov-2024-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-nov-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-oct-2022-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-oct-2023-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-oct-2024-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-oct-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-sep-2022-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-sep-2023-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-sep-2024-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-sep-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:-:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-apr-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-aug-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-dec-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-feb-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-feb-2026-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-jan-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-jan-2026-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-jul-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-jun-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-mar-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-mar-2026-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-may-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-nov-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-oct-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-sep-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:16.0:-:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:16.0:smr-aug-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:16.0:smr-dec-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:16.0:smr-feb-2026-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:16.0:smr-jan-2026-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:16.0:smr-mar-2026-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:16.0:smr-nov-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:16.0:smr-oct-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:16.0:smr-sep-2025-r1:*:*:*:*:*:*"}], "references": [{"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=04", "source": "mobile.security@samsung.com", "tags": ["Vendor Advisory"]}], "published": "2026-04-13T06:16:05.740", "last_modified": "2026-04-13T18:15:06.447", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00021, "epss_percentile": 0.05721, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 20.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-15441", "description": "The Form Maker by 10Web  WordPress plugin before 1.15.38 does not properly prepare SQL queries when the \"MySQL Mapping\" feature is in use, which could make SQL Injection attacks possible in certain contexts.", "cvss_score": 6.8, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-89"], "affected_products": [], "references": [{"url": "https://wpscan.com/vulnerability/41f69b0a-4d17-4a6b-b803-ea1c370e3cc0/", "source": "contact@wpscan.com", "tags": []}], "published": "2026-04-13T07:16:07.213", "last_modified": "2026-04-13T16:16:23.300", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00035, "epss_percentile": 0.10303, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 20.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-31991", "description": "Rate Limiting for attempting a user login is not being properly enforced, making HCL DevOps Velocity susceptible to brute-force attacks past the unsuccessful login attempt limit.  This vulnerability is fixed in 5.1.7.", "cvss_score": 6.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-307"], "affected_products": [], "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130138", "source": "psirt@hcl.com", "tags": []}], "published": "2026-04-13T16:16:24.110", "last_modified": "2026-04-13T16:16:24.110", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00024, "epss_percentile": 0.06582, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 20.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-3756", "description": "A vulnerability exists in the command handling of the IEC 61850 communication stack included in the product revisions listed as affected in this CVE. An attacker with access to IEC 61850 networks could exploit the vulnera bility by using a specially crafted 61850 packet, forcing the communication interfaces of the PM 877, CI850 and CI868 modules into fault mode or causing unavailability of the S+ Operations 61850 connectivity, resulting in a denial-of-service situation. \n\n\n\n\nThe System 800xA IEC61850 Connect is not affected. Note: This vulnerability does not impact on the overall availability and functionality of the S+ Operations node, only the 61850 communication function.\n\n   \n\n\n\nThis issue affects AC800M (System 800xA): from 6.0.0x through 6.0.0303.0, from 6.1.0x through 6.1.0031.0, from 6.1.1x through 6.1.1004.0, from 6.1.1x through 6.1.1202.0, from 6.2.0x through 6.2.0006.0; Symphony Plus SD Series: A_0, A_1, A_2.003, A_3.005, A_4.001, B_0.005; Symphony Plus MR (Melody Rack): from 3.10 through 3.52; S+ Operations: 2.1, 2.2, 2.3, 3.3.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-1284"], "affected_products": [], "references": [{"url": "https://search.abb.com/library/Download.aspx?DocumentID=7PAA020125&LanguageCode=en&DocumentPartId=&Action=Launch", "source": "cybersecurity@ch.abb.com", "tags": []}], "published": "2026-04-13T18:16:27.887", "last_modified": "2026-04-13T18:16:27.887", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00023, "epss_percentile": 0.06121, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40039", "description": "Pachno 1.0.6 contains an open redirection vulnerability that allows attackers to redirect users to arbitrary external websites by manipulating the return_to parameter. Attackers can craft malicious login URLs with unvalidated return_to values to conduct phishing attacks and steal user credentials.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-305"], "affected_products": [], "references": [{"url": "https://www.vulncheck.com/advisories/pachno-open-redirection-via-return-to-parameter", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5981.php", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-13T19:16:51.447", "last_modified": "2026-04-13T19:16:51.447", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00032, "epss_percentile": 0.08977, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40043", "description": "Pachno 1.0.6 contains an authentication bypass vulnerability in the runSwitchUser() action that allows authenticated low-privilege users to escalate privileges by manipulating the original_username cookie. Attackers can set the client-controlled original_username cookie to any value and request a switch to user ID 1 to obtain session tokens or password hashes belonging to administrator accounts.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-639"], "affected_products": [], "references": [{"url": "https://www.vulncheck.com/advisories/pachno-authentication-bypass-via-runswitchuser", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5985.php", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.zeroscience.mk/#/advisories/ZSL-2026-5985", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": []}], "published": "2026-04-13T19:16:52.140", "last_modified": "2026-04-13T21:16:29.757", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00073, "epss_percentile": 0.22122, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27677", "description": "Due to missing authorization checks in the SAP S/4HANA OData Service (Manage Reference Equipment), an attacker could update and delete child entities via OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and availability are not impacted.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://me.sap.com/notes/3715097", "source": "cna@sap.com", "tags": []}, {"url": "https://url.sap/sapsecuritypatchday", "source": "cna@sap.com", "tags": []}], "published": "2026-04-14T00:16:06.130", "last_modified": "2026-04-14T00:16:06.130", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00026, "epss_percentile": 0.07258, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27678", "description": "Due to missing authorization checks in the SAP S/4HANA backend OData Service (Manage Reference Structures), an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and availability are not impacted.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://me.sap.com/notes/3715177", "source": "cna@sap.com", "tags": []}, {"url": "https://url.sap/sapsecuritypatchday", "source": "cna@sap.com", "tags": []}], "published": "2026-04-14T00:16:06.270", "last_modified": "2026-04-14T00:16:06.270", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00026, "epss_percentile": 0.07258, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27679", "description": "Due to missing authorization checks in the SAP S/4HANA frontend OData Service (Manage Reference Structures), an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and availability are not impacted.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://me.sap.com/notes/3716767", "source": "cna@sap.com", "tags": []}, {"url": "https://url.sap/sapsecuritypatchday", "source": "cna@sap.com", "tags": []}], "published": "2026-04-14T00:16:06.413", "last_modified": "2026-04-14T00:16:06.413", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00026, "epss_percentile": 0.07258, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34261", "description": "Due to a missing authorization check in SAP Business Analytics and SAP Content Management, an authenticated user could make unauthorized calls to certain remote function modules, potentially accessing sensitive information beyond their intended permissions. This vulnerability affects confidentiality, with no impact on integrity and availability.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://me.sap.com/notes/3705094", "source": "cna@sap.com", "tags": []}, {"url": "https://url.sap/sapsecuritypatchday", "source": "cna@sap.com", "tags": []}], "published": "2026-04-14T01:16:03.897", "last_modified": "2026-04-14T01:16:03.897", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00023, "epss_percentile": 0.06149, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34264", "description": "During authorization checks in SAP Human Capital Management for SAP S/4HANA, the system returns specific messages. Due to this, an authenticated user with low privileges could guess and enumerate the content shown, beyond their authorized scope. This leads to disclosure of sensitive information causing a high impact on confidentiality, while integrity and availability are unaffected.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-204"], "affected_products": [], "references": [{"url": "https://me.sap.com/notes/3680767", "source": "cna@sap.com", "tags": []}, {"url": "https://url.sap/sapsecuritypatchday", "source": "cna@sap.com", "tags": []}], "published": "2026-04-14T01:16:04.200", "last_modified": "2026-04-14T01:16:04.200", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00031, "epss_percentile": 0.08605, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2582", "description": "The The Germanized for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution via 'account_holder' parameter in all versions up to, and including, 3.20.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-94"], "affected_products": [], "references": [{"url": "https://plugins.trac.wordpress.org/browser/woocommerce-germanized/tags/3.20.5/includes/gateways/direct-debit/class-wc-gzd-gateway-direct-debit.php#L214", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/woocommerce-germanized/tags/3.20.5/includes/gateways/direct-debit/class-wc-gzd-gateway-direct-debit.php#L982", "source": "security@wordfence.com", "tags": []}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9e6837ad-576f-4c25-9540-6144ddc8630e?source=cve", "source": "security@wordfence.com", "tags": []}], "published": "2026-04-14T07:16:06.993", "last_modified": "2026-04-14T07:16:06.993", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00086, "epss_percentile": 0.2477, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-53847", "description": "A missing authentication for critical function vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiOS 6.4 all versions, FortiOS 6.2.9 through 6.2.17 allows attacker to execute unauthorized code or commands via specially crafted packets.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-306"], "affected_products": [], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-125", "source": "psirt@fortinet.com", "tags": []}], "published": "2026-04-14T16:16:30.890", "last_modified": "2026-04-14T16:16:30.890", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-22155", "description": "A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow attacker to information disclosure via <insert attack vector here>", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-319"], "affected_products": [], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-106", "source": "psirt@fortinet.com", "tags": []}], "published": "2026-04-14T16:16:36.267", "last_modified": "2026-04-14T16:16:36.267", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-22573", "description": "An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5 all versions, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5 all versions, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated remote attacker to perform path traversal attack via File Content Extraction actions.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-22"], "affected_products": [], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-116", "source": "psirt@fortinet.com", "tags": []}], "published": "2026-04-14T16:16:36.550", "last_modified": "2026-04-14T16:16:36.550", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1083", "name": "File and Directory Discovery", "tactic": "Discovery"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-25691", "description": "A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4, FortiSandbox PaaS 5.0.4 may allow a privileged attacker with super-admin profile and CLI access to delete an arbitrary directory via HTTP crafted requests.", "cvss_score": 6.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-22"], "affected_products": [], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-115", "source": "psirt@fortinet.com", "tags": []}], "published": "2026-04-14T16:16:37.623", "last_modified": "2026-04-14T16:16:37.623", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1083", "name": "File and Directory Discovery", "tactic": "Discovery"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 20.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39809", "description": "A improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5, FortiClientEMS 7.2.0 through 7.2.12, FortiClientEMS 7.0 all versions may allow attacker to execute unauthorized code or commands via sending crafted requests", "cvss_score": 6.7, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-89"], "affected_products": [], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-102", "source": "psirt@fortinet.com", "tags": []}], "published": "2026-04-14T16:16:45.017", "last_modified": "2026-04-14T18:17:38.883", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 20.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39814", "description": "A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.1 through 7.4.12, FortiWeb 7.2.7 through 7.2.12, FortiWeb 7.0.10 through 7.0.12 may allow attacker to execute unauthorized code or commands via <insert attack vector here>", "cvss_score": 6.7, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-23"], "affected_products": [], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-114", "source": "psirt@fortinet.com", "tags": []}], "published": "2026-04-14T16:16:45.850", "last_modified": "2026-04-14T16:16:45.850", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 20.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-0390", "description": "Reliance on untrusted inputs in a security decision in Windows Boot Loader allows an authorized attacker to bypass a security feature locally.", "cvss_score": 6.7, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-807"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-0390", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:16:42.237", "last_modified": "2026-04-14T18:16:42.237", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 20.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-26155", "description": "Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-126"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26155", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:16:47.277", "last_modified": "2026-04-14T18:16:47.277", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27925", "description": "Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to disclose information over an adjacent network.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-416"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27925", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:03.220", "last_modified": "2026-04-14T18:17:03.220", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32151", "description": "Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information over a network.", "cvss_score": 6.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-200"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32151", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:15.373", "last_modified": "2026-04-14T18:17:15.373", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1005", "name": "Data from Local System", "tactic": "Collection"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 19.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32167", "description": "Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.", "cvss_score": 6.7, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-89"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32167", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:19.417", "last_modified": "2026-04-14T18:17:19.417", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 20.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32176", "description": "Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.", "cvss_score": 6.7, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-89"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32176", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:20.013", "last_modified": "2026-04-14T18:17:20.013", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 20.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32223", "description": "Heap-based buffer overflow in Windows USB Print Driver allows an unauthorized attacker to elevate privileges with a physical attack.", "cvss_score": 6.8, "cvss_vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-122"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32223", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:30.490", "last_modified": "2026-04-14T18:17:30.490", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 20, "ats_level": "LOW", "ats_breakdown": {"severity": 20.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-2830", "description": "By crafting a malformed file name for an attachment in a multipart message, an attacker can trick Thunderbird into including a directory listing of /tmp when the message is forwarded or edited as a new message. This vulnerability could allow attackers to disclose sensitive information from the victim's system. This vulnerability is not limited to Linux; similar behavior has been observed on Windows as well. This vulnerability was fixed in Thunderbird 137.0.2 and Thunderbird 128.9.2.", "cvss_score": 6.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-22"], "affected_products": [{"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1956379", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-26/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-27/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-04-15T15:16:08.957", "last_modified": "2026-04-13T15:16:55.860", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00224, "epss_percentile": 0.45081, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1083", "name": "File and Directory Discovery", "tactic": "Discovery"}], "ats_score": 19, "ats_level": "INFO", "ats_breakdown": {"severity": 18.9, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-3522", "description": "Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments which can be hosted externally. When an email is opened, Thunderbird accesses the specified URL to  determine file size, and navigates to it when the user clicks the attachment. Because the URL is not validated or sanitized, it can reference internal resources like chrome:// or SMB share file:// links, potentially leading to hashed Windows credential leakage and opening the door to more serious security issues. This vulnerability was fixed in Thunderbird 137.0.2 and Thunderbird 128.9.2.", "cvss_score": 6.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-601"], "affected_products": [{"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1955372", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-26/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-27/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-04-15T15:16:09.877", "last_modified": "2026-04-13T15:16:57.657", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0023, "epss_percentile": 0.45848, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 19, "ats_level": "INFO", "ats_breakdown": {"severity": 18.9, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-3523", "description": "When an email contains multiple attachments with external links via the X-Mozilla-External-Attachment-URL header, only the last link is shown when hovering over any attachment. Although the correct link is used on click, the misleading hover text could trick users into downloading content from untrusted sources. This vulnerability was fixed in Thunderbird 137.0.2 and Thunderbird 128.9.2.", "cvss_score": 6.4, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-451"], "affected_products": [{"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1958385", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-26/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-27/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-04-15T15:16:09.957", "last_modified": "2026-04-13T15:16:57.847", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00244, "epss_percentile": 0.47695, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 19, "ats_level": "INFO", "ats_breakdown": {"severity": 19.2, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-10536", "description": "Information disclosure in the Networking: Cache component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.", "cvss_score": 6.2, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-200"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1981502", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-73/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-75/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-77/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-78/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00020.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00026.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-09-16T13:15:48.950", "last_modified": "2026-04-13T15:16:37.373", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00021, "epss_percentile": 0.0557, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1005", "name": "Data from Local System", "tactic": "Collection"}], "ats_score": 19, "ats_level": "INFO", "ats_breakdown": {"severity": 18.6, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-3778", "description": "The application does not detect or guard against cyclic PDF object references while handling JavaScript in PDF. When pages and annotations are crafted that reference each other in a loop, passing the document to APIs (e.g., SOAP) that perform deep traversal can cause uncontrolled recursion, stack exhaustion, and application crashes.", "cvss_score": 6.2, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-674"], "affected_products": [{"vendor": "foxit", "product": "pdf_editor", "cpe": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*"}, {"vendor": "foxit", "product": "pdf_editor", "cpe": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*"}, {"vendor": "foxit", "product": "pdf_editor", "cpe": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*"}, {"vendor": "foxit", "product": "pdf_editor", "cpe": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*"}, {"vendor": "foxit", "product": "pdf_editor", "cpe": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*"}, {"vendor": "foxit", "product": "pdf_reader", "cpe": "cpe:2.3:a:foxit:pdf_reader:*:*:*:*:*:*:*:*"}, {"vendor": "foxit", "product": "pdf_editor", "cpe": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*"}, {"vendor": "foxit", "product": "pdf_editor", "cpe": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*"}, {"vendor": "foxit", "product": "pdf_editor", "cpe": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*"}, {"vendor": "foxit", "product": "pdf_editor", "cpe": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*"}, {"vendor": "foxit", "product": "pdf_editor", "cpe": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*"}, {"vendor": "foxit", "product": "pdf_reader", "cpe": "cpe:2.3:a:foxit:pdf_reader:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://www.foxit.com/support/security-bulletins.html", "source": "14984358-7092-470d-8f34-ade47a7658a2", "tags": ["Vendor Advisory"]}], "published": "2026-04-01T02:16:02.897", "last_modified": "2026-04-14T17:50:53.873", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00017, "epss_percentile": 0.04087, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 19, "ats_level": "INFO", "ats_breakdown": {"severity": 18.6, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2016-20050", "description": "NetSchedScan 1.0 contains a buffer overflow vulnerability in the scan Hostname/IP field that allows local attackers to crash the application by supplying an oversized input string. Attackers can paste a crafted payload containing 388 bytes of data followed by 4 bytes of EIP overwrite into the Hostname/IP field to trigger a denial of service condition.", "cvss_score": 6.2, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-787"], "affected_products": [{"vendor": "mcafee", "product": "netschedscan", "cpe": "cpe:2.3:a:mcafee:netschedscan:1.0:*:*:*:*:*:*:*"}], "references": [{"url": "https://www.exploit-db.com/exploits/39242", "source": "disclosure@vulncheck.com", "tags": ["Exploit", "VDB Entry"]}, {"url": "https://www.vulncheck.com/advisories/netschedscan-buffer-overflow-denial-of-service", "source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"]}], "published": "2026-04-04T14:16:16.317", "last_modified": "2026-04-14T19:03:37.050", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00017, "epss_percentile": 0.04051, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 19, "ats_level": "INFO", "ats_breakdown": {"severity": 18.6, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-31053", "description": "A double free vulnerability exists in librz/bin/format/le/le.c in the function le_load_fixup_record(). When processing malformed or circular LE fixup chains, relocation entries may be freed multiple times during error handling. A specially crafted LE binary can trigger heap corruption and cause the application to crash, resulting in a denial-of-service condition. An attacker with a crafted binary could cause a denial of service when the tool is integrated on a service pipeline.", "cvss_score": 6.2, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-415"], "affected_products": [{"vendor": "rizin", "product": "rizin", "cpe": "cpe:2.3:a:rizin:rizin:0.8.1:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/rizinorg/rizin/issues/5753", "source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}, {"url": "https://github.com/rizinorg/rizin/pull/5795", "source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch"]}], "published": "2026-04-06T15:17:07.953", "last_modified": "2026-04-14T19:12:31.837", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00017, "epss_percentile": 0.04051, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 19, "ats_level": "INFO", "ats_breakdown": {"severity": 18.6, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34371", "description": "LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the execute_code sandbox when persisting code-generated artifacts. On deployments using the default local file strategy, a malicious artifact filename containing traversal sequences (for example, ../../../../../app/client/dist/poc.txt) is concatenated into the server-side destination path and written with fs.writeFileSync() without sanitization. This gives any user who can trigger execute_code an arbitrary file write primitive as the LibreChat server user. This vulnerability is fixed in 0.8.4.", "cvss_score": 6.3, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-22"], "affected_products": [{"vendor": "librechat", "product": "librechat", "cpe": "cpe:2.3:a:librechat:librechat:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/danny-avila/LibreChat/security/advisories/GHSA-qrm5-r67f-6692", "source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"]}, {"url": "https://github.com/danny-avila/LibreChat/security/advisories/GHSA-qrm5-r67f-6692", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"]}], "published": "2026-04-07T22:16:22.227", "last_modified": "2026-04-14T19:24:03.290", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00041, "epss_percentile": 0.12334, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1083", "name": "File and Directory Discovery", "tactic": "Discovery"}], "ats_score": 19, "ats_level": "INFO", "ats_breakdown": {"severity": 18.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32282", "description": "On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.", "cvss_score": 6.4, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "MEDIUM", "cwes": [], "affected_products": [], "references": [{"url": "https://go.dev/cl/763761", "source": "security@golang.org", "tags": []}, {"url": "https://go.dev/issue/78293", "source": "security@golang.org", "tags": []}, {"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "source": "security@golang.org", "tags": []}, {"url": "https://pkg.go.dev/vuln/GO-2026-4864", "source": "security@golang.org", "tags": []}], "published": "2026-04-08T02:16:03.467", "last_modified": "2026-04-13T19:16:39.807", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 8e-05, "epss_percentile": 0.00773, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 19, "ats_level": "INFO", "ats_breakdown": {"severity": 19.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39488", "description": "Missing Authorization vulnerability in SureCart SureCart surecart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SureCart: from n/a through <= 4.0.2.", "cvss_score": 6.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/surecart/vulnerability/wordpress-surecart-plugin-4-0-2-broken-access-control-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:23.670", "last_modified": "2026-04-13T19:16:43.613", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00038, "epss_percentile": 0.11232, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 19, "ats_level": "INFO", "ats_breakdown": {"severity": 18.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39630", "description": "Server-Side Request Forgery (SSRF) vulnerability in Getty Images Getty Images getty-images allows Server Side Request Forgery.This issue affects Getty Images: from n/a through <= 4.1.0.", "cvss_score": 6.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-918"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/getty-images/vulnerability/wordpress-getty-images-plugin-4-1-0-server-side-request-forgery-ssrf-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:33.473", "last_modified": "2026-04-14T15:16:36.190", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00022, "epss_percentile": 0.05956, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1090", "name": "Proxy", "tactic": "Command and Control"}], "ats_score": 19, "ats_level": "INFO", "ats_breakdown": {"severity": 19.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39651", "description": "Missing Authorization vulnerability in TotalSuite Total Poll Lite totalpoll-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Total Poll Lite: from n/a through <= 4.12.0.", "cvss_score": 6.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/totalpoll-lite/vulnerability/wordpress-total-poll-lite-plugin-4-12-0-broken-access-control-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:36.193", "last_modified": "2026-04-13T19:16:47.150", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00038, "epss_percentile": 0.11232, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 19, "ats_level": "INFO", "ats_breakdown": {"severity": 18.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33458", "description": "Server-Side Request Forgery (CWE-918) in Kibana One Workflow can lead to information disclosure. An authenticated user with workflow creation and execution privileges can bypass host allowlist restrictions in the Workflows Execution Engine, potentially exposing sensitive internal endpoints and data.", "cvss_score": 6.3, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-918"], "affected_products": [{"vendor": "elastic", "product": "kibana", "cpe": "cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://discuss.elastic.co/t/kibana-9-3-3-security-update-esa-2026-28/385815", "source": "security@elastic.co", "tags": ["Vendor Advisory"]}], "published": "2026-04-08T18:26:00.267", "last_modified": "2026-04-13T11:30:33.800", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0005, "epss_percentile": 0.15373, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1090", "name": "Proxy", "tactic": "Command and Control"}], "ats_score": 19, "ats_level": "INFO", "ats_breakdown": {"severity": 18.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5711", "description": "The Post Blocks & Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sliderStyle' block attribute in the Posts Slider block in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "cvss_score": 6.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://plugins.trac.wordpress.org/browser/bnm-blocks/tags/1.3.0/src/blocks/posts/slider/view.php#L237", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/bnm-blocks/tags/1.3.1/src/blocks/posts/slider/view.php", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/bnm-blocks/trunk/src/blocks/posts/slider/view.php#L237", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3500959%40bnm-blocks%2Ftrunk&old=3456918%40bnm-blocks%2Ftrunk&sfp_email=&sfph_mail=", "source": "security@wordfence.com", "tags": []}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/aeada6dc-0851-45e8-ada9-ff0427b7f17a?source=cve", "source": "security@wordfence.com", "tags": []}], "published": "2026-04-08T22:16:24.543", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00036, "epss_percentile": 0.1064, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 19, "ats_level": "INFO", "ats_breakdown": {"severity": 19.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5823", "description": "A weakness has been identified in itsourcecode Construction Management System 1.0. Affected by this issue is some unknown functionality of the file /borrowed_tool_report.php. This manipulation of the argument Home causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.", "cvss_score": 6.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-74", "CWE-89"], "affected_products": [], "references": [{"url": "https://github.com/ltranquility/cve_submit/issues/14", "source": "cna@vuldb.com", "tags": []}, {"url": "https://itsourcecode.com/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/788299", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356270", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356270/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-09T00:16:21.087", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00031, "epss_percentile": 0.08909, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 19, "ats_level": "INFO", "ats_breakdown": {"severity": 18.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5831", "description": "A security flaw has been discovered in Agions taskflow-ai up to 2.1.8. This impacts an unknown function of the file src/mcp/server/handlers.ts of the component terminal_execute. Performing a manipulation results in os command injection. The attack is possible to be carried out remotely. Upgrading to version 2.1.9 will fix this issue. The patch is named c1550b445b9f24f38c4414e9a545f5f79f23a0fe. Upgrading the affected component is recommended. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.", "cvss_score": 6.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-77", "CWE-78"], "affected_products": [], "references": [{"url": "https://github.com/Agions/taskflow-ai/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/Agions/taskflow-ai/commit/c1550b445b9f24f38c4414e9a545f5f79f23a0fe", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/Agions/taskflow-ai/issues/2", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/Agions/taskflow-ai/releases/tag/v2.1.9", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/789515", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356278", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356278/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-09T02:16:18.110", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00924, "epss_percentile": 0.76004, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 19, "ats_level": "INFO", "ats_breakdown": {"severity": 18.9, "exploit_probability": 0.2, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4429", "description": "The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'marker_name' and 'file_color_list' shortcode attribute of the [osm_map_v3] shortcode in all versions up to and including 6.1.15. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "cvss_score": 6.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://plugins.trac.wordpress.org/browser/osm/tags/6.1.15/osm-icon-class.php#L347", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/osm/tags/6.1.15/osm-icon-class.php#L356", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/osm/tags/6.1.15/osm_map_v3/osm-sc-osm_map_v3.php#L31", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/osm/tags/6.1.15/osm_map_v3/osm-sc-osm_map_v3.php#L560", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/osm/trunk/osm-icon-class.php#L347", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/osm/trunk/osm-icon-class.php#L356", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/osm/trunk/osm_map_v3/osm-sc-osm_map_v3.php#L31", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/osm/trunk/osm_map_v3/osm-sc-osm_map_v3.php#L560", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3493950%40osm&new=3493950%40osm&sfp_email=&sfph_mail=", "source": "security@wordfence.com", "tags": []}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/65dffde9-2a50-41fe-bc21-3d0915068887?source=cve", "source": "security@wordfence.com", "tags": []}], "published": "2026-04-09T04:17:14.640", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00056, "epss_percentile": 0.17588, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 19, "ats_level": "INFO", "ats_breakdown": {"severity": 19.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5357", "description": "The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sid' parameter of the 'wpdm_members' shortcode in versions up to and including 3.3.52. This is due to insufficient input sanitization and output escaping on the user-supplied 'sid' shortcode attribute. The sid parameter is extracted without sanitization in the members() function and stored via update_post_meta(), then echoed directly into an HTML id attribute in the members.php template without applying esc_attr(). This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the injected page.", "cvss_score": 6.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.3.51/src/User/User.php#L175", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.3.51/src/User/views/members.php#L10", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/User/User.php#L175", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/User/views/members.php#L10", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3501300%40download-manager&new=3501300%40download-manager&sfp_email=&sfph_mail=", "source": "security@wordfence.com", "tags": []}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/27fc81b0-c03a-4de7-bc38-791401d1685b?source=cve", "source": "security@wordfence.com", "tags": []}], "published": "2026-04-09T04:17:14.810", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00036, "epss_percentile": 0.10551, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 19, "ats_level": "INFO", "ats_breakdown": {"severity": 19.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4336", "description": "The Ultimate FAQ Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via FAQ content in all versions up to, and including, 2.4.7. This is due to the plugin calling html_entity_decode() on post_content during rendering in the set_display_variables() function (View.FAQ.class.php, line 746), which converts HTML entity-encoded payloads back into executable HTML, combined with insufficient output escaping in the faq-answer.php template where the decoded content is echoed without wp_kses_post() or any other sanitization. The ufaq custom post type is registered with 'show_in_rest' => true and defaults to 'post' capability_type, allowing Author-level users to create and publish FAQs via the REST API. An Author can submit entity-encoded malicious HTML (e.g., &lt;img src=x onerror=alert()&gt;) which bypasses WordPress's kses sanitization at save time (since kses sees entities as plain text, not tags), but is then decoded back into executable HTML by html_entity_decode() at render time. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in FAQ pages that will execute whenever a user accesses an injected FAQ, either directly or via the [ultimate-faqs] shortcode.", "cvss_score": 6.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://plugins.trac.wordpress.org/browser/ultimate-faqs/tags/2.4.7/ewd-ufaq-templates/faq-answer.php#L2", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/ultimate-faqs/tags/2.4.7/includes/CustomPostTypes.class.php#L84", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/ultimate-faqs/tags/2.4.7/views/View.FAQ.class.php#L746", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/ultimate-faqs/trunk/ewd-ufaq-templates/faq-answer.php#L2", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/ultimate-faqs/trunk/includes/CustomPostTypes.class.php#L84", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/ultimate-faqs/trunk/views/View.FAQ.class.php#L746", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3492083%40ultimate-faqs&new=3492083%40ultimate-faqs&sfp_email=&sfph_mail=", "source": "security@wordfence.com", "tags": []}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5ac3ac02-d496-46cb-9aff-ffeeb8fd80fa?source=cve", "source": "security@wordfence.com", "tags": []}], "published": "2026-04-09T05:16:04.910", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00042, "epss_percentile": 0.12768, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 19, "ats_level": "INFO", "ats_breakdown": {"severity": 19.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5742", "description": "The UsersWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.2.60. This is due to insufficient input sanitization of user-supplied URL fields and improper output escaping when rendering user profile data in badge widgets. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts that will execute whenever a user accesses a page containing the affected badge widget.", "cvss_score": 6.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://plugins.trac.wordpress.org/browser/userswp/tags/1.2.55/includes/class-forms.php#L1963", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/userswp/tags/1.2.55/includes/helpers/pages.php#L392-L540", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/userswp/tags/1.2.55/includes/helpers/pages.php#L522-L527", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/userswp/tags/1.2.55/vendor/ayecode/wp-ayecode-ui/includes/components/class-aui-component-button.php#L53", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/userswp/trunk/includes/class-forms.php#L1963", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/userswp/trunk/includes/helpers/pages.php#L392-L540", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/userswp/trunk/includes/helpers/pages.php#L522-L527", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/userswp/trunk/vendor/ayecode/wp-ayecode-ui/includes/components/class-aui-component-button.php#L53", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3501691%40userswp&new=3501691%40userswp&sfp_email=&sfph_mail=", "source": "security@wordfence.com", "tags": []}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bdb619c5-967c-4b8c-8a93-bcdb49137d56?source=cve", "source": "security@wordfence.com", "tags": []}], "published": "2026-04-09T05:16:05.327", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00056, "epss_percentile": 0.17588, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 19, "ats_level": "INFO", "ats_breakdown": {"severity": 19.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-3005", "description": "The List category posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'catlist' shortcode in all versions up to, and including, 0.94.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "cvss_score": 6.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://plugins.trac.wordpress.org/browser/list-category-posts/trunk/include/lcp-thumbnail.php#L95", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/changeset/3482733/", "source": "security@wordfence.com", "tags": []}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1a93ff8a-364f-4ec4-9c32-208c7a3e1fc1?source=cve", "source": "security@wordfence.com", "tags": []}], "published": "2026-04-09T13:16:43.980", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00029, "epss_percentile": 0.08003, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 19, "ats_level": "INFO", "ats_breakdown": {"severity": 19.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40115", "description": "PraisonAI is a multi-agent teams system. Prior to 4.5.128, the WSGI-based recipe registry server (server.py) reads the entire HTTP request body into memory based on the client-supplied Content-Length header with no upper bound. Combined with authentication being disabled by default (no token configured), any local process can send arbitrarily large POST requests to exhaust server memory and cause a denial of service. The Starlette-based server (serve.py) has RequestSizeLimitMiddleware with a 10MB limit, but the WSGI server lacks any equivalent protection. This vulnerability is fixed in 4.5.128.", "cvss_score": 6.2, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-770"], "affected_products": [], "references": [{"url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-2xgv-5cv2-47vv", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-2xgv-5cv2-47vv", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": []}], "published": "2026-04-09T22:16:35.143", "last_modified": "2026-04-13T16:16:31.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0002, "epss_percentile": 0.05263, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 19, "ats_level": "INFO", "ats_breakdown": {"severity": 18.6, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40117", "description": "PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, read_skill_file() in skill_tools.py allows reading arbitrary files from the filesystem by accepting an unrestricted skill_path parameter. Unlike file_tools.read_file which enforces workspace boundary confinement, and unlike run_skill_script which requires critical-level approval, read_skill_file has neither protection. An agent influenced by prompt injection can exfiltrate sensitive files without triggering any approval prompt. This vulnerability is fixed in 1.5.128.", "cvss_score": 6.2, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-grrg-5cg9-58pf", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-09T22:16:35.447", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00017, "epss_percentile": 0.04085, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 19, "ats_level": "INFO", "ats_breakdown": {"severity": 18.6, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-1263", "description": "The Webling plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.9.0 due to insufficient input sanitization, insufficient output escaping, and missing capabilities checks in the 'webling_admin_save_form' and 'webling_admin_save_memberlist' functions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject Webling forms and memberlists with arbitrary web scripts that will execute whenever an administrator views the related form or memberlist area of the WordPress admin.", "cvss_score": 6.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://plugins.trac.wordpress.org/browser/webling/tags/3.9.0/src/admin/actions/save_form.php#L2", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/webling/tags/3.9.0/src/admin/actions/save_memberlist.php#L2", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/webling/tags/3.9.0/src/admin/lists/Form_List.php#L122", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/webling/tags/3.9.0/src/admin/lists/Memberlist_List.php#L115", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fwebling/tags/3.9.0&new_path=%2Fwebling/tags/3.9.1", "source": "security@wordfence.com", "tags": []}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bd8fbe0d-0709-4fa2-9294-393ddcd05b22?source=cve", "source": "security@wordfence.com", "tags": []}], "published": "2026-04-10T02:16:02.083", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00036, "epss_percentile": 0.10551, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 19, "ats_level": "INFO", "ats_breakdown": {"severity": 19.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5999", "description": "A vulnerability has been found in JeecgBoot up to 3.9.1. This impacts an unknown function of the component SysAnnouncementController. Such manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor confirmed the issue and will provide a fix in the upcoming release.", "cvss_score": 6.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-266", "CWE-285"], "affected_products": [], "references": [{"url": "https://github.com/jeecgboot/JeecgBoot/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/jeecgboot/JeecgBoot/issues/9508", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/jeecgboot/JeecgBoot/issues/9508#issuecomment-4199090102", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/793656", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356553", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356553/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-10T03:16:04.053", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00043, "epss_percentile": 0.12853, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 19, "ats_level": "INFO", "ats_breakdown": {"severity": 18.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2305", "description": "The AddFunc Head & Footer Code plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `aFhfc_head_code`, `aFhfc_body_code`, and `aFhfc_footer_code` post meta values in all versions up to, and including, 2.3. This is due to the plugin outputting these meta values without any sanitization or escaping. While the plugin restricts its own metabox and save handler to administrators via `current_user_can('manage_options')`, it does not use `register_meta()` with an `auth_callback` to protect these meta keys. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts via the WordPress Custom Fields interface that execute when an administrator previews or views the post.", "cvss_score": 6.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://plugins.trac.wordpress.org/browser/addfunc-head-footer-code/tags/2.3/addfunc-head-footer-code.php#L63", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/addfunc-head-footer-code/tags/2.3/addfunc-head-footer-code.php#L74", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/addfunc-head-footer-code/tags/2.3/addfunc-head-footer-code.php#L85", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/addfunc-head-footer-code/trunk/addfunc-head-footer-code.php#L63", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/addfunc-head-footer-code/trunk/addfunc-head-footer-code.php#L74", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/addfunc-head-footer-code/trunk/addfunc-head-footer-code.php#L85", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Faddfunc-head-footer-code/tags/2.3&new_path=%2Faddfunc-head-footer-code/tags/2.4", "source": "security@wordfence.com", "tags": []}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2f2d1a67-1d9b-4b73-988e-085eaa7474c6?source=cve", "source": "security@wordfence.com", "tags": []}], "published": "2026-04-10T04:16:59.690", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00042, "epss_percentile": 0.12768, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 19, "ats_level": "INFO", "ats_breakdown": {"severity": 19.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6005", "description": "A flaw has been found in code-projects Patient Record Management System 1.0. The affected element is an unknown function of the file /hematology_print.php. Executing a manipulation of the argument hem_id can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used.", "cvss_score": 6.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-74", "CWE-89"], "affected_products": [], "references": [{"url": "https://code-projects.org/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/1768161086/SQL_CVE_1.0/blob/main/sql_cve.pdf", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/794536", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356561", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356561/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-10T04:17:17.657", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00028, "epss_percentile": 0.07873, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 19, "ats_level": "INFO", "ats_breakdown": {"severity": 18.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6006", "description": "A vulnerability has been found in code-projects Patient Record Management System 1.0. The impacted element is an unknown function of the file /edit_hpatient.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.", "cvss_score": 6.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-74", "CWE-89"], "affected_products": [], "references": [{"url": "https://code-projects.org/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/1768161086/SQL_CVE_1.2/blob/main/sql_cve.pdf", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/794542", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356562", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356562/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-10T04:17:23.420", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00028, "epss_percentile": 0.07873, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 19, "ats_level": "INFO", "ats_breakdown": {"severity": 18.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6007", "description": "A vulnerability was found in itsourcecode Construction Management System 1.0. This affects an unknown function of the file /del.php. The manipulation of the argument equipname results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used.", "cvss_score": 6.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-74", "CWE-89"], "affected_products": [], "references": [{"url": "https://github.com/ltranquility/submit/issues/8", "source": "cna@vuldb.com", "tags": []}, {"url": "https://itsourcecode.com/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/794604", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356563", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356563/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-10T04:17:23.643", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00028, "epss_percentile": 0.07873, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 19, "ats_level": "INFO", "ats_breakdown": {"severity": 18.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6010", "description": "A security flaw has been discovered in CodeAstro Online Classroom 1.0/2.php. Affected by this vulnerability is an unknown functionality of the file /OnlineClassroom/takeassessment2.php?exid=14. Performing a manipulation of the argument Q1 results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks.", "cvss_score": 6.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-74", "CWE-89"], "affected_products": [], "references": [{"url": "https://codeastro.com/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/xue-p123/vuldb-research/issues/2", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/794658", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356566", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356566/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-10T04:17:25.640", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00028, "epss_percentile": 0.07873, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 19, "ats_level": "INFO", "ats_breakdown": {"severity": 18.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6030", "description": "A flaw has been found in itsourcecode Construction Management System 1.0. The impacted element is an unknown function of the file /del1.php. This manipulation of the argument toolname causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used.", "cvss_score": 6.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-74", "CWE-89"], "affected_products": [], "references": [{"url": "https://github.com/ltranquility/submit/issues/9", "source": "cna@vuldb.com", "tags": []}, {"url": "https://itsourcecode.com/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/795444", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356606", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356606/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-10T07:16:22.207", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00028, "epss_percentile": 0.07873, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 19, "ats_level": "INFO", "ats_breakdown": {"severity": 18.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6033", "description": "A vulnerability was determined in CodeAstro Online Classroom 1.0. Affected is an unknown function of the file /updatedetailsfromstudent.php?eno=146891650. Executing a manipulation of the argument fname can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.", "cvss_score": 6.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-74", "CWE-89"], "affected_products": [], "references": [{"url": "https://codeastro.com/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/yuji0903/silver-guide/issues/17", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/795773", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356609", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356609/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-10T08:16:26.690", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00028, "epss_percentile": 0.07873, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 19, "ats_level": "INFO", "ats_breakdown": {"severity": 18.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40225", "description": "In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.", "cvss_score": 6.4, "cvss_vector": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-669"], "affected_products": [], "references": [{"url": "https://github.com/systemd/systemd/security/advisories/GHSA-vpfq-8p5f-jcqx", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-10T16:16:33.287", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0002, "epss_percentile": 0.05138, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 19, "ats_level": "INFO", "ats_breakdown": {"severity": 19.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40226", "description": "In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.", "cvss_score": 6.4, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-348"], "affected_products": [], "references": [{"url": "https://github.com/systemd/systemd/security/advisories/GHSA-9mj4-rrc3-gjcx", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-10T16:16:33.447", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 6e-05, "epss_percentile": 0.00371, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 19, "ats_level": "INFO", "ats_breakdown": {"severity": 19.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40227", "description": "In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element.", "cvss_score": 6.2, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-1025"], "affected_products": [{"vendor": "systemd_project", "product": "systemd", "cpe": "cpe:2.3:a:systemd_project:systemd:260:-:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/systemd/systemd/security/advisories/GHSA-848h-497j-8vjq", "source": "cve@mitre.org", "tags": ["Vendor Advisory"]}], "published": "2026-04-10T16:16:33.607", "last_modified": "2026-04-14T19:41:59.977", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00018, "epss_percentile": 0.04332, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 19, "ats_level": "INFO", "ats_breakdown": {"severity": 18.6, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-3498", "description": "The BlockArt Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'clientId' block attribute in all versions up to, and including, 2.2.15. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "cvss_score": 6.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://plugins.trac.wordpress.org/browser/blockart-blocks/tags/2.2.15/includes/BlockTypes/PostTemplate.php#L67", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/blockart-blocks/tags/2.2.15/includes/BlockTypes/QueryLoop.php#L43", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fblockart-blocks/tags/2.2.15&new_path=%2Fblockart-blocks/tags/2.3.0", "source": "security@wordfence.com", "tags": []}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7d0cb432-785a-4f38-830f-72b95e65aa5a?source=cve", "source": "security@wordfence.com", "tags": []}], "published": "2026-04-11T02:16:02.117", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0003, "epss_percentile": 0.08525, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 19, "ats_level": "INFO", "ats_breakdown": {"severity": 19.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4895", "description": "The GreenShift - Animation and Page Builder Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 12.8.9 This is due to insufficient input sanitization and output escaping in the gspb_greenShift_block_script_assets() function. The function uses str_replace() to insert 'fetchpriority=\"high\"' before 'src=' attributes when processing greenshift-blocks/image blocks with the disablelazy attribute enabled. Because this replacement operates on the entire HTML string without parsing, contributors can inject the string 'src=' into HTML attribute values (such as class attributes). When the str_replace executes, the double quotes in the replacement string break out of the attribute context, allowing injection of malicious HTML attributes like onfocus with JavaScript payloads. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "cvss_score": 6.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://plugins.trac.wordpress.org/browser/greenshift-animation-and-page-builder-blocks/tags/12.8.6/init.php#L866", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/greenshift-animation-and-page-builder-blocks/tags/12.8.6/init.php#L889", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/greenshift-animation-and-page-builder-blocks/trunk/init.php#L866", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/greenshift-animation-and-page-builder-blocks/trunk/init.php#L889", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/changeset/3494855/greenshift-animation-and-page-builder-blocks/trunk/init.php", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fgreenshift-animation-and-page-builder-blocks/tags/12.8.9&new_path=%2Fgreenshift-animation-and-page-builder-blocks/tags/12.9.0", "source": "security@wordfence.com", "tags": []}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6e3ae3c6-a7d1-46f0-a006-996c1fbe7c7e?source=cve", "source": "security@wordfence.com", "tags": []}], "published": "2026-04-11T02:16:02.270", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00036, "epss_percentile": 0.10423, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 19, "ats_level": "INFO", "ats_breakdown": {"severity": 19.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6108", "description": "A vulnerability was found in 1Panel-dev MaxKB up to 2.6.1. The affected element is the function execute of the file apps/application/flow/step_node/mcp_node/impl/base_mcp_node.py of the component Model Context Protocol Node. Performing a manipulation results in os command injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used. You should upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.", "cvss_score": 6.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-77", "CWE-78"], "affected_products": [], "references": [{"url": "https://github.com/AnalogyC0de/public_exp/issues/30", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/782279", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356968", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356968/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-12T01:16:16.807", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00201, "epss_percentile": 0.42244, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 19, "ats_level": "INFO", "ats_breakdown": {"severity": 18.9, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6111", "description": "A security flaw has been discovered in FoundationAgents MetaGPT up to 0.8.1. This impacts the function decode_image of the file metagpt/utils/common.py. The manipulation of the argument img_url_or_b64 results in server-side request forgery. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.", "cvss_score": 6.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-918"], "affected_products": [], "references": [{"url": "https://github.com/FoundationAgents/MetaGPT/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/FoundationAgents/MetaGPT/issues/1934", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/FoundationAgents/MetaGPT/pull/1941", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/791762", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356971", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356971/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-12T03:16:08.827", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00043, "epss_percentile": 0.12853, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1090", "name": "Proxy", "tactic": "Command and Control"}], "ats_score": 19, "ats_level": "INFO", "ats_breakdown": {"severity": 18.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6117", "description": "A vulnerability was found in AstrBotDevs AstrBot up to 4.22.1. This issue affects the function install_plugin_upload of the file astrbot/dashboard/routes/plugin.py of the component install-upload Endpoint. The manipulation of the argument File results in sandbox issue. The attack can be executed remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.", "cvss_score": 6.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-264", "CWE-265"], "affected_products": [], "references": [{"url": "https://github.com/AstrBotDevs/AstrBot/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/AstrBotDevs/AstrBot/issues/7168", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/792653", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356977", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356977/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-12T05:16:01.287", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00039, "epss_percentile": 0.11645, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 19, "ats_level": "INFO", "ats_breakdown": {"severity": 18.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6118", "description": "A vulnerability was determined in AstrBotDevs AstrBot up to 4.22.1. Impacted is the function add_mcp_server of the file astrbot/dashboard/routes/tools.py of the component MCP Endpoint. This manipulation of the argument command causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.", "cvss_score": 6.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-74", "CWE-77"], "affected_products": [], "references": [{"url": "https://github.com/AstrBotDevs/AstrBot/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/AstrBotDevs/AstrBot/issues/7169", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/792655", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356978", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356978/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-12T05:16:01.560", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00856, "epss_percentile": 0.74972, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 19, "ats_level": "INFO", "ats_breakdown": {"severity": 18.9, "exploit_probability": 0.2, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6119", "description": "A vulnerability was identified in AstrBotDevs AstrBot up to 4.22.1. The affected element is the function post_data.get of the component API Endpoint. Such manipulation leads to server-side request forgery. The attack may be performed from remote. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.", "cvss_score": 6.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-918"], "affected_products": [], "references": [{"url": "https://github.com/AstrBotDevs/AstrBot/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/AstrBotDevs/AstrBot/issues/7171", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/792661", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356979", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356979/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-12T06:16:21.927", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00012, "epss_percentile": 0.01634, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1090", "name": "Proxy", "tactic": "Command and Control"}], "ats_score": 19, "ats_level": "INFO", "ats_breakdown": {"severity": 18.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6125", "description": "A security flaw has been discovered in Dromara warm-flow up to 1.8.4. Impacted is the function SpelHelper.parseExpression of the file /warm-flow/save-json of the component Workflow Definition Handler. The manipulation of the argument listenerPath/skipCondition/permissionFlag results in code injection. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.", "cvss_score": 6.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-74", "CWE-94"], "affected_products": [], "references": [{"url": "https://gitee.com/dromara/warm-flow/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://gitee.com/dromara/warm-flow/issues/IHURVQ", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/793322", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356989", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356989/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-12T10:16:01.277", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00044, "epss_percentile": 0.13243, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 19, "ats_level": "INFO", "ats_breakdown": {"severity": 18.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2019-25711", "description": "SpotFTP Password Recover 2.4.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an oversized buffer in the Name field during registration. Attackers can generate a 256-byte payload, paste it into the Name input field, and trigger a crash when submitting the registration code.", "cvss_score": 6.2, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-807"], "affected_products": [], "references": [{"url": "https://www.exploit-db.com/exploits/46088", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/spotftp-password-recover-denial-of-service-via-name-field", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-12T13:16:34.300", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0002, "epss_percentile": 0.05285, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 19, "ats_level": "INFO", "ats_breakdown": {"severity": 18.6, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2019-25712", "description": "BlueAuditor 1.7.2.0 contains a buffer overflow vulnerability in the registration key field that allows local attackers to crash the application by submitting an oversized key value. Attackers can trigger a denial of service by entering a 256-byte buffer of repeated characters in the Key registration field, causing the application to crash during registration processing.", "cvss_score": 6.2, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-787"], "affected_products": [], "references": [{"url": "https://www.exploit-db.com/exploits/46087", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/blueauditor-buffer-overflow-denial-of-service-via-registration-key", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-12T13:16:34.457", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00013, "epss_percentile": 0.02068, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 19, "ats_level": "INFO", "ats_breakdown": {"severity": 18.6, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-25204", "description": "Deserialization of untrusted data vulnerability in Samsung Open Source Escargot Java Script allows denial of service condition via process abort.\n\nThis issue affects escarogt prior to commit hash \n\n97e8115ab1110bc502b4b5e4a0c689a71520d335", "cvss_score": 6.2, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-502", "CWE-843"], "affected_products": [], "references": [{"url": "https://github.com/Samsung/escargot/pull/1554", "source": "PSIRT@samsung.com", "tags": []}], "published": "2026-04-13T01:16:35.313", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00014, "epss_percentile": 0.02435, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 19, "ats_level": "INFO", "ats_breakdown": {"severity": 18.6, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6141", "description": "A vulnerability was determined in danielmiessler Personal_AI_Infrastructure up to 2.3.0. Affected is an unknown function of the file Skills/Parser/Tools/parse_url.ts. Executing a manipulation can lead to os command injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. This patch is called 14322e87e58bf585cf3c7b9295578a6eb7dc4945. It is advisable to implement a patch to correct this issue. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.", "cvss_score": 6.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-77", "CWE-78"], "affected_products": [], "references": [{"url": "https://github.com/danielmiessler/Personal_AI_Infrastructure/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/danielmiessler/Personal_AI_Infrastructure/commit/14322e87e58bf585cf3c7b9295578a6eb7dc4945", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/danielmiessler/Personal_AI_Infrastructure/pull/659", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/danielmiessler/Personal_AI_Infrastructure/pull/659#issuecomment-3905020094", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/793438", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357005", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357005/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-13T01:16:35.890", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00734, "epss_percentile": 0.7275, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 19, "ats_level": "INFO", "ats_breakdown": {"severity": 18.9, "exploit_probability": 0.2, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6143", "description": "A security flaw has been discovered in farion1231 cc-switch up to 3.12.3. Affected by this issue is some unknown functionality of the file src-tauri/src/proxy/server.rs of the component ProxyServer. The manipulation results in permissive cross-domain policy with untrusted domains. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.", "cvss_score": 6.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-346", "CWE-942"], "affected_products": [], "references": [{"url": "https://github.com/farion1231/cc-switch/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/farion1231/cc-switch/issues/1841", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/farion1231/cc-switch/issues/1841#issue-4191294952", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/farion1231/cc-switch/pull/1915", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/796145", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357007", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357007/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-13T02:16:04.783", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00021, "epss_percentile": 0.05558, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 19, "ats_level": "INFO", "ats_breakdown": {"severity": 18.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34861", "description": "Race condition vulnerability in the thermal management module.\nImpact: Successful exploitation of this vulnerability may affect availability.", "cvss_score": 6.3, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-362"], "affected_products": [], "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2026/4/", "source": "psirt@huawei.com", "tags": []}, {"url": "https://consumer.huawei.com/en/support/bulletinwearables/2026/4/", "source": "psirt@huawei.com", "tags": []}], "published": "2026-04-13T05:16:03.953", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 5e-05, "epss_percentile": 0.00241, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}], "ats_score": 19, "ats_level": "INFO", "ats_breakdown": {"severity": 18.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34862", "description": "Race condition vulnerability in the power consumption statistics module.\nImpact: Successful exploitation of this vulnerability may affect availability.", "cvss_score": 6.3, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-362"], "affected_products": [], "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2026/4/", "source": "psirt@huawei.com", "tags": []}, {"url": "https://consumer.huawei.com/en/support/bulletinwearables/2026/4/", "source": "psirt@huawei.com", "tags": []}], "published": "2026-04-13T05:16:04.100", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 5e-05, "epss_percentile": 0.00241, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}], "ats_score": 19, "ats_level": "INFO", "ats_breakdown": {"severity": 18.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-29628", "description": "A stack overflow in the experimental/tinyobj_loader_opt.h file of tinyobjloader commit d56555b allows attackers to cause a Denial of Service (DoS) via supplying a crafted .mtl file.", "cvss_score": 6.2, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-121"], "affected_products": [], "references": [{"url": "https://github.com/kiyochii/CVE-2026-29628", "source": "cve@mitre.org", "tags": []}, {"url": "https://github.com/kiyochii/tinyobjloader/commit/386b73bb8c1a855236beb73b11f45f7feac4e03a", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-13T15:17:19.673", "last_modified": "2026-04-13T20:16:32.477", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00013, "epss_percentile": 0.02068, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 19, "ats_level": "INFO", "ats_breakdown": {"severity": 18.6, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6190", "description": "A vulnerability was found in itsourcecode Construction Management System 1.0. The impacted element is an unknown function of the file /employees.php. Performing a manipulation of the argument Name results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used.", "cvss_score": 6.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-74", "CWE-89"], "affected_products": [], "references": [{"url": "https://github.com/ltranquility/cve_submit/issues/15", "source": "cna@vuldb.com", "tags": []}, {"url": "https://itsourcecode.com/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/797383", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357112", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357112/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-13T17:16:31.903", "last_modified": "2026-04-13T17:16:31.903", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00028, "epss_percentile": 0.07873, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 19, "ats_level": "INFO", "ats_breakdown": {"severity": 18.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6191", "description": "A vulnerability was determined in itsourcecode Construction Management System 1.0. This affects an unknown function of the file /equipments.php. Executing a manipulation of the argument Name can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.", "cvss_score": 6.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-74", "CWE-89"], "affected_products": [], "references": [{"url": "https://github.com/ltranquility/cve_submit/issues/16", "source": "cna@vuldb.com", "tags": []}, {"url": "https://itsourcecode.com/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/797384", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357113", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357113/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-13T17:16:32.137", "last_modified": "2026-04-13T17:16:32.137", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00028, "epss_percentile": 0.07873, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 19, "ats_level": "INFO", "ats_breakdown": {"severity": 18.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6202", "description": "A security flaw has been discovered in code-projects Easy Blog Site 1.0. This affects an unknown function of the file post.php. Performing a manipulation of the argument tags results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.", "cvss_score": 6.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-74", "CWE-89"], "affected_products": [], "references": [{"url": "https://code-projects.org/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/Learner636/CVE-smbmit/issues/6", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/797629", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357124", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357124/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-13T20:16:47.523", "last_modified": "2026-04-13T20:16:47.523", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00028, "epss_percentile": 0.07873, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 19, "ats_level": "INFO", "ats_breakdown": {"severity": 18.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6215", "description": "A weakness has been identified in DbGate up to 7.1.4. The impacted element is the function apiServerUrl1 of the file packages/rest/src/openApiDriver.ts of the component REST/GraphQL. This manipulation causes server-side request forgery. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.", "cvss_score": 6.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-918"], "affected_products": [], "references": [{"url": "https://vuldb.com/submit/785836", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357134", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357134/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-13T20:16:47.723", "last_modified": "2026-04-13T20:16:47.723", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00032, "epss_percentile": 0.08994, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1090", "name": "Proxy", "tactic": "Command and Control"}], "ats_score": 19, "ats_level": "INFO", "ats_breakdown": {"severity": 18.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33947", "description": "jq is a command-line JSON processor. In versions 1.8.1 and below, functions jv_setpath(), jv_getpath(), and delpaths_sorted() in jq's src/jv_aux.c use unbounded recursion whose depth is controlled by the length of a caller-supplied path array, with no depth limit enforced. An attacker can supply a JSON document containing a flat array of ~65,000 integers (~200 KB) that, when used as a path argument by a trusted jq filter, exhausts the C call stack and crashes the process with a segmentation fault (SIGSEGV). This bypass works because the existing MAX_PARSING_DEPTH (10,000) limit only protects the JSON parser, not runtime path operations where arrays can be programmatically constructed to arbitrary lengths. The impact is denial of service (unrecoverable crash) affecting any application or service that processes untrusted JSON input through jq's setpath, getpath, or delpaths builtins. This issue has been addressed in commit fb59f1491058d58bdc3e8dd28f1773d1ac690a1f.", "cvss_score": 6.2, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-674"], "affected_products": [], "references": [{"url": "https://github.com/jqlang/jq/commit/fb59f1491058d58bdc3e8dd28f1773d1ac690a1f", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/jqlang/jq/security/advisories/GHSA-xwrw-4f8h-rjvg", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/jqlang/jq/security/advisories/GHSA-xwrw-4f8h-rjvg", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": []}], "published": "2026-04-13T22:16:29.157", "last_modified": "2026-04-14T15:16:28.897", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00013, "epss_percentile": 0.02068, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 19, "ats_level": "INFO", "ats_breakdown": {"severity": 18.6, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40169", "description": "ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, a crafted image could result in an out of bounds heap write when writing a yaml or json output, resulting in a crash. This issue has been fixed in version 7.1.2-19.", "cvss_score": 6.2, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-122", "CWE-787"], "affected_products": [], "references": [{"url": "https://github.com/ImageMagick/ImageMagick/commit/f86452a8aea37bf2b4bd36127f836dcc5f138b38", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5592-p365-24xh", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-13T22:16:29.477", "last_modified": "2026-04-13T22:16:29.477", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00012, "epss_percentile": 0.01525, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 19, "ats_level": "INFO", "ats_breakdown": {"severity": 18.6, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40312", "description": "ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, an off by one error in the MSL decoder could result in a crash when a malicous MSL file is read. This issue has been fixed in version 7.1.2-19.", "cvss_score": 6.2, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-193"], "affected_products": [], "references": [{"url": "https://github.com/ImageMagick/ImageMagick/commit/2a06c7be3bba3326caf8b7a8d1fa2e0d4b88998d", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5xg3-585r-9jh5", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-13T22:16:30.113", "last_modified": "2026-04-13T22:16:30.113", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00012, "epss_percentile": 0.01525, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 19, "ats_level": "INFO", "ats_breakdown": {"severity": 18.6, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39420", "description": "MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, an incomplete sandbox protection mechanism allows an authenticated user with tool execution privileges to escape the LD_PRELOAD-based sandbox. By env command the attacker can clear the environment variables and drop the sandbox.so hook, leading to unrestricted Remote Code Execution (RCE) and network access. MaxKB restricts untrusted Python code execution via the Tool Debug API by injecting sandbox.so through the LD_PRELOAD environment variable. This intercepts sensitive C library functions (like execve, socket, open) to restrict network and file access. However, a patch allowed the /usr/bin/env utility to be executed by the sandboxed user. When an attacker is permitted to create subprocesses, they can execute the env -i python command. The -i flag instructs env to completely clear all environment variables before running the target program. This effectively drops the LD_PRELOAD environment variable. The newly spawned Python process will therefore execute natively without any sandbox hooks, bypassing all network and file system restrictions. This issue has been fixed in version 2.8.0.", "cvss_score": 6.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-78", "CWE-693"], "affected_products": [], "references": [{"url": "https://github.com/1Panel-dev/MaxKB/commit/2d17b08e6b060329803754a05e806d0ddecf3fa8", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/1Panel-dev/MaxKB/releases/tag/v2.8.0", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-7wgv-v2r3-7f7w", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-14T01:16:04.530", "last_modified": "2026-04-14T01:16:04.530", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00153, "epss_percentile": 0.3598, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 19, "ats_level": "INFO", "ats_breakdown": {"severity": 18.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39421", "description": "MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a sandbox escape vulnerability in the ToolExecutor component. By leveraging Python's ctypes library to execute raw system calls, an authenticated attacker with workspace privileges can bypass the LD_PRELOAD-based sandbox.so module to achieve arbitrary code execution via direct kernel system calls, enabling full network exfiltration and container compromise. The library intercepts critical standard system functions such as execve, system, connect, and open. It also intercepts mprotect to prevent PROT_EXEC (executable memory) allocations within the sandboxed Python processes, but pkey_mprotect is not blocked. This issue has been fixed in version 2.8.0.", "cvss_score": 6.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-94", "CWE-693"], "affected_products": [], "references": [{"url": "https://github.com/1Panel-dev/MaxKB/commit/479701a4d2e6059506bad0057a66bed91abb5aef", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/1Panel-dev/MaxKB/releases/tag/v2.8.0", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-9c6w-j7w5-3gf7", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-14T01:16:04.690", "last_modified": "2026-04-14T01:16:04.690", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00074, "epss_percentile": 0.22304, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 19, "ats_level": "INFO", "ats_breakdown": {"severity": 18.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-1607", "description": "The Surbma | Booking.com Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `surbma-bookingcom` shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "cvss_score": 6.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://plugins.trac.wordpress.org/browser/surbma-bookingcom-shortcode/tags/2.0/surbma-bookingcom-shortcode.php#L34", "source": "security@wordfence.com", "tags": []}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/01280afb-4745-4f36-823e-ed794bb3353a?source=cve", "source": "security@wordfence.com", "tags": []}], "published": "2026-04-14T04:17:00.163", "last_modified": "2026-04-14T04:17:00.163", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00029, "epss_percentile": 0.08061, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 19, "ats_level": "INFO", "ats_breakdown": {"severity": 19.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4059", "description": "The ShopLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the woolentor_quickview_button shortcode's button_text attribute in all versions up to, and including, 3.3.5. This is due to insufficient input sanitization and missing output escaping on user-supplied shortcode attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "cvss_score": 6.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://plugins.trac.wordpress.org/browser/woolentor-addons/tags/3.3.4/includes/modules/quickview/includes/classes/Frontend/Shortcode.php#L61", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/woolentor-addons/tags/3.3.4/includes/modules/quickview/includes/templates/quickview-button.php#L1", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/woolentor-addons/trunk/includes/modules/quickview/includes/classes/Frontend/Shortcode.php#L61", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/changeset/3493664/woolentor-addons/trunk/includes/modules/quickview/includes/classes/Frontend/Shortcode.php", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fwoolentor-addons/tags/3.3.5&new_path=%2Fwoolentor-addons/tags/3.3.6", "source": "security@wordfence.com", "tags": []}, {"url": "https://ti.wordfence.io/vendors/patch/1796/download", "source": "security@wordfence.com", "tags": []}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fdf0b13e-154c-4007-bfc2-5346d906f7ca?source=cve", "source": "security@wordfence.com", "tags": []}], "published": "2026-04-14T04:17:18.137", "last_modified": "2026-04-14T04:17:18.137", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00036, "epss_percentile": 0.10551, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 19, "ats_level": "INFO", "ats_breakdown": {"severity": 19.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34626", "description": "Acrobat Reader versions 26.001.21411, 24.001.30360, 24.001.30362 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary file system read in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "cvss_score": 6.3, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-1321"], "affected_products": [], "references": [{"url": "https://helpx.adobe.com/security/products/acrobat/apsb26-44.html", "source": "psirt@adobe.com", "tags": []}], "published": "2026-04-14T17:16:51.283", "last_modified": "2026-04-14T17:16:51.283", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 19, "ats_level": "INFO", "ats_breakdown": {"severity": 18.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32072", "description": "Improper authentication in Windows Active Directory allows an unauthorized attacker to perform spoofing locally.", "cvss_score": 6.2, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-287"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32072", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:07.840", "last_modified": "2026-04-14T18:17:07.840", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1078", "name": "Valid Accounts", "tactic": "Initial Access"}], "ats_score": 19, "ats_level": "INFO", "ats_breakdown": {"severity": 18.6, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2024-1573", "description": "Missing Authentication for Critical Function vulnerability in the mobile monitoring feature of Mitsubishi Electric GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric AnalytiX versions 10.97.2 and prior, Mitsubishi Electric MobileHMI versions 10.97.2 and prior, Mitsubishi Electric IoTWorX version 10.95, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.2 and prior, and Mitsubishi Electric Iconics Digital Solutions IoTWorX version 10.95 allows a remote unauthenticated attacker to bypass proper authentication and log in to the system when all of the following conditions are met: (1) Active Directory is used in the security setting (2) \"Automatic log in\" option is enabled in the security setting (3) The IcoAnyGlass IIS Application Pool is running under an Active Directory Domain Account. (4) The IcoAnyGlass IIS Application Pool account is included in GENESIS64, ICONCIS Suite, and MC Works64 Security and has permission to log in.", "cvss_score": 5.9, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-306"], "affected_products": [], "references": [{"url": "https://jvn.jp/vu/JVNVU98894016/", "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "tags": []}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03", "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "tags": []}, {"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-004_en.pdf", "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "tags": []}, {"url": "https://jvn.jp/vu/JVNVU98894016/", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-004_en.pdf", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2024-07-04T09:15:03.260", "last_modified": "2026-04-13T23:16:26.720", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00243, "epss_percentile": 0.47526, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 17.7, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-0244", "description": "When redirecting to an invalid protocol scheme, an attacker could spoof the address bar. \n*Note: This issue only affected Android operating systems. Other operating systems are unaffected.*. This vulnerability was fixed in Firefox 134.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-601"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1929584", "source": "security@mozilla.org", "tags": ["Issue Tracking"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-01/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-01-07T16:15:39.073", "last_modified": "2026-04-13T15:16:34.657", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.07489, "epss_percentile": 0.91795, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 1.9, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-4082", "description": "Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate privileges.\n*This bug only affects Thunderbird for macOS. Other versions of Thunderbird are unaffected.*. This vulnerability was fixed in Firefox 138, Firefox ESR 128.10, Firefox ESR 115.23, Thunderbird 138, and Thunderbird 128.10.", "cvss_score": 5.9, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-125"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1937097", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-28/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-29/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-30/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-31/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-32/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00022.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-04-29T14:15:34.913", "last_modified": "2026-04-13T15:16:59.277", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00335, "epss_percentile": 0.56389, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 17.7, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-3859", "description": "Websites directing users to long URLs that caused eliding to occur in the location view could leverage the truncating behavior to potentially trick users into thinking they were on a different webpage. This vulnerability was fixed in Focus 138.", "cvss_score": 6.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-601", "CWE-451"], "affected_products": [{"vendor": "mozilla", "product": "firefox_focus", "cpe": "cpe:2.3:a:mozilla:firefox_focus:*:*:*:*:*:iphone_os:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1951533", "source": "security@mozilla.org", "tags": ["Issue Tracking"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-33/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-04-30T17:15:50.903", "last_modified": "2026-04-13T15:16:58.203", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00156, "epss_percentile": 0.36395, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 18.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-6430", "description": "When a file download is specified via the `Content-Disposition` header, that directive would be ignored if the file was included via a `&lt;embed&gt;` or `&lt;object&gt;` tag, potentially making a website vulnerable to a cross-site scripting attack. This vulnerability was fixed in Firefox 140, Firefox ESR 128.12, Thunderbird 140, and Thunderbird 128.12.", "cvss_score": 6.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1971140", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-51/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-53/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-54/", "source": "security@mozilla.org", "tags": []}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-55/", "source": "security@mozilla.org", "tags": []}, {"url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00029.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00002.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-06-24T13:15:23.993", "last_modified": "2026-04-13T15:17:07.260", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00102, "epss_percentile": 0.27936, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 18.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-55030", "description": "Firefox for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline rather than downloading, potentially allowing for XSS attacks. This vulnerability was fixed in Firefox for iOS 142.", "cvss_score": 6.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-640"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:iphone_os:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1976304", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-68/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-08-19T21:15:28.210", "last_modified": "2026-04-13T15:17:02.667", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00029, "epss_percentile": 0.08195, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 18.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-55032", "description": "Focus for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline, potentially allowing for XSS attacks. This vulnerability was fixed in Focus for iOS 142.", "cvss_score": 6.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-601"], "affected_products": [{"vendor": "mozilla", "product": "firefox_focus", "cpe": "cpe:2.3:a:mozilla:firefox_focus:*:*:*:*:*:iphone_os:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1976296", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-69/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-08-19T21:15:28.470", "last_modified": "2026-04-13T15:17:03.020", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00029, "epss_percentile": 0.08195, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 18.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-55033", "description": "Dragging JavaScript links to the URL bar in Focus for iOS could be utilized to run malicious scripts, potentially resulting in XSS attacks. This vulnerability was fixed in Focus for iOS 142.", "cvss_score": 6.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [{"vendor": "mozilla", "product": "firefox_focus", "cpe": "cpe:2.3:a:mozilla:firefox_focus:*:*:*:*:*:iphone_os:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1913825", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-69/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-08-19T21:15:28.617", "last_modified": "2026-04-13T15:17:03.177", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00025, "epss_percentile": 0.06991, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 18.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-11712", "description": "A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served without a content-type. This could have contributed to an XSS on a site that unsafely serves files without a content-type header. This vulnerability was fixed in Firefox 144, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4.", "cvss_score": 6.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-116"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1979536", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-81/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-83/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-84/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-85/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00015.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00031.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-10-14T13:15:37.447", "last_modified": "2026-04-13T15:16:39.987", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0004, "epss_percentile": 0.11914, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 18.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-13013", "description": "Mitigation bypass in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and Thunderbird 140.5.", "cvss_score": 6.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-288"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1991945", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-87/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-88/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-89/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-90/", "source": "security@mozilla.org", "tags": []}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-91/", "source": "security@mozilla.org", "tags": []}], "published": "2025-11-11T16:15:38.367", "last_modified": "2026-04-13T15:16:42.123", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0004, "epss_percentile": 0.1196, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 18.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-54057", "description": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache SkyWalking.\n\nThis issue affects Apache SkyWalking: <= 10.2.0.\n\nUsers are recommended to upgrade to version 10.3.0, which fixes the issue.", "cvss_score": 6.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-80"], "affected_products": [{"vendor": "apache", "product": "skywalking", "cpe": "cpe:2.3:a:apache:skywalking:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://lists.apache.org/thread/sl2x2tx8y007x0mo746yddx2lvnv9tcr", "source": "security@apache.org", "tags": ["Vendor Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2025/11/27/1", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2026/04/13/3", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-11-27T12:15:47.253", "last_modified": "2026-04-13T16:16:24.293", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00447, "epss_percentile": 0.63493, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 18.3, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-40893", "description": "A Stored HTML Injection vulnerability was discovered in the Asset List functionality due to improper validation of network traffic data. An unauthenticated attacker can send specially crafted network packets to inject HTML tags into asset attributes. When a victim views the affected assets in the Asset List (and similar functions), the injected HTML renders in their browser, enabling phishing and possibly open redirect attacks. Full XSS exploitation and direct information disclosure are prevented by the existing input validation and Content Security Policy configuration.", "cvss_score": 6.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [{"vendor": "nozominetworks", "product": "cmc", "cpe": "cpe:2.3:a:nozominetworks:cmc:*:*:*:*:*:*:*:*"}, {"vendor": "nozominetworks", "product": "guardian", "cpe": "cpe:2.3:a:nozominetworks:guardian:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://security.nozominetworks.com/NN-2025:14-01", "source": "prodsec@nozominetworks.com", "tags": ["Vendor Advisory"]}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-827968.html", "source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e", "tags": []}], "published": "2025-12-18T14:15:59.620", "last_modified": "2026-04-14T10:16:27.247", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00054, "epss_percentile": 0.16967, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 18.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-30856", "description": "WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0,  a vulnerability involving tool name collision and indirect prompt injection allows a malicious remote MCP server to hijack tool execution. By exploiting an ambiguous naming convention in the MCP client (mcp_{service}_{tool}), an attacker can register a malicious tool that overwrites a legitimate one (e.g., tavily_extract). This enables the attacker to redirect LLM execution flow, exfiltrate system prompts, context, and potentially execute other tools with the user's privileges. This issue has been patched in version 0.3.0.", "cvss_score": 5.9, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-706"], "affected_products": [{"vendor": "tencent", "product": "weknora", "cpe": "cpe:2.3:a:tencent:weknora:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/Tencent/WeKnora/security/advisories/GHSA-67q9-58vj-32qx", "source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"]}], "published": "2026-03-07T17:15:53.210", "last_modified": "2026-04-13T14:43:36.147", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00021, "epss_percentile": 0.05591, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 17.7, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32844", "description": "XinLiangCoder php_api_doc through commit 1ce5bbf contains a reflected cross-site scripting vulnerability in list_method.php that allows remote attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious code through the f parameter. Attackers can craft a malicious URL with unsanitized input in the GET request parameter that is output directly to the page without proper neutralization, enabling session hijacking, credential theft, or malware distribution within the application context.", "cvss_score": 6.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [{"vendor": "xinliangcoder", "product": "php_api_doc", "cpe": "cpe:2.3:a:xinliangcoder:php_api_doc:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/XinLiangCoder/php_api_doc/tree/1ce5bbf1429c077d6e3f0860098099d272e3f3c2", "source": "disclosure@vulncheck.com", "tags": ["Patch"]}, {"url": "https://www.vulncheck.com/advisories/xinliangcoder-php-api-doc-reflected-xss-via-list-method-php", "source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory", "VDB Entry"]}], "published": "2026-03-20T18:16:16.280", "last_modified": "2026-04-14T01:19:15.420", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00035, "epss_percentile": 0.10128, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 18.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34353", "description": "In OCaml through 4.14.3, Bigarray.reshape allows an integer overflow, and resultant reading of arbitrary memory, when untrusted data is processed.", "cvss_score": 5.9, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-190"], "affected_products": [{"vendor": "ocaml", "product": "ocaml", "cpe": "cpe:2.3:a:ocaml:ocaml:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/ocaml/ocaml/issues/14655", "source": "cve@mitre.org", "tags": ["Issue Tracking"]}, {"url": "https://github.com/ocaml/ocaml/pull/14674", "source": "cve@mitre.org", "tags": ["Issue Tracking"]}], "published": "2026-03-27T06:16:39.333", "last_modified": "2026-04-14T18:43:51.580", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00016, "epss_percentile": 0.0367, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 17.7, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32883", "description": "Botan is a C++ cryptography library. From version 3.0.0 to before version 3.11.0, during X509 path validation, OCSP responses were checked for an appropriate status code, but critically omitted verifying the signature of the OCSP response itself. This issue has been patched in version 3.11.0.", "cvss_score": 5.9, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-347"], "affected_products": [{"vendor": "botan_project", "product": "botan", "cpe": "cpe:2.3:a:botan_project:botan:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/randombit/botan/security/advisories/GHSA-9j2j-hqmc-hf5x", "source": "security-advisories@github.com", "tags": ["Vendor Advisory"]}], "published": "2026-03-30T21:17:09.933", "last_modified": "2026-04-13T13:54:57.530", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00017, "epss_percentile": 0.03968, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 17.7, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32884", "description": "Botan is a C++ cryptography library. Prior to version 3.11.0, during processing of an X.509 certificate path using name constraints which restrict the set of allowable DNS names, if no subject alternative name is defined in the end-entity certificate Botan would check that the CN was allowed by the DNS name constraints, even though this check is technically not required by RFC 5280. However this check failed to account for the possibility of a mixed-case CN. Thus a certificate with CN=Sub.EVIL.COM and no subject alternative name would bypasses an excludedSubtrees constraint for evil.com because the comparison is case-sensitive. This issue has been patched in version 3.11.0.", "cvss_score": 5.9, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-295"], "affected_products": [{"vendor": "botan_project", "product": "botan", "cpe": "cpe:2.3:a:botan_project:botan:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/randombit/botan/security/advisories/GHSA-7c3g-7763-ggj5", "source": "security-advisories@github.com", "tags": ["Vendor Advisory"]}], "published": "2026-03-30T21:17:10.093", "last_modified": "2026-04-13T13:52:26.887", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00022, "epss_percentile": 0.05921, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1557", "name": "Adversary-in-the-Middle", "tactic": "Credential Access"}], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 17.7, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27853", "description": "An attacker might be able to trigger an out-of-bounds write by sending crafted DNS responses to a DNSdist using the DNSQuestion:changeName or DNSResponse:changeName methods in custom Lua code. In some cases the rewritten packet might become larger than the initial response and even exceed 65535 bytes, potentially leading to a crash resulting in denial of service.", "cvss_score": 5.9, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-787"], "affected_products": [{"vendor": "powerdns", "product": "dnsdist", "cpe": "cpe:2.3:a:powerdns:dnsdist:*:*:*:*:*:*:*:*"}, {"vendor": "powerdns", "product": "dnsdist", "cpe": "cpe:2.3:a:powerdns:dnsdist:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html", "source": "security@open-xchange.com", "tags": ["Vendor Advisory"]}], "published": "2026-03-31T12:16:27.917", "last_modified": "2026-04-14T16:12:32.463", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00024, "epss_percentile": 0.06372, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 17.7, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34405", "description": "Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to version 6.2.5, the image‑generation component by the URI: /_og/d/ (and, in older versions, /og-image/) contains a vulnerability that allows injection of arbitrary attributes into the HTML page body. This issue has been patched in version 6.2.5.", "cvss_score": 6.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [{"vendor": "nuxt", "product": "og_image", "cpe": "cpe:2.3:a:nuxt:og_image:*:*:*:*:*:node.js:*:*"}], "references": [{"url": "https://github.com/nuxt-modules/og-image/security/advisories/GHSA-mg36-wvcr-m75h", "source": "security-advisories@github.com", "tags": ["Vendor Advisory", "Exploit"]}], "published": "2026-03-31T22:16:18.813", "last_modified": "2026-04-13T15:17:23.693", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0003, "epss_percentile": 0.08541, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 18.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34052", "description": "LTI JupyterHub Authenticator is a JupyterHub authenticator for LTI. Prior to version 1.6.3, the LTI 1.1 validator stores OAuth nonces in a class-level dictionary that grows without bounds. Nonces are added before signature validation, so an attacker with knowledge of a valid consumer key can send repeated requests with unique nonces to gradually exhaust server memory, causing a denial of service. This issue has been patched in version 1.6.3.", "cvss_score": 5.9, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-401", "CWE-770"], "affected_products": [{"vendor": "jupyter", "product": "lti_jupyterhub_authenticator", "cpe": "cpe:2.3:a:jupyter:lti_jupyterhub_authenticator:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/jupyterhub/ltiauthenticator/releases/tag/1.6.3", "source": "security-advisories@github.com", "tags": ["Product"]}, {"url": "https://github.com/jupyterhub/ltiauthenticator/security/advisories/GHSA-8mxq-7xr7-2fxj", "source": "security-advisories@github.com", "tags": ["Vendor Advisory"]}], "published": "2026-04-03T23:17:03.777", "last_modified": "2026-04-13T17:44:00.360", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00055, "epss_percentile": 0.17235, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 17.7, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34229", "description": "Emlog is an open source website building system. Prior to version 2.6.8, there is a stored cross-site scripting (XSS) vulnerability in emlog comment module via URI scheme validation bypass. This issue has been patched in version 2.6.8.", "cvss_score": 6.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [{"vendor": "emlog", "product": "emlog", "cpe": "cpe:2.3:a:emlog:emlog:*:*:*:*:pro:*:*:*"}], "references": [{"url": "https://github.com/emlog/emlog/commit/a12ab1b1a273fe634abab32fd28274c18bd57f07", "source": "security-advisories@github.com", "tags": ["Patch"]}, {"url": "https://github.com/emlog/emlog/security/advisories/GHSA-74gp-xh6w-hqw6", "source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"]}], "published": "2026-04-03T23:17:04.270", "last_modified": "2026-04-13T17:37:40.193", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00031, "epss_percentile": 0.08696, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 18.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34951", "description": "Workbench is a suite of tools for administrators and developers to interact with Salesforce.com organizations via the Force.com APIs. Prior to 65.0.0, Workbench contains a reflected cross-site scripting vulnerability via the footerScripts parameter, which does not sanitize user-supplied input before rendering it in the page response. Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Workbench allows XSS Targeting Error Pages. This vulnerability is fixed in 65.0.0.", "cvss_score": 6.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [{"vendor": "salesforce", "product": "workbench", "cpe": "cpe:2.3:a:salesforce:workbench:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/forceworkbench/forceworkbench/security/advisories/GHSA-j94x-h584-rjf9", "source": "security-advisories@github.com", "tags": ["Vendor Advisory"]}], "published": "2026-04-06T16:16:38.170", "last_modified": "2026-04-14T20:28:26.730", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00031, "epss_percentile": 0.08923, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 18.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-70844", "description": "yaffa v2.0.0 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScript into the \"Add Account Group\" function on the account-group page, allowing execution of arbitrary script in the context of users who view the affected page.", "cvss_score": 6.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-94"], "affected_products": [{"vendor": "kantorge", "product": "yaffa", "cpe": "cpe:2.3:a:kantorge:yaffa:2.0.0:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/J4cky1028/vulnerability-research/tree/main/CVE-2025-70844", "source": "cve@mitre.org", "tags": ["Third Party Advisory"]}, {"url": "https://github.com/kantorge/yaffa", "source": "cve@mitre.org", "tags": ["Product"]}], "published": "2026-04-07T17:16:26.297", "last_modified": "2026-04-14T15:46:12.757", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00039, "epss_percentile": 0.11688, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 18.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32289", "description": "Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied. These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities.", "cvss_score": 6.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": [], "affected_products": [], "references": [{"url": "https://go.dev/cl/763762", "source": "security@golang.org", "tags": []}, {"url": "https://go.dev/issue/78331", "source": "security@golang.org", "tags": []}, {"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "source": "security@golang.org", "tags": []}, {"url": "https://pkg.go.dev/vuln/GO-2026-4865", "source": "security@golang.org", "tags": []}], "published": "2026-04-08T02:16:03.820", "last_modified": "2026-04-13T19:16:40.410", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00014, "epss_percentile": 0.02626, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 18.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39604", "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zookatron MyBookTable Bookstore mybooktable allows Stored XSS.This issue affects MyBookTable Bookstore: from n/a through <= 3.6.0.", "cvss_score": 5.9, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/mybooktable/vulnerability/wordpress-mybooktable-bookstore-plugin-3-6-0-cross-site-scripting-xss-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:29.610", "last_modified": "2026-04-13T20:16:36.930", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00033, "epss_percentile": 0.09471, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 17.7, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39638", "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Qubely qubely allows Stored XSS.This issue affects Qubely: from n/a through <= 1.8.14.", "cvss_score": 5.9, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/qubely/vulnerability/wordpress-qubely-plugin-1-8-14-cross-site-scripting-xss-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:34.540", "last_modified": "2026-04-13T20:16:38.827", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00033, "epss_percentile": 0.09471, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 17.7, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39667", "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jongmyoung Kim Korea SNS korea-sns allows DOM-Based XSS.This issue affects Korea SNS: from n/a through <= 1.7.0.", "cvss_score": 5.9, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/korea-sns/vulnerability/wordpress-korea-sns-plugin-1-7-0-cross-site-scripting-xss-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:38.037", "last_modified": "2026-04-13T20:16:39.897", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00033, "epss_percentile": 0.09471, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 17.7, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39683", "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chief Gnome Garden Gnome Package garden-gnome-package allows DOM-Based XSS.This issue affects Garden Gnome Package: from n/a through <= 2.4.1.", "cvss_score": 5.9, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/garden-gnome-package/vulnerability/wordpress-garden-gnome-package-plugin-2-4-1-cross-site-scripting-xss-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:40.140", "last_modified": "2026-04-13T20:16:41.037", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00033, "epss_percentile": 0.09471, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 17.7, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39693", "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fesomia FSM Custom Featured Image Caption fsm-custom-featured-image-caption allows DOM-Based XSS.This issue affects FSM Custom Featured Image Caption: from n/a through <= 1.25.1.", "cvss_score": 5.9, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/fsm-custom-featured-image-caption/vulnerability/wordpress-fsm-custom-featured-image-caption-plugin-1-25-1-cross-site-scripting-xss-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:41.647", "last_modified": "2026-04-13T20:16:41.703", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00033, "epss_percentile": 0.09471, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 17.7, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39865", "description": "Axios is a promise based HTTP client for the browser and Node.js. Starting in version 1.13.0 and prior to 1.13.2, Axios HTTP/2 session cleanup logic contains a state corruption bug that allows a malicious server to crash the client process through concurrent session closures. The vulnerability exists in the Http2Sessions.getSession() method in lib/adapters/http.js. The session cleanup logic contains a control flow error when removing sessions from the sessions array. This vulnerability is fixed in 1.13.2.", "cvss_score": 5.9, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-400", "CWE-662"], "affected_products": [], "references": [{"url": "https://github.com/axios/axios/security/advisories/GHSA-qj83-cq47-w5f8", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-08T15:16:16.210", "last_modified": "2026-04-13T19:16:51.103", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00016, "epss_percentile": 0.03402, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 17.7, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5896", "description": "Policy bypass in Audio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass sandbox download restrictions via a crafted HTML page. (Chromium security severity: Low)", "cvss_score": 6.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-693"], "affected_products": [{"vendor": "google", "product": "chrome", "cpe": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html", "source": "chrome-cve-admin@google.com", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://issues.chromium.org/issues/40064543", "source": "chrome-cve-admin@google.com", "tags": ["Issue Tracking", "Permissions Required"]}], "published": "2026-04-08T22:16:29.500", "last_modified": "2026-04-13T21:18:20.650", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0003, "epss_percentile": 0.08405, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 18.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5899", "description": "Insufficient policy enforcement in History Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Low)", "cvss_score": 6.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-346"], "affected_products": [{"vendor": "google", "product": "chrome", "cpe": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html", "source": "chrome-cve-admin@google.com", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://issues.chromium.org/issues/474817168", "source": "chrome-cve-admin@google.com", "tags": ["Issue Tracking", "Permissions Required"]}], "published": "2026-04-08T22:16:29.787", "last_modified": "2026-04-13T21:16:57.290", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00015, "epss_percentile": 0.0282, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 18.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-45806", "description": "A cross-site scripting (XSS) vulnerability in rrweb-snapshot before v2.0.0-alpha.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.", "cvss_score": 6.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://github.com/rrweb-io/rrweb", "source": "cve@mitre.org", "tags": []}, {"url": "https://github.com/rrweb-io/rrweb/issues/1817", "source": "cve@mitre.org", "tags": []}, {"url": "https://github.com/rrweb-io/rrweb/tree/master/packages/rrweb-snapshot", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-09T14:16:25.210", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00029, "epss_percentile": 0.08062, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 18.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39941", "description": "ChurchCRM is an open-source church management system. Prior to 7.1.0, an XSS vulnerability allows attacker-supplied input sent via a the EName and EDesc parameters in EditEventAttendees.php to be rendered in a page without proper output encoding, enabling arbitrary JavaScript execution in victims' browsers. This vulnerability is fixed in 7.1.0.", "cvss_score": 6.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79", "CWE-80"], "affected_products": [{"vendor": "churchcrm", "product": "churchcrm", "cpe": "cpe:2.3:a:churchcrm:churchcrm:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/ChurchCRM/CRM/commit/d2f7f36e2ea342419026ddc4bc4ea8efbf5e7e98", "source": "security-advisories@github.com", "tags": ["Patch"]}, {"url": "https://github.com/ChurchCRM/CRM/releases/tag/7.1.0", "source": "security-advisories@github.com", "tags": ["Product", "Release Notes"]}, {"url": "https://github.com/ChurchCRM/CRM/security/advisories/GHSA-4mqw-9jww-2c58", "source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"]}, {"url": "https://github.com/ChurchCRM/CRM/security/advisories/GHSA-4mqw-9jww-2c58", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"]}], "published": "2026-04-09T16:16:31.397", "last_modified": "2026-04-14T14:44:01.270", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00067, "epss_percentile": 0.20685, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 18.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-63238", "description": "A Reflected Cross-Site Scripting (XSS) affects LimeSurvey versions prior to 6.15.11+250909, due to the lack of validation of gid parameter in getInstance() function in application/models/QuestionCreate.php. This allows an attacker to craft a malicious URL and compromise the logged in user.", "cvss_score": 6.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://gist.github.com/masquerad3r/f913ab479e8de2ad71987ef98a088fb5", "source": "cve@mitre.org", "tags": []}, {"url": "https://github.com/LimeSurvey/LimeSurvey/commit/80769a677dc82ddb1fcced4af19bd959d583208d", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-09T18:16:42.280", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00029, "epss_percentile": 0.08133, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 18.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-70797", "description": "Cross Site Scripting vulnerability in Limesurvey v.6.15.20+251021 allows a remote attacker to execute arbitrary code via the Box[title] and box[url] parameters.", "cvss_score": 6.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://gist.github.com/masquerad3r/772ddbfbd9fd95754f4873bcb202146d", "source": "cve@mitre.org", "tags": []}, {"url": "https://github.com/LimeSurvey/LimeSurvey/pull/4356", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-09T18:16:42.547", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00055, "epss_percentile": 0.17302, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 18.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39315", "description": "Unhead is a document head and template manager. Prior to 2.1.13, useHeadSafe() is the composable that Nuxt's own documentation explicitly recommends for rendering user-supplied content in <head> safely. Internally, the hasDangerousProtocol() function in packages/unhead/src/plugins/safe.ts decodes HTML entities before checking for blocked URI schemes (javascript:, data:, vbscript:). The decoder uses two regular expressions with fixed-width digit caps. The HTML5 specification imposes no limit on leading zeros in numeric character references. When a padded entity exceeds the regex digit cap, the decoder silently skips it. The undecoded string is then passed to startsWith('javascript:'), which does not match. makeTagSafe() writes the raw value directly into SSR HTML output. The browser's HTML parser decodes the padded entity natively and constructs the blocked URI. This vulnerability is fixed in 2.1.13.", "cvss_score": 6.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-184"], "affected_products": [{"vendor": "unjs", "product": "unhead", "cpe": "cpe:2.3:a:unjs:unhead:*:*:*:*:*:node.js:*:*"}], "references": [{"url": "https://github.com/unjs/unhead/commit/961ea781e091853812ffe17f8cda17105d2d2299", "source": "security-advisories@github.com", "tags": ["Patch"]}, {"url": "https://github.com/unjs/unhead/releases/tag/v2.1.13", "source": "security-advisories@github.com", "tags": ["Product", "Release Notes"]}, {"url": "https://github.com/unjs/unhead/security/advisories/GHSA-95h2-gj7x-gx9w", "source": "security-advisories@github.com", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}, {"url": "https://github.com/unjs/unhead/security/advisories/GHSA-95h2-gj7x-gx9w", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}], "published": "2026-04-09T18:17:01.433", "last_modified": "2026-04-14T20:07:35.310", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00048, "epss_percentile": 0.14656, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 18.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-25854", "description": "Occasional URL redirection to untrusted Site ('Open Redirect') vulnerability in Apache Tomcat via the LoadBalancerDrainingValve.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M23 through 9.0.115, from 8.5.30 through 8.5.100.\nOther, unsupported versions may also be affected\n\nUsers are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue.", "cvss_score": 6.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-601"], "affected_products": [{"vendor": "apache", "product": "tomcat", "cpe": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*"}, {"vendor": "apache", "product": "tomcat", "cpe": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*"}, {"vendor": "apache", "product": "tomcat", "cpe": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*"}, {"vendor": "apache", "product": "tomcat", "cpe": "cpe:2.3:a:apache:tomcat:9.0.0:milestone23:*:*:*:*:*:*"}, {"vendor": "apache", "product": "tomcat", "cpe": "cpe:2.3:a:apache:tomcat:9.0.0:milestone24:*:*:*:*:*:*"}, {"vendor": "apache", "product": "tomcat", "cpe": "cpe:2.3:a:apache:tomcat:9.0.0:milestone25:*:*:*:*:*:*"}, {"vendor": "apache", "product": "tomcat", "cpe": "cpe:2.3:a:apache:tomcat:9.0.0:milestone26:*:*:*:*:*:*"}, {"vendor": "apache", "product": "tomcat", "cpe": "cpe:2.3:a:apache:tomcat:9.0.0:milestone27:*:*:*:*:*:*"}], "references": [{"url": "https://lists.apache.org/thread/ghct3b6o74bp2vm7q875s1zh0dqrz3h0", "source": "security@apache.org", "tags": ["Mailing List", "Vendor Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2026/04/09/21", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}], "published": "2026-04-09T20:16:24.207", "last_modified": "2026-04-14T14:01:07.417", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 9e-05, "epss_percentile": 0.00823, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 18.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2023-54358", "description": "WordPress adivaha Travel Plugin 2.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the isMobile parameter. Attackers can craft malicious URLs containing JavaScript payloads in the isMobile GET parameter at the /mobile-app/v3/ endpoint to execute arbitrary code in victims' browsers and steal session tokens or credentials.", "cvss_score": 6.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://wordpress.org/plugins/adiaha-hotel/", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.adivaha.com/", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.exploit-db.com/exploits/51663", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/wordpress-adivaha-travel-plugin-reflected-xss-via-ismobile", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-09T21:16:04.960", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00075, "epss_percentile": 0.2264, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 18.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2023-54360", "description": "Joomla JLex Review 6.0.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the review_id URL parameter. Attackers can craft malicious links containing JavaScript payloads that execute in victims' browsers when clicked, enabling session hijacking or credential theft.", "cvss_score": 6.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://extensions.joomla.org/extension/jlex-review/", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://jlexart.com/", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.exploit-db.com/exploits/51645", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/joomla-jlex-review-reflected-xss-via-review-id-parameter", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-09T21:16:05.340", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00031, "epss_percentile": 0.08607, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 18.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2023-54361", "description": "Joomla iProperty Real Estate 4.1.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the filter_keyword parameter. Attackers can craft URLs containing JavaScript payloads in the filter_keyword GET parameter of the all-properties-with-map endpoint to execute arbitrary code in victim browsers and steal session tokens or credentials.", "cvss_score": 6.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "http://thethinkery.net", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://extensions.joomla.org/extension/vertical-markets/real-estate/iproperty/", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.exploit-db.com/exploits/51640", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/joomla-iproperty-real-estate-reflected-xss-via-filter-keyword", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-09T21:16:05.533", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00035, "epss_percentile": 0.10328, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 18.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2023-54362", "description": "Joomla VirtueMart Shopping-Cart 4.0.12 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the keyword parameter. Attackers can craft malicious URLs containing script payloads in the keyword parameter of the product-variants endpoint to execute arbitrary JavaScript in victim browsers and steal session tokens or credentials.", "cvss_score": 6.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://demo.virtuemart.net/", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.exploit-db.com/exploits/51631", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.virtuemart.net/", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/joomla-virtuemart-shopping-cart-reflected-xss-via-keyword", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-09T21:16:05.717", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00031, "epss_percentile": 0.08607, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 18.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2023-54363", "description": "Joomla Solidres 2.13.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating multiple GET parameters including show, reviews, type_id, distance, facilities, categories, prices, location, and Itemid. Attackers can craft malicious URLs containing JavaScript payloads in these parameters to steal session tokens, login credentials, or manipulate site content when victims visit the crafted links.", "cvss_score": 6.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "http://solidres.com/", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://extensions.joomla.org/extension/vertical-markets/booking-a-reservations/solidres/", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.exploit-db.com/exploits/51638", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/joomla-solidres-reflected-xss-via-multiple-parameters", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-09T21:16:05.907", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00061, "epss_percentile": 0.18839, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 18.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2023-54364", "description": "Joomla HikaShop 4.7.4 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating GET parameters in the product filter endpoint. Attackers can craft malicious URLs containing XSS payloads in the from_option, from_ctrl, from_task, or from_itemid parameters to steal session tokens or login credentials when victims visit the link.", "cvss_score": 6.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://demo.hikashop.com/index.php/en/", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.exploit-db.com/exploits/51629", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.hikashop.com/", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/joomla-hikashop-reflected-xss-via-product-filter", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-09T21:16:06.117", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00061, "epss_percentile": 0.18839, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 18.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-21904", "description": "An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the \n\nlist filter field that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator.\n\nThis issue affects all versions of Junos Space before 24.1R5 Patch V3.", "cvss_score": 6.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://kb.juniper.net/JSA106003", "source": "sirt@juniper.net", "tags": []}], "published": "2026-04-09T22:16:24.557", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00035, "epss_percentile": 0.10163, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 18.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35622", "description": "OpenClaw before 2026.3.22 contains an improper authentication verification vulnerability in Google Chat app-url webhook handling that accepts add-on principals outside intended deployment bindings. Attackers can bypass webhook authentication by providing non-deployment add-on principals to execute unauthorized actions through the Google Chat integration.", "cvss_score": 5.9, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-290"], "affected_products": [], "references": [{"url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://github.com/openclaw/openclaw/commit/a47722de7e3c9cbda8d5512747ca7e3bb8f6ee66", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-mp66-rf4f-mhh8", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/openclaw-improper-authentication-verification-in-google-chat-webhook", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-09T22:16:30.340", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00044, "epss_percentile": 0.13199, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 17.7, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4305", "description": "The Royal WordPress Backup & Restore Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wpr_pending_template' parameter in all versions up to, and including, 1.0.16 due to insufficient input validation. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick an administrator into performing an action such as clicking on a link.", "cvss_score": 6.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://plugins.trac.wordpress.org/browser/royal-backup-reset/tags/1.0.16/assets/backup-reminder.js#L751", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/royal-backup-reset/tags/1.0.16/royal-backup-reset.php#L803", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Froyal-backup-reset/tags/1.0.16&new_path=%2Froyal-backup-reset/tags/1.0.17", "source": "security@wordfence.com", "tags": []}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f9e0c658-b37c-4780-9589-6def9e36539b?source=cve", "source": "security@wordfence.com", "tags": []}], "published": "2026-04-10T02:16:03.397", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00033, "epss_percentile": 0.09364, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 18.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5525", "description": "A stack-based buffer overflow vulnerability exists in Notepad++ version 8.9.3 in the file drop handler component. When a user drags and drops a directory path of exactly 259 characters without a trailing backslash, the application appends a backslash and null terminator without proper bounds checking, resulting in a stack buffer overflow and application crash (STATUS_STACK_BUFFER_OVERRUN).", "cvss_score": 6.0, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-121"], "affected_products": [], "references": [{"url": "https://github.com/notepad-plus-plus/notepad-plus-plus/commit/bfe7514d68bc559534c046c4ef2d1865267aa2b0", "source": "33c584b5-0579-4c06-b2a0-8d8329fcab9c", "tags": []}, {"url": "https://github.com/notepad-plus-plus/notepad-plus-plus/issues/17921", "source": "33c584b5-0579-4c06-b2a0-8d8329fcab9c", "tags": []}, {"url": "https://github.com/notepad-plus-plus/notepad-plus-plus/pull/17930", "source": "33c584b5-0579-4c06-b2a0-8d8329fcab9c", "tags": []}, {"url": "https://github.com/notepad-plus-plus/notepad-plus-plus/issues/17921", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": []}], "published": "2026-04-10T08:16:26.067", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00011, "epss_percentile": 0.01367, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 18.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-31262", "description": "Cross Site Scripting vulnerability in Altenar Sportsbook Software Platform (SB2) v.2.0 allows a remote attacker to obtain sensitive information and execute arbitrary code via the URL parameter", "cvss_score": 6.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-200"], "affected_products": [], "references": [{"url": "https://github.com/nikolas-ch/CVEs/blob/main/Altenar_SportsBook_Platform_SB2/ORtoXSS/ORtoXSS.txt", "source": "cve@mitre.org", "tags": []}, {"url": "https://github.com/nikolas-ch/CVEs/tree/main/Altenar_SportsBook_Platform_SB2/ORtoXSS", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-10T15:16:23.607", "last_modified": "2026-04-14T15:16:27.920", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00058, "epss_percentile": 0.17954, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1005", "name": "Data from Local System", "tactic": "Collection"}], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 18.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35597", "description": "Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the TOTP failed-attempt lockout mechanism is non-functional due to a database transaction handling bug. When a TOTP validation fails, the login handler in pkg/routes/api/v1/login.go calls HandleFailedTOTPAuth and then unconditionally rolls back. HandleFailedTOTPAuth in pkg/user/totp.go uses an in-memory counter (key-value store) to track failed attempts. When the counter reaches 10, it calls user.SetStatus(s, StatusAccountLocked) on the same database session s. Because the login handler always rolls back after a TOTP failure, the StatusAccountLocked write is undone. The in-memory counter correctly increments past 10, so the lockout code executes on every subsequent attempt, but the database write is rolled back every time. This allows unlimited brute-force attempts against TOTP codes. This vulnerability is fixed in 2.3.0.", "cvss_score": 5.9, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-307"], "affected_products": [], "references": [{"url": "https://github.com/go-vikunja/vikunja/commit/6ca0151d02fa0e8c7e2181ab916a28e08caaaec8", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/go-vikunja/vikunja/pull/2576", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/go-vikunja/vikunja/releases/tag/v2.3.0", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/go-vikunja/vikunja/security/advisories/GHSA-fgfv-pv97-6cmj", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/go-vikunja/vikunja/security/advisories/GHSA-fgfv-pv97-6cmj", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": []}], "published": "2026-04-10T17:17:03.217", "last_modified": "2026-04-13T16:16:29.063", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00031, "epss_percentile": 0.08848, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 17.7, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35667", "description": "OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-27486 where the !stop chat command uses an unpatched killProcessTree function from shell-utils.ts that sends SIGKILL immediately without graceful SIGTERM shutdown. Attackers can trigger process termination via the !stop command, causing data corruption, resource leaks, and skipped security-sensitive cleanup operations.", "cvss_score": 6.1, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-404"], "affected_products": [], "references": [{"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-3298-56p6-rpw2", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/openclaw-improper-process-termination-via-unpatched-killprocesstree-in-shell-utils-ts", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-10T17:17:08.883", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00013, "epss_percentile": 0.02048, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 18.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35670", "description": "OpenClaw before 2026.3.22 contains a webhook reply delivery vulnerability that allows attackers to rebind chat replies to unintended users by exploiting mutable username matching instead of stable numeric user identifiers. Attackers can manipulate username changes to redirect webhook-triggered replies to different users, bypassing the intended recipient binding recorded in webhook events.", "cvss_score": 5.9, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-807"], "affected_products": [{"vendor": "openclaw", "product": "openclaw", "cpe": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*"}], "references": [{"url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87", "source": "disclosure@vulncheck.com", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/commit/7ade3553b74ee3f461c4acd216653d5ba411f455", "source": "disclosure@vulncheck.com", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-wv46-v6xc-2qhf", "source": "disclosure@vulncheck.com", "tags": ["Vendor Advisory"]}, {"url": "https://www.vulncheck.com/advisories/openclaw-webhook-reply-rebinding-via-username-resolution-in-synology-chat", "source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"]}], "published": "2026-04-10T17:17:09.413", "last_modified": "2026-04-13T21:06:17.277", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00075, "epss_percentile": 0.2249, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 17.7, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5226", "description": "The Optimole – Optimize Images in Real Time plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL paths in versions up to, and including, 4.2.3 This is due to insufficient output escaping on user-supplied URL paths in the get_current_url() function, which are inserted into JavaScript code via str_replace() without proper JavaScript context escaping in the replace_content() function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", "cvss_score": 6.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://plugins.trac.wordpress.org/browser/optimole-wp/tags/4.2.1/inc/admin.php#L1012", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/optimole-wp/tags/4.2.1/inc/manager.php#L459", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/optimole-wp/tags/4.2.1/inc/manager.php#L542", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/optimole-wp/trunk/inc/admin.php#L1012", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/optimole-wp/trunk/inc/manager.php#L459", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/optimole-wp/trunk/inc/manager.php#L542", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/changeset/3498040/optimole-wp/trunk/inc/manager.php", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Foptimole-wp/tags/4.2.3&new_path=%2Foptimole-wp/tags/4.2.4", "source": "security@wordfence.com", "tags": []}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/112cea93-fa4b-4692-8c8b-e74255f61939?source=cve", "source": "security@wordfence.com", "tags": []}], "published": "2026-04-11T02:16:03.120", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00099, "epss_percentile": 0.2705, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 18.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2017-20239", "description": "MDwiki contains a cross-site scripting vulnerability that allows remote attackers to execute arbitrary JavaScript by injecting malicious code through the location hash parameter. Attackers can craft URLs with JavaScript payloads in the hash fragment that are parsed and rendered without sanitization, causing the injected scripts to execute in the victim's browser context.", "cvss_score": 6.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://www.exploit-db.com/exploits/46097", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/mdwiki-cross-site-scripting-via-location-hash-parameter", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-12T13:16:30.937", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00036, "epss_percentile": 0.10732, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 18.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34852", "description": "Stack overflow vulnerability in the media platform.\nImpact: Successful exploitation of this vulnerability may affect availability.", "cvss_score": 6.1, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-835"], "affected_products": [], "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2026/4/", "source": "psirt@huawei.com", "tags": []}, {"url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/4/", "source": "psirt@huawei.com", "tags": []}, {"url": "https://consumer.huawei.com/en/support/bulletinwearables/2026/4/", "source": "psirt@huawei.com", "tags": []}], "published": "2026-04-13T04:16:11.727", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 6e-05, "epss_percentile": 0.00309, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 18.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34859", "description": "UAF vulnerability in the kernel module.\nImpact: Successful exploitation of this vulnerability will affect availability and confidentiality.", "cvss_score": 5.9, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-416"], "affected_products": [], "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2026/4/", "source": "psirt@huawei.com", "tags": []}, {"url": "https://consumer.huawei.com/en/support/bulletinvision/2026/4/", "source": "psirt@huawei.com", "tags": []}], "published": "2026-04-13T05:16:03.810", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 6e-05, "epss_percentile": 0.00369, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 17.7, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33900", "description": "ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, the viff encoder contains an integer truncation/wraparound issue on 32-bit builds that could trigger an out of bounds heap write, potentially causing a crash. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.", "cvss_score": 5.9, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-190"], "affected_products": [], "references": [{"url": "https://github.com/ImageMagick/ImageMagick/commit/d27b840a61b322419a66d0d192ff56d52498148d", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v67w-737x-v2c9", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-13T21:16:25.333", "last_modified": "2026-04-13T22:16:28.567", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00042, "epss_percentile": 0.12475, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 17.7, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39956", "description": "jq is a command-line JSON processor. In commits after 69785bf77f86e2ea1b4a20ca86775916889e91c9, the _strindices builtin in jq's src/builtin.c passes its arguments directly to jv_string_indexes() without verifying they are strings, and jv_string_indexes() in src/jv.c relies solely on assert() checks that are stripped in release builds compiled with -DNDEBUG. This allows an attacker to crash jq trivially with input like _strindices(0), and by crafting a numeric value whose IEEE-754 bit pattern maps to a chosen pointer, achieve a controlled pointer dereference and limited memory read/probe primitive. Any deployment that evaluates untrusted jq filters against a release build is vulnerable. This issue has been patched in commit fdf8ef0f0810e3d365cdd5160de43db46f57ed03.", "cvss_score": 6.1, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-125", "CWE-476", "CWE-843"], "affected_products": [], "references": [{"url": "https://github.com/jqlang/jq/commit/fdf8ef0f0810e3d365cdd5160de43db46f57ed03", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/jqlang/jq/security/advisories/GHSA-6gc3-3g9p-xx28", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/jqlang/jq/security/advisories/GHSA-6gc3-3g9p-xx28", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": []}], "published": "2026-04-13T23:16:27.653", "last_modified": "2026-04-14T17:16:52.203", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00012, "epss_percentile": 0.01846, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 18.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6203", "description": "The User Registration & Membership plugin for WordPress is vulnerable to Open Redirect in versions up to and including 5.1.4. This is due to insufficient validation of user-supplied URLs passed via the 'redirect_to_on_logout' GET parameter before redirecting users. The `redirect_to_on_logout` GET parameter is passed directly to WordPress's `wp_redirect()` function instead of the domain-restricted `wp_safe_redirect()`. While `esc_url_raw()` is applied to sanitize malformed URLs, it does not restrict the redirect destination to the local domain, allowing an attacker to craft a specially formed link that redirects users to potentially malicious external URLs after logout, which could be used to facilitate phishing attacks.", "cvss_score": 6.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-601"], "affected_products": [], "references": [{"url": "https://plugins.trac.wordpress.org/browser/user-registration/tags/5.1.4/includes/functions-ur-template.php#L39", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/user-registration/trunk/includes/functions-ur-template.php#L39", "source": "security@wordfence.com", "tags": []}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/020bed37-9544-49b7-941d-3b7f509fdfdf?source=cve", "source": "security@wordfence.com", "tags": []}], "published": "2026-04-13T23:16:28.110", "last_modified": "2026-04-13T23:16:28.110", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00026, "epss_percentile": 0.07341, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 18.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-0512", "description": "Due to a Cross-Site Scripting (XSS) vulnerability in the SAP Supplier Relationship Management (SICF Handler in SRM Catalog), an unauthenticated attacker could craft a malicious URL, that if accessed by a victim, results in execution of malicious content within the victim's browser. This could allow the attacker to access and modify information, impacting the confidentiality and integrity of the application, while availability remains unaffected.", "cvss_score": 6.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://me.sap.com/notes/3645228", "source": "cna@sap.com", "tags": []}, {"url": "https://url.sap/sapsecuritypatchday", "source": "cna@sap.com", "tags": []}], "published": "2026-04-14T00:16:03.700", "last_modified": "2026-04-14T00:16:03.700", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00069, "epss_percentile": 0.21194, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 18.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27674", "description": "Due to a Code Injection vulnerability in SAP NetWeaver Application Server Java (Web Dynpro Java), an unauthenticated attacker could supply crafted input that is interpreted by the application and causes it to reference attacker-controlled content. If a victim accesses the affected functionality, that attacker-controlled content could be executed in the victim�s browser, potentially resulting in session compromise. This could allow the attacker to execute arbitrary client-side code, impacting the confidentiality and integrity of the application, with no impact to availability.", "cvss_score": 6.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-94"], "affected_products": [], "references": [{"url": "https://me.sap.com/notes/3719397", "source": "cna@sap.com", "tags": []}, {"url": "https://url.sap/sapsecuritypatchday", "source": "cna@sap.com", "tags": []}], "published": "2026-04-14T00:16:05.670", "last_modified": "2026-04-14T00:16:05.670", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00054, "epss_percentile": 0.16788, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 18.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34257", "description": "Due to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft malicious URL that, if accessed by a victim, they could be redirected to the page controlled by the attacker. This causes low impact on confidentiality and integrity of the application with no impact on availability.", "cvss_score": 6.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-601"], "affected_products": [], "references": [{"url": "https://me.sap.com/notes/3692004", "source": "cna@sap.com", "tags": []}, {"url": "https://url.sap/sapsecuritypatchday", "source": "cna@sap.com", "tags": []}], "published": "2026-04-14T01:16:03.730", "last_modified": "2026-04-14T01:16:03.730", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00036, "epss_percentile": 0.10541, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 18.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-69993", "description": "Leaflet versions up to and including 1.9.4 are vulnerable to Cross-Site Scripting (XSS) via the bindPopup() method. This method renders user-supplied input as raw HTML without sanitization, allowing attackers to inject arbitrary JavaScript code through event handler attributes (e.g., <img src=x onerror=\"alert('XSS')\">). When a victim views an affected map popup, the malicious script executes in the context of the victim's browser session.", "cvss_score": 6.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "http://leaflet.com", "source": "cve@mitre.org", "tags": []}, {"url": "https://github.com/PierfrancescoConti/leaflet-cve-2025-69993/blob/main/ADVISORY.md", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-14T15:16:25.477", "last_modified": "2026-04-14T18:16:41.530", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 18.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-61624", "description": "An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') [CWE-22] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.7.0, FortiPAM 1.6 all versions, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4.0 through 7.4.11, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions, FortiSwitchManager 7.2.0 through 7.2.7, FortiSwitchManager 7.0.0 through 7.0.6 may allow an authenticated attacker with admin profile and at least read-write permissions to write or delete arbitrary files via specific CLI commands.", "cvss_score": 6.0, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-22"], "affected_products": [], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-122", "source": "psirt@fortinet.com", "tags": []}], "published": "2026-04-14T16:16:31.300", "last_modified": "2026-04-14T16:16:31.300", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1083", "name": "File and Directory Discovery", "tactic": "Discovery"}], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 18.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-65132", "description": "alandsilva26 hotel-management-php 1.0 is vulnerable to Cross Site Scripting (XSS) in /public/admin/edit_room.php which allows an attacker to inject and execute arbitrary JavaScript via the room_id GET parameter.", "cvss_score": 6.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://github.com/TREXNEGRO/Security-Advisories/blob/main/CVE-2025-65132/README.md", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-14T16:16:33.837", "last_modified": "2026-04-14T18:16:40.957", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 18.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-65136", "description": "In manikandan580 School-management-system 1.0, a reflected XSS vulnerability exists in /studentms/admin/contact-us.php via the pagedes POST parameter.", "cvss_score": 6.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://github.com/TREXNEGRO/Security-Advisories/blob/main/CVE-2025-65136/README.md", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-14T16:16:34.640", "last_modified": "2026-04-14T18:16:41.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 18.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-68649", "description": "An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4.0 through 7.4.7, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager Cloud 7.6.0 through 7.6.4, FortiManager Cloud 7.4.0 through 7.4.7, FortiManager Cloud 7.2 all versions, FortiManager Cloud 7.0 all versions may allow a privileged attacker to delete files from the underlying filesystem via crafted CLI requests.", "cvss_score": 6.0, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-22"], "affected_products": [], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-120", "source": "psirt@fortinet.com", "tags": []}], "published": "2026-04-14T16:16:34.760", "last_modified": "2026-04-14T16:16:34.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1083", "name": "File and Directory Discovery", "tactic": "Discovery"}], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 18.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39810", "description": "A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5 may allow attacker to information disclosure via decrypting database dump.", "cvss_score": 6.0, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-321"], "affected_products": [], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-107", "source": "psirt@fortinet.com", "tags": []}], "published": "2026-04-14T16:16:45.173", "last_modified": "2026-04-14T18:17:39.020", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 18.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-21331", "description": "Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Scope is changed.", "cvss_score": 6.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://helpx.adobe.com/security/products/connect/apsb26-37.html", "source": "psirt@adobe.com", "tags": []}], "published": "2026-04-14T18:16:43.953", "last_modified": "2026-04-14T18:16:43.953", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 18.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-26169", "description": "Buffer over-read in Windows Kernel Memory allows an authorized attacker to disclose information locally.", "cvss_score": 6.1, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-126"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26169", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:16:50.947", "last_modified": "2026-04-14T18:16:50.947", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 18.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32088", "description": "Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Biometric Service allows an unauthorized attacker to bypass a security feature with a physical attack.", "cvss_score": 6.1, "cvss_vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-362"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32088", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:13.200", "last_modified": "2026-04-14T18:17:13.200", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 18.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32196", "description": "Improper neutralization of input during web page generation ('cross-site scripting') in Windows Admin Center allows an unauthorized attacker to perform spoofing over a network.", "cvss_score": 6.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32196", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:26.060", "last_modified": "2026-04-14T18:17:26.060", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 18.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32226", "description": "Concurrent execution using shared resource with improper synchronization ('race condition') in .NET Framework allows an unauthorized attacker to deny service over a network.", "cvss_score": 5.9, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-362"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32226", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:31.190", "last_modified": "2026-04-14T18:17:31.190", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 17.7, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33822", "description": "Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.", "cvss_score": 6.1, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-125"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33822", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:34.590", "last_modified": "2026-04-14T18:17:34.590", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 18.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34614", "description": "Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Scope is changed.", "cvss_score": 6.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://helpx.adobe.com/security/products/connect/apsb26-37.html", "source": "psirt@adobe.com", "tags": []}], "published": "2026-04-14T18:17:36.200", "last_modified": "2026-04-14T18:17:36.200", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 18, "ats_level": "INFO", "ats_breakdown": {"severity": 18.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-4084", "description": "Due to insufficient escaping of the special characters in the \"copy as cURL\" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system.\n*This bug only affects Firefox for Windows. Other versions of Firefox are unaffected.*. This vulnerability was fixed in Firefox ESR 128.10, Firefox ESR 115.23, and Thunderbird 128.10.", "cvss_score": 5.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-116"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1949994%2C1956698%2C1960198", "source": "security@mozilla.org", "tags": ["Broken Link"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-29/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-30/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-32/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00022.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-04-29T14:15:35.097", "last_modified": "2026-04-13T15:16:59.670", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00283, "epss_percentile": 0.51711, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 17, "ats_level": "INFO", "ats_breakdown": {"severity": 17.1, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33061", "description": "Jexactyl is a customisable game management panel and billing system. Commits after 025e8dbb0daaa04054276bda814d922cf4af58da and before e28edb204e80efab628d1241198ea4f079779cfd inject server-side objects into client-side JavaScript through resources/views/templates/wrapper.blade.php. Using unescaped {!! json_encode(...) !!} without safe encoding flags  allows string values to break out of the JavaScript context and be interpreted as HTML/JS by the browser. If any serialized fields contain attacker-controlled content, such as a username, display name, or site config value, a malicious payload will execute arbitrary script for any user viewing the page (stored DOM XSS). This issue has been patched by commit  e28edb204e80efab628d1241198ea4f079779cfd.", "cvss_score": 5.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [{"vendor": "jexactyl", "product": "jexactyl", "cpe": "cpe:2.3:a:jexactyl:jexactyl:*:*:*:*:*:*:*:*"}, {"vendor": "jexactyl", "product": "jexactyl", "cpe": "cpe:2.3:a:jexactyl:jexactyl:4.0.0:beta1:*:*:*:*:*:*"}, {"vendor": "jexactyl", "product": "jexactyl", "cpe": "cpe:2.3:a:jexactyl:jexactyl:4.0.0:beta2:*:*:*:*:*:*"}, {"vendor": "jexactyl", "product": "jexactyl", "cpe": "cpe:2.3:a:jexactyl:jexactyl:4.0.0:beta3:*:*:*:*:*:*"}, {"vendor": "jexactyl", "product": "jexactyl", "cpe": "cpe:2.3:a:jexactyl:jexactyl:4.0.0:beta4:*:*:*:*:*:*"}, {"vendor": "jexactyl", "product": "jexactyl", "cpe": "cpe:2.3:a:jexactyl:jexactyl:4.0.0:beta5:*:*:*:*:*:*"}, {"vendor": "jexactyl", "product": "jexactyl", "cpe": "cpe:2.3:a:jexactyl:jexactyl:4.0.0:beta6:*:*:*:*:*:*"}, {"vendor": "jexactyl", "product": "jexactyl", "cpe": "cpe:2.3:a:jexactyl:jexactyl:4.0.0:beta7:*:*:*:*:*:*"}, {"vendor": "jexactyl", "product": "jexactyl", "cpe": "cpe:2.3:a:jexactyl:jexactyl:4.0.0:rc1:*:*:*:*:*:*"}, {"vendor": "jexactyl", "product": "jexactyl", "cpe": "cpe:2.3:a:jexactyl:jexactyl:4.0.0:rc2:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/Jexactyl/Jexactyl/commit/e28edb204e80efab628d1241198ea4f079779cfd", "source": "security-advisories@github.com", "tags": ["Patch"]}, {"url": "https://github.com/Jexactyl/Jexactyl/security/advisories/GHSA-6xgw-mmmv-57h2", "source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"]}, {"url": "https://github.com/Jexactyl/Jexactyl/security/advisories/GHSA-6xgw-mmmv-57h2", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"]}], "published": "2026-03-20T08:16:12.090", "last_modified": "2026-04-14T17:56:38.773", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00019, "epss_percentile": 0.04944, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 17, "ats_level": "INFO", "ats_breakdown": {"severity": 17.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33144", "description": "GPAC is an open-source multimedia framework. Prior to commit 86b0e36, a heap-based buffer overflow (write) vulnerability was discovered in GPAC MP4Box. The vulnerability exists in the gf_xml_parse_bit_sequence_bs function in utils/xml_bin_custom.c when processing a crafted NHML file containing malicious <BS> (BitSequence) elements. An attacker can exploit this by providing a specially crafted NHML file, causing an out-of-bounds write on the heap. This issue has been via commit 86b0e36.", "cvss_score": 5.8, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-787"], "affected_products": [{"vendor": "gpac", "product": "gpac", "cpe": "cpe:2.3:a:gpac:gpac:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/gpac/gpac/commit/86b0e36ea4c71402fbdaf7e13d73ba8841003e72", "source": "security-advisories@github.com", "tags": ["Patch"]}, {"url": "https://github.com/gpac/gpac/security/advisories/GHSA-3jw5-9pmw-vmfg", "source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"]}, {"url": "https://github.com/gpac/gpac/security/advisories/GHSA-3jw5-9pmw-vmfg", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"]}], "published": "2026-03-20T21:17:15.077", "last_modified": "2026-04-14T18:21:42.587", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00017, "epss_percentile": 0.03952, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 17, "ats_level": "INFO", "ats_breakdown": {"severity": 17.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35568", "description": "MCP Java SDK is the official Java SDK for Model Context Protocol servers and clients. Prior to 1.0.0, the java-sdk contains a DNS rebinding vulnerability. This vulnerability allows an attacker to access a locally or network-private java-sdk MCP server via a victims browser that is either local, or network adjacent. This allows an attacker to make any tool call to the server as if they were a locally running MCP connected AI agent. This vulnerability is fixed in 1.0.0.", "cvss_score": 5.7, "cvss_vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-346"], "affected_products": [{"vendor": "lfprojects", "product": "mcp_java_sdk", "cpe": "cpe:2.3:a:lfprojects:mcp_java_sdk:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/modelcontextprotocol/java-sdk/releases/tag/v1.0.0", "source": "security-advisories@github.com", "tags": ["Release Notes"]}, {"url": "https://github.com/modelcontextprotocol/java-sdk/security/advisories/GHSA-8jxr-pr72-r468", "source": "security-advisories@github.com", "tags": ["Vendor Advisory"]}], "published": "2026-04-07T22:16:23.433", "last_modified": "2026-04-14T19:31:16.197", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00025, "epss_percentile": 0.06822, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 17, "ats_level": "INFO", "ats_breakdown": {"severity": 17.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-30816", "description": "An external control of configuration vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjacent attacker to read arbitrary file when a malicious configuration file is processed. \nSuccessful\nexploitation may allow unauthorized access to arbitrary files on the device,\npotentially exposing sensitive information.This issue affects AX53 v1.0: before 1.7.1 Build 20260213.", "cvss_score": 5.7, "cvss_vector": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-15", "CWE-610"], "affected_products": [{"vendor": "tp-link", "product": "archer_ax53_firmware", "cpe": "cpe:2.3:o:tp-link:archer_ax53_firmware:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://talosintelligence.com/vulnerability_reports/", "source": "f23511db-6c3e-4e32-a477-6aa17d310630", "tags": ["Third Party Advisory"]}, {"url": "https://www.tp-link.com/en/support/download/archer-ax53/v1/#Firmware", "source": "f23511db-6c3e-4e32-a477-6aa17d310630", "tags": ["Product"]}, {"url": "https://www.tp-link.com/my/support/download/archer-ax53/v1/#Firmware", "source": "f23511db-6c3e-4e32-a477-6aa17d310630", "tags": ["Product"]}, {"url": "https://www.tp-link.com/us/support/faq/5055/", "source": "f23511db-6c3e-4e32-a477-6aa17d310630", "tags": ["Vendor Advisory"]}], "published": "2026-04-08T19:25:20.477", "last_modified": "2026-04-14T16:19:50.740", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00023, "epss_percentile": 0.06218, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 17, "ats_level": "INFO", "ats_breakdown": {"severity": 17.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-30817", "description": "An external configuration control vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjacent attacker to read arbitrary files when a malicious configuration file is processed.  Successful exploitation may allow unauthorized access to arbitrary files on the device, potentially exposing sensitive information.This issue affects AX53 v1.0: before 1.7.1 Build 20260213.", "cvss_score": 5.7, "cvss_vector": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-15", "CWE-610"], "affected_products": [{"vendor": "tp-link", "product": "archer_ax53_firmware", "cpe": "cpe:2.3:o:tp-link:archer_ax53_firmware:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://talosintelligence.com/vulnerability_reports/", "source": "f23511db-6c3e-4e32-a477-6aa17d310630", "tags": ["Third Party Advisory"]}, {"url": "https://www.tp-link.com/en/support/download/archer-ax53/v1/#Firmware", "source": "f23511db-6c3e-4e32-a477-6aa17d310630", "tags": ["Product"]}, {"url": "https://www.tp-link.com/my/support/download/archer-ax53/v1/#Firmware", "source": "f23511db-6c3e-4e32-a477-6aa17d310630", "tags": ["Product"]}, {"url": "https://www.tp-link.com/us/support/faq/5055/", "source": "f23511db-6c3e-4e32-a477-6aa17d310630", "tags": ["Vendor Advisory"]}], "published": "2026-04-08T19:25:20.627", "last_modified": "2026-04-14T16:19:59.500", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00023, "epss_percentile": 0.06218, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 17, "ats_level": "INFO", "ats_breakdown": {"severity": 17.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39901", "description": "monetr is a budgeting application focused on planning for recurring expenses. Prior to 1.12.3, a transaction integrity flaw allows an authenticated tenant user to soft-delete synced non-manual transactions through the transaction update endpoint, despite the application explicitly blocking deletion of those transactions via the normal DELETE path. This bypass undermines the intended protection for imported transaction records and allows protected transactions to be hidden from normal views. This vulnerability is fixed in 1.12.3.", "cvss_score": 5.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-285"], "affected_products": [], "references": [{"url": "https://github.com/monetr/monetr/security/advisories/GHSA-hqxq-hwqf-wg83", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-08T22:16:22.010", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00027, "epss_percentile": 0.07433, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 17, "ats_level": "INFO", "ats_breakdown": {"severity": 17.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-1516", "description": "GitLab has remediated an issue in GitLab EE affecting all versions from 18.0.0 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that in Code Quality reports could have allowed an authenticated user to leak IP addresses of users viewing the report via specially crafted content.", "cvss_score": 5.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-94"], "affected_products": [{"vendor": "gitlab", "product": "gitlab", "cpe": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*"}, {"vendor": "gitlab", "product": "gitlab", "cpe": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*"}, {"vendor": "gitlab", "product": "gitlab", "cpe": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*"}], "references": [{"url": "https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/", "source": "cve@gitlab.com", "tags": ["Vendor Advisory", "Release Notes"]}, {"url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/587893", "source": "cve@gitlab.com", "tags": ["Broken Link"]}, {"url": "https://hackerone.com/reports/3514461", "source": "cve@gitlab.com", "tags": ["Permissions Required"]}], "published": "2026-04-08T23:16:57.920", "last_modified": "2026-04-14T17:03:01.990", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00019, "epss_percentile": 0.05056, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 17, "ats_level": "INFO", "ats_breakdown": {"severity": 17.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33773", "description": "An Incorrect Initialization of Resource vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on specific EX Series and QFX Series device allows an unauthenticated, network-based attacker to cause an integrity impact to downstream networks.\n\nWhen the same family inet or inet6 filter is applied on an IRB interface and on a physical interface as egress filter on EX4100, EX4400, EX4650 and QFX5120 devices, only one of the two filters will be applied, which can lead to traffic being sent out one of these interfaces which should have been blocked.\n\nThis issue affects Junos OS on EX Series and QFX Series:\n  *  23.4 version 23.4R2-S6,\n  *  24.2 version 24.2R2-S3.\n\n\nNo other Junos OS versions are affected.", "cvss_score": 5.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": [], "affected_products": [], "references": [{"url": "https://kb.juniper.net/JSA107815", "source": "sirt@juniper.net", "tags": []}], "published": "2026-04-09T22:16:25.590", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00029, "epss_percentile": 0.08075, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 17, "ats_level": "INFO", "ats_breakdown": {"severity": 17.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6011", "description": "A weakness has been identified in OpenClaw up to 2026.1.26. Affected by this issue is some unknown functionality of the file src/agents/tools/web-fetch.ts of the component assertPublicHostname Handler. Executing a manipulation can lead to server-side request forgery. The attack can be executed remotely. This attack is characterized by high complexity. The exploitation is known to be difficult. The exploit has been made available to the public and could be used for attacks. Upgrading to version 2026.1.29 can resolve this issue. This patch is called b623557a2ec7e271bda003eb3ac33fbb2e218505. Upgrading the affected component is advised.", "cvss_score": 5.6, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-918"], "affected_products": [], "references": [{"url": "https://github.com/openclaw/openclaw/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/openclaw/openclaw/commit/b623557a2ec7e271bda003eb3ac33fbb2e218505#diff-06572a96a58dc510037d5efa622f9bec8519bc1beab13c9f251e97e657a9d4edR44", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/openclaw/openclaw/releases/tag/v2026.1.29", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/zast-ai/vulnerability-reports/blob/main/openclaw/ssrf.md", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/795224", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356567", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356567/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-10T05:16:06.757", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00045, "epss_percentile": 0.13689, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1090", "name": "Proxy", "tactic": "Command and Control"}], "ats_score": 17, "ats_level": "INFO", "ats_breakdown": {"severity": 16.8, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35655", "description": "OpenClaw before 2026.3.22 contains an identity spoofing vulnerability in ACP permission resolution that trusts conflicting tool identity hints from rawInput and metadata. Attackers can spoof tool identities through rawInput parameters to suppress dangerous-tool prompting and bypass security restrictions.", "cvss_score": 5.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-807"], "affected_products": [{"vendor": "openclaw", "product": "openclaw", "cpe": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*"}], "references": [{"url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87", "source": "disclosure@vulncheck.com", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/commit/e4c61723cd2d530680cc61789311d464ab8cdf60", "source": "disclosure@vulncheck.com", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-74wf-h43j-vvmj", "source": "disclosure@vulncheck.com", "tags": ["Vendor Advisory"]}, {"url": "https://www.vulncheck.com/advisories/openclaw-identity-spoofing-via-rawinput-tool-in-acp-permission-resolution", "source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"]}], "published": "2026-04-10T17:17:06.550", "last_modified": "2026-04-13T21:07:08.670", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00039, "epss_percentile": 0.117, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 17, "ats_level": "INFO", "ats_breakdown": {"severity": 17.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40190", "description": "LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to 0.5.18, the LangSmith JavaScript/TypeScript SDK (langsmith) contains an incomplete prototype pollution fix in its internally vendored lodash set() utility. The baseAssignValue() function only guards against the __proto__ key, but fails to prevent traversal via constructor.prototype. This allows an attacker who controls keys in data processed by the createAnonymizer() API to pollute Object.prototype, affecting all objects in the Node.js process. This vulnerability is fixed in 0.5.18.", "cvss_score": 5.6, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-1321"], "affected_products": [], "references": [{"url": "https://github.com/langchain-ai/langsmith-sdk/security/advisories/GHSA-fw9q-39r9-c252", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-10T20:16:24.043", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0004, "epss_percentile": 0.11975, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 17, "ats_level": "INFO", "ats_breakdown": {"severity": 16.8, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34867", "description": "Double free vulnerability in the multi-mode input system.\nImpact: Successful exploitation of this vulnerability may affect availability.", "cvss_score": 5.6, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-415"], "affected_products": [], "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2026/4/", "source": "psirt@huawei.com", "tags": []}, {"url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/4/", "source": "psirt@huawei.com", "tags": []}], "published": "2026-04-13T04:16:13.240", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 6e-05, "epss_percentile": 0.00392, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 17, "ats_level": "INFO", "ats_breakdown": {"severity": 16.8, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34854", "description": "UAF vulnerability in the kernel module.\nImpact: Successful exploitation of this vulnerability will affect availability and confidentiality.", "cvss_score": 5.7, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-416"], "affected_products": [], "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2026/4/", "source": "psirt@huawei.com", "tags": []}], "published": "2026-04-13T05:16:03.200", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 6e-05, "epss_percentile": 0.00328, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 17, "ats_level": "INFO", "ats_breakdown": {"severity": 17.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34855", "description": "Out-of-bounds write vulnerability in the kernel module.\nImpact: Successful exploitation of this vulnerability will affect availability and confidentiality.", "cvss_score": 5.7, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-20"], "affected_products": [], "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2026/4/", "source": "psirt@huawei.com", "tags": []}], "published": "2026-04-13T05:16:03.360", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 8e-05, "epss_percentile": 0.00783, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 17, "ats_level": "INFO", "ats_breakdown": {"severity": 17.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4913", "description": "Improper protection of an alternate path in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to retain access when their account has been disabled.", "cvss_score": 5.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-424"], "affected_products": [], "references": [{"url": "https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-CVE-2026-4913-CVE-2026-4914?language=en_US", "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "tags": []}], "published": "2026-04-14T15:16:39.587", "last_modified": "2026-04-14T15:16:39.587", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 17, "ats_level": "INFO", "ats_breakdown": {"severity": 17.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-21742", "description": "A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated attacker to view cleartext password in response for Secure Message Exchange and Radius queries, if configured", "cvss_score": 5.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-319"], "affected_products": [], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-106", "source": "psirt@fortinet.com", "tags": []}], "published": "2026-04-14T16:16:35.930", "last_modified": "2026-04-14T16:16:35.930", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 17, "ats_level": "INFO", "ats_breakdown": {"severity": 17.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-23653", "description": "Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an authorized attacker to disclose information over a network.", "cvss_score": 5.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-77"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23653", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:16:44.137", "last_modified": "2026-04-14T18:16:44.137", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 17, "ats_level": "INFO", "ats_breakdown": {"severity": 17.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-23670", "description": "Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally.", "cvss_score": 5.7, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-822"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23670", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:16:44.750", "last_modified": "2026-04-14T18:16:44.750", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 17, "ats_level": "INFO", "ats_breakdown": {"severity": 17.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2020-26139", "description": "An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients and makes it easier to exploit other vulnerabilities in connected clients.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-287"], "affected_products": [{"vendor": "netbsd", "product": "netbsd", "cpe": "cpe:2.3:o:netbsd:netbsd:7.1:*:*:*:*:*:*:*"}, {"vendor": "debian", "product": "debian_linux", "cpe": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "c-100_firmware", "cpe": "cpe:2.3:o:arista:c-100_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "c-110_firmware", "cpe": "cpe:2.3:o:arista:c-110_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "c-120_firmware", "cpe": "cpe:2.3:o:arista:c-120_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "c-130_firmware", "cpe": "cpe:2.3:o:arista:c-130_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "c-200_firmware", "cpe": "cpe:2.3:o:arista:c-200_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "c-230_firmware", "cpe": "cpe:2.3:o:arista:c-230_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "c-235_firmware", "cpe": "cpe:2.3:o:arista:c-235_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "c-250_firmware", "cpe": "cpe:2.3:o:arista:c-250_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "c-260_firmware", "cpe": "cpe:2.3:o:arista:c-260_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "c-65_firmware", "cpe": "cpe:2.3:o:arista:c-65_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "c-75_firmware", "cpe": "cpe:2.3:o:arista:c-75_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "o-105_firmware", "cpe": "cpe:2.3:o:arista:o-105_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "o-90_firmware", "cpe": "cpe:2.3:o:arista:o-90_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "w-118_firmware", "cpe": "cpe:2.3:o:arista:w-118_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "w-68_firmware", "cpe": "cpe:2.3:o:arista:w-68_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "1100_firmware", "cpe": "cpe:2.3:o:cisco:1100_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "1100-4p_firmware", "cpe": "cpe:2.3:o:cisco:1100-4p_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "1100-8p_firmware", "cpe": "cpe:2.3:o:cisco:1100-8p_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "1101-4p_firmware", "cpe": "cpe:2.3:o:cisco:1101-4p_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "1109-2p_firmware", "cpe": "cpe:2.3:o:cisco:1109-2p_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "1109-4p_firmware", "cpe": "cpe:2.3:o:cisco:1109-4p_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_1532_firmware", "cpe": "cpe:2.3:o:cisco:aironet_1532_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_1542d_firmware", "cpe": "cpe:2.3:o:cisco:aironet_1542d_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_1542i_firmware", "cpe": "cpe:2.3:o:cisco:aironet_1542i_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_1552_firmware", "cpe": "cpe:2.3:o:cisco:aironet_1552_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_1552h_firmware", "cpe": "cpe:2.3:o:cisco:aironet_1552h_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_1572_firmware", "cpe": "cpe:2.3:o:cisco:aironet_1572_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_1702_firmware", "cpe": "cpe:2.3:o:cisco:aironet_1702_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_1800_firmware", "cpe": "cpe:2.3:o:cisco:aironet_1800_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_1800i_firmware", "cpe": "cpe:2.3:o:cisco:aironet_1800i_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_1810_firmware", "cpe": "cpe:2.3:o:cisco:aironet_1810_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_1810w_firmware", "cpe": "cpe:2.3:o:cisco:aironet_1810w_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_1815_firmware", "cpe": "cpe:2.3:o:cisco:aironet_1815_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_1815i_firmware", "cpe": "cpe:2.3:o:cisco:aironet_1815i_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_1832_firmware", "cpe": "cpe:2.3:o:cisco:aironet_1832_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_1842_firmware", "cpe": "cpe:2.3:o:cisco:aironet_1842_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_1852_firmware", "cpe": "cpe:2.3:o:cisco:aironet_1852_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_2702_firmware", "cpe": "cpe:2.3:o:cisco:aironet_2702_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_2800_firmware", "cpe": "cpe:2.3:o:cisco:aironet_2800_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_2800e_firmware", "cpe": "cpe:2.3:o:cisco:aironet_2800e_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_2800i_firmware", "cpe": "cpe:2.3:o:cisco:aironet_2800i_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_3702_firmware", "cpe": "cpe:2.3:o:cisco:aironet_3702_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_3800_firmware", "cpe": "cpe:2.3:o:cisco:aironet_3800_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_3800e_firmware", "cpe": "cpe:2.3:o:cisco:aironet_3800e_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_3800i_firmware", "cpe": "cpe:2.3:o:cisco:aironet_3800i_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_3800p_firmware", "cpe": "cpe:2.3:o:cisco:aironet_3800p_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_4800_firmware", "cpe": "cpe:2.3:o:cisco:aironet_4800_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_ap803_firmware", "cpe": "cpe:2.3:o:cisco:aironet_ap803_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_iw3702_firmware", "cpe": "cpe:2.3:o:cisco:aironet_iw3702_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_9105_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_9105_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_9105axi_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_9105axi_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_9105axw_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_9105axw_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_9115_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_9115_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_9115_ap_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_9115_ap_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_9115axe_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_9115axe_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_9115axi_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_9115axi_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_9117_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_9117_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_9117_ap_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_9117_ap_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_9117axi_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_9117axi_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_9120_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_9120_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_9120_ap_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_9120_ap_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_9120axe_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_9120axe_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_9120axi_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_9120axi_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_9120axp_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_9120axp_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_9124_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_9124_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_9124axd_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_9124axd_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_9124axi_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_9124axi_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_9130_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_9130_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_9130_ap_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_9130_ap_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_9130axe_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_9130axe_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_9130axi_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_9130axi_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_iw6300_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_iw6300_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_iw6300_ac_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_iw6300_ac_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_iw6300_dc_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_iw6300_dc_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_iw6300_dcw_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_iw6300_dcw_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "esw6300_firmware", "cpe": "cpe:2.3:o:cisco:esw6300_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "ip_phone_6861_firmware", "cpe": "cpe:2.3:o:cisco:ip_phone_6861_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "ip_phone_8821_firmware", "cpe": "cpe:2.3:o:cisco:ip_phone_8821_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "ip_phone_8832_firmware", "cpe": "cpe:2.3:o:cisco:ip_phone_8832_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "ip_phone_8861_firmware", "cpe": "cpe:2.3:o:cisco:ip_phone_8861_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "ip_phone_8865_firmware", "cpe": "cpe:2.3:o:cisco:ip_phone_8865_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "ir829-2lte-ea-ak9_firmware", "cpe": "cpe:2.3:o:cisco:ir829-2lte-ea-ak9_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "ir829-2lte-ea-bk9_firmware", "cpe": "cpe:2.3:o:cisco:ir829-2lte-ea-bk9_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "ir829-2lte-ea-ek9_firmware", "cpe": "cpe:2.3:o:cisco:ir829-2lte-ea-ek9_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "ir829gw-lte-ga-ck9_firmware", "cpe": "cpe:2.3:o:cisco:ir829gw-lte-ga-ck9_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "ir829gw-lte-ga-ek9_firmware", "cpe": "cpe:2.3:o:cisco:ir829gw-lte-ga-ek9_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "ir829gw-lte-ga-sk9_firmware", "cpe": "cpe:2.3:o:cisco:ir829gw-lte-ga-sk9_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "ir829gw-lte-ga-zk9_firmware", "cpe": "cpe:2.3:o:cisco:ir829gw-lte-ga-zk9_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "ir829gw-lte-na-ak9_firmware", "cpe": "cpe:2.3:o:cisco:ir829gw-lte-na-ak9_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "ir829gw-lte-vz-ak9_firmware", "cpe": "cpe:2.3:o:cisco:ir829gw-lte-vz-ak9_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_gr10_firmware", "cpe": "cpe:2.3:o:cisco:meraki_gr10_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_gr60_firmware", "cpe": "cpe:2.3:o:cisco:meraki_gr60_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr12_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr12_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr20_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr20_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr26_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr26_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr30h_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr30h_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr32_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr32_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr33_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr33_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr34_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr34_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr36_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr36_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr42_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr42_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr42e_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr42e_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr44_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr44_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr45_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr45_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr46_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr46_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr46e_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr46e_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr52_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr52_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr53_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr53_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr53e_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr53e_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr55_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr55_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr56_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr56_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr62_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr62_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr66_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr66_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr70_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr70_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr72_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr72_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr74_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr74_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr76_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr76_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr84_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr84_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr86_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr86_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mx64w_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mx64w_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mx65w_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mx65w_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mx67cw_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mx67cw_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mx67w_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mx67w_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mx68cw_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mx68cw_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mx68w_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mx68w_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_z3_firmware", "cpe": "cpe:2.3:o:cisco:meraki_z3_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_z3c_firmware", "cpe": "cpe:2.3:o:cisco:meraki_z3c_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "webex_board_55_firmware", "cpe": "cpe:2.3:o:cisco:webex_board_55_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "webex_board_55s_firmware", "cpe": "cpe:2.3:o:cisco:webex_board_55s_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "webex_board_70_firmware", "cpe": "cpe:2.3:o:cisco:webex_board_70_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "webex_board_70s_firmware", "cpe": "cpe:2.3:o:cisco:webex_board_70s_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "webex_board_85s_firmware", "cpe": "cpe:2.3:o:cisco:webex_board_85s_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "webex_dx70_firmware", "cpe": "cpe:2.3:o:cisco:webex_dx70_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "webex_dx80_firmware", "cpe": "cpe:2.3:o:cisco:webex_dx80_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "webex_room_55_firmware", "cpe": "cpe:2.3:o:cisco:webex_room_55_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "webex_room_55_dual_firmware", "cpe": "cpe:2.3:o:cisco:webex_room_55_dual_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "webex_room_70_firmware", "cpe": "cpe:2.3:o:cisco:webex_room_70_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "webex_room_70_dual_firmware", "cpe": "cpe:2.3:o:cisco:webex_room_70_dual_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "webex_room_70_dual_g2_firmware", "cpe": "cpe:2.3:o:cisco:webex_room_70_dual_g2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "webex_room_70_single_firmware", "cpe": "cpe:2.3:o:cisco:webex_room_70_single_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "webex_room_70_single_g2_firmware", "cpe": "cpe:2.3:o:cisco:webex_room_70_single_g2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "webex_room_kit_firmware", "cpe": "cpe:2.3:o:cisco:webex_room_kit_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "webex_room_kit_mini_firmware", "cpe": "cpe:2.3:o:cisco:webex_room_kit_mini_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "intel", "product": "ac_8260_firmware", "cpe": "cpe:2.3:o:intel:ac_8260_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "intel", "product": "ac_8265_firmware", "cpe": "cpe:2.3:o:intel:ac_8265_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "intel", "product": "ac_9260_firmware", "cpe": "cpe:2.3:o:intel:ac_9260_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "intel", "product": "ac_9560_firmware", "cpe": "cpe:2.3:o:intel:ac_9560_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "intel", "product": "killer_ac_1550_firmware", "cpe": "cpe:2.3:o:intel:killer_ac_1550_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "intel", "product": "killer_wi-fi_6_ax1650_firmware", "cpe": "cpe:2.3:o:intel:killer_wi-fi_6_ax1650_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "intel", "product": "killer_wi-fi_6e_ax1675_firmware", "cpe": "cpe:2.3:o:intel:killer_wi-fi_6e_ax1675_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "intel", "product": "proset_ac_3165_firmware", "cpe": "cpe:2.3:o:intel:proset_ac_3165_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "intel", "product": "proset_ac_3168_firmware", "cpe": "cpe:2.3:o:intel:proset_ac_3168_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "intel", "product": "proset_ac_8260_firmware", "cpe": "cpe:2.3:o:intel:proset_ac_8260_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "intel", "product": "proset_ac_8265_firmware", "cpe": "cpe:2.3:o:intel:proset_ac_8265_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "intel", "product": "proset_ac_9260_firmware", "cpe": "cpe:2.3:o:intel:proset_ac_9260_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "intel", "product": "proset_ac_9461_firmware", "cpe": "cpe:2.3:o:intel:proset_ac_9461_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "intel", "product": "proset_ac_9462_firmware", "cpe": "cpe:2.3:o:intel:proset_ac_9462_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "intel", "product": "proset_ac_9560_firmware", "cpe": "cpe:2.3:o:intel:proset_ac_9560_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "intel", "product": "proset_wi-fi_6_ax200_firmware", "cpe": "cpe:2.3:o:intel:proset_wi-fi_6_ax200_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "intel", "product": "proset_wi-fi_6_ax201_firmware", "cpe": "cpe:2.3:o:intel:proset_wi-fi_6_ax201_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "intel", "product": "proset_wi-fi_6e_ax210_firmware", "cpe": "cpe:2.3:o:intel:proset_wi-fi_6e_ax210_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "intel", "product": "proset_wireless_7265_\\(rev_d\\)_firmware", "cpe": "cpe:2.3:o:intel:proset_wireless_7265_\\(rev_d\\)_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "intel", "product": "wi-fi_6_ax200_firmware", "cpe": "cpe:2.3:o:intel:wi-fi_6_ax200_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "intel", "product": "wi-fi_6_ax201_firmware", "cpe": "cpe:2.3:o:intel:wi-fi_6_ax201_firmware:-:*:*:*:*:*:*:*"}], "references": [{"url": "http://www.openwall.com/lists/oss-security/2021/05/11/12", "source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf", "source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"]}, {"url": "https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md", "source": "cve@mitre.org", "tags": ["Third Party Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html", "source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html", "source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu", "source": "cve@mitre.org", "tags": ["Third Party Advisory"]}, {"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63", "source": "cve@mitre.org", "tags": ["Third Party Advisory"]}, {"url": "https://www.fragattacks.com", "source": "cve@mitre.org", "tags": ["Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2021/05/11/12", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"]}, {"url": "https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://www.fragattacks.com", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-019200.html", "source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e", "tags": []}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-913875.html", "source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e", "tags": []}], "published": "2021-05-11T20:15:08.647", "last_modified": "2026-04-14T09:16:21.793", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.02254, "epss_percentile": 0.846, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1078", "name": "Valid Accounts", "tactic": "Initial Access"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.6, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2020-26146", "description": "An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WPA, WPA2, and WPA3 implementations reassemble fragments with non-consecutive packet numbers. An adversary can abuse this to exfiltrate selected fragments. This vulnerability is exploitable when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used. Note that WEP is vulnerable to this attack by design.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-20"], "affected_products": [{"vendor": "samsung", "product": "galaxy_i9305_firmware", "cpe": "cpe:2.3:o:samsung:galaxy_i9305_firmware:4.4.4:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "c-250_firmware", "cpe": "cpe:2.3:o:arista:c-250_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "c-260_firmware", "cpe": "cpe:2.3:o:arista:c-260_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "c-230_firmware", "cpe": "cpe:2.3:o:arista:c-230_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "c-235_firmware", "cpe": "cpe:2.3:o:arista:c-235_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "c-200_firmware", "cpe": "cpe:2.3:o:arista:c-200_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "c-120_firmware", "cpe": "cpe:2.3:o:arista:c-120_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "c-130_firmware", "cpe": "cpe:2.3:o:arista:c-130_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "c-100_firmware", "cpe": "cpe:2.3:o:arista:c-100_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "c-110_firmware", "cpe": "cpe:2.3:o:arista:c-110_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "o-105_firmware", "cpe": "cpe:2.3:o:arista:o-105_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "w-118_firmware", "cpe": "cpe:2.3:o:arista:w-118_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "c-75_firmware", "cpe": "cpe:2.3:o:arista:c-75_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "o-90_firmware", "cpe": "cpe:2.3:o:arista:o-90_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "c-65_firmware", "cpe": "cpe:2.3:o:arista:c-65_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "w-68_firmware", "cpe": "cpe:2.3:o:arista:w-68_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_w700_ieee_802.11n_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w700_ieee_802.11n_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_w1700_ieee_802.11ac_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w1700_ieee_802.11ac_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_w1750d_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*"}], "references": [{"url": "http://www.openwall.com/lists/oss-security/2021/05/11/12", "source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf", "source": "cve@mitre.org", "tags": ["Third Party Advisory"]}, {"url": "https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md", "source": "cve@mitre.org", "tags": ["Third Party Advisory"]}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu", "source": "cve@mitre.org", "tags": ["Third Party Advisory"]}, {"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63", "source": "cve@mitre.org", "tags": ["Third Party Advisory"]}, {"url": "https://www.fragattacks.com", "source": "cve@mitre.org", "tags": ["Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2021/05/11/12", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://www.fragattacks.com", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-019200.html", "source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e", "tags": []}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-913875.html", "source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e", "tags": []}], "published": "2021-05-11T20:15:08.907", "last_modified": "2026-04-14T09:16:26.203", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.01409, "epss_percentile": 0.80494, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.4, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2020-26147", "description": "An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used.", "cvss_score": 5.4, "cvss_vector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N", "cvss_severity": "MEDIUM", "cwes": [], "affected_products": [{"vendor": "linux", "product": "linux_kernel", "cpe": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"}, {"vendor": "linux", "product": "linux_kernel", "cpe": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"}, {"vendor": "linux", "product": "linux_kernel", "cpe": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"}, {"vendor": "linux", "product": "linux_kernel", "cpe": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"}, {"vendor": "linux", "product": "linux_kernel", "cpe": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"}, {"vendor": "linux", "product": "linux_kernel", "cpe": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"}, {"vendor": "linux", "product": "linux_kernel", "cpe": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"}, {"vendor": "debian", "product": "debian_linux", "cpe": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "c-75_firmware", "cpe": "cpe:2.3:o:arista:c-75_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "o-90_firmware", "cpe": "cpe:2.3:o:arista:o-90_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "c-65_firmware", "cpe": "cpe:2.3:o:arista:c-65_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "w-68_firmware", "cpe": "cpe:2.3:o:arista:w-68_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_w700_ieee_802.11n_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w700_ieee_802.11n_firmware:*:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_w1700_ieee_802.11ac_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w1700_ieee_802.11ac_firmware:*:*:*:*:*:*:*:*"}], "references": [{"url": "http://www.openwall.com/lists/oss-security/2021/05/11/12", "source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"]}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf", "source": "cve@mitre.org", "tags": ["Third Party Advisory"]}, {"url": "https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md", "source": "cve@mitre.org", "tags": ["Third Party Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html", "source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html", "source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu", "source": "cve@mitre.org", "tags": ["Third Party Advisory"]}, {"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63", "source": "cve@mitre.org", "tags": ["Third Party Advisory"]}, {"url": "https://www.fragattacks.com", "source": "cve@mitre.org", "tags": ["Product"]}, {"url": "http://www.openwall.com/lists/oss-security/2021/05/11/12", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"]}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://www.fragattacks.com", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"]}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-019200.html", "source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e", "tags": []}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-913875.html", "source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e", "tags": []}], "published": "2021-05-11T20:15:08.947", "last_modified": "2026-04-14T10:16:18.070", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00464, "epss_percentile": 0.64331, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.2, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-0237", "description": "The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6.", "cvss_score": 5.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-863"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1915257", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-01/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-02/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-04/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-05/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00004.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-01-07T16:15:38.323", "last_modified": "2026-04-13T15:16:32.097", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00119, "epss_percentile": 0.30842, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-0238", "description": "Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Firefox ESR 115.19, Thunderbird 134, and Thunderbird 128.6.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-416"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1915535", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-01/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-02/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-03/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-04/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-05/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00004.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-01-07T16:15:38.470", "last_modified": "2026-04-13T15:16:32.350", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00127, "epss_percentile": 0.32037, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-27426", "description": "Malicious websites utilizing a server-side redirect to an internal error page could result in a spoofed website URL. This vulnerability was fixed in Firefox for iOS 136.", "cvss_score": 5.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-601"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1933079", "source": "security@mozilla.org", "tags": ["Issue Tracking"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-13/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-03-04T14:15:39.593", "last_modified": "2026-04-13T15:16:55.467", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0036, "epss_percentile": 0.58214, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.2, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-26695", "description": "When requesting an OpenPGP key from a WKD server, an incorrect padding size was used and a network observer could have learned the length of the requested email address. This vulnerability was fixed in Thunderbird 136 and Thunderbird 128.8.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": [], "affected_products": [{"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1883039", "source": "security@mozilla.org", "tags": ["Issue Tracking"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-17/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-18/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-03-10T19:15:40.567", "last_modified": "2026-04-13T15:16:54.780", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00041, "epss_percentile": 0.12366, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-3035", "description": "By first using the AI chatbot in one tab and later activating it in another tab, the document title of the previous tab would leak into the chat prompt. This vulnerability was fixed in Firefox 137.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-359"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1952268", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-20/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-04-01T13:15:41.893", "last_modified": "2026-04-13T15:16:57.497", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00308, "epss_percentile": 0.54032, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-4090", "description": "A vulnerability existed in Thunderbird for Android where potentially sensitive library locations were logged via Logcat. This vulnerability was fixed in Firefox 138 and Thunderbird 138.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-532"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1929478", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-28/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-31/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-04-29T14:15:35.627", "last_modified": "2026-04-13T15:17:00.723", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00282, "epss_percentile": 0.51567, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1005", "name": "Data from Local System", "tactic": "Collection"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-5267", "description": "A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details to a malicious page. This vulnerability was fixed in Firefox 139, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11.", "cvss_score": 5.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-1021"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1954137", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-42/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-44/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-45/", "source": "security@mozilla.org", "tags": []}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-46/", "source": "security@mozilla.org", "tags": []}, {"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00043.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00046.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-05-27T13:15:22.507", "last_modified": "2026-04-13T15:17:04.397", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00352, "epss_percentile": 0.57626, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.2, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-49534", "description": "Adobe Experience Manager versions FP11.4 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Scope is changed.", "cvss_score": 5.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [{"vendor": "adobe", "product": "experience_manager", "cpe": "cpe:2.3:a:adobe:experience_manager:6.5.22.0:fp11.4:*:*:-:*:*:*"}], "references": [{"url": "https://helpx.adobe.com/security/products/aem-screens/apsb25-68.html", "source": "psirt@adobe.com", "tags": ["Vendor Advisory"]}], "published": "2025-07-08T22:15:27.587", "last_modified": "2026-04-14T18:16:40.453", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00047, "epss_percentile": 0.1451, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-49547", "description": "Adobe Experience Manager versions FP11.4 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Scope is changed.", "cvss_score": 5.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [{"vendor": "adobe", "product": "experience_manager", "cpe": "cpe:2.3:a:adobe:experience_manager:6.5.22.0:fp11.4:*:*:-:*:*:*"}], "references": [{"url": "https://helpx.adobe.com/security/products/aem-screens/apsb25-68.html", "source": "psirt@adobe.com", "tags": ["Vendor Advisory"]}], "published": "2025-07-08T22:15:27.737", "last_modified": "2026-04-14T18:16:40.657", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00047, "epss_percentile": 0.1451, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-32989", "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-295"], "affected_products": [{"vendor": "gnu", "product": "gnutls", "cpe": "cpe:2.3:a:gnu:gnutls:-:*:*:*:*:*:*:*"}, {"vendor": "redhat", "product": "openshift_container_platform", "cpe": "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*"}, {"vendor": "redhat", "product": "enterprise_linux", "cpe": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*"}, {"vendor": "redhat", "product": "enterprise_linux", "cpe": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*"}, {"vendor": "redhat", "product": "enterprise_linux", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*"}, {"vendor": "redhat", "product": "enterprise_linux", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*"}, {"vendor": "redhat", "product": "enterprise_linux", "cpe": "cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*"}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2025:16115", "source": "secalert@redhat.com", "tags": []}, {"url": "https://access.redhat.com/errata/RHSA-2025:16116", "source": "secalert@redhat.com", "tags": []}, {"url": "https://access.redhat.com/errata/RHSA-2025:17181", "source": "secalert@redhat.com", "tags": []}, {"url": "https://access.redhat.com/errata/RHSA-2025:17348", "source": "secalert@redhat.com", "tags": []}, {"url": "https://access.redhat.com/errata/RHSA-2025:17361", "source": "secalert@redhat.com", "tags": []}, {"url": "https://access.redhat.com/errata/RHSA-2025:19088", "source": "secalert@redhat.com", "tags": []}, {"url": "https://access.redhat.com/errata/RHSA-2025:22529", "source": "secalert@redhat.com", "tags": []}, {"url": "https://access.redhat.com/security/cve/CVE-2025-32989", "source": "secalert@redhat.com", "tags": ["Vendor Advisory"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359621", "source": "secalert@redhat.com", "tags": ["Issue Tracking"]}, {"url": "https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html", "source": "secalert@redhat.com", "tags": []}, {"url": "http://www.openwall.com/lists/oss-security/2025/07/11/3", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-07-10T08:15:24.430", "last_modified": "2026-04-14T11:16:24.777", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00141, "epss_percentile": 0.34261, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1557", "name": "Adversary-in-the-Middle", "tactic": "Credential Access"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-54144", "description": "The URL scheme used by Firefox to facilitate searching of text queries could incorrectly allow attackers to open arbitrary website URLs or internal pages if a user was tricked into clicking a link. This vulnerability was fixed in Firefox for iOS 141.", "cvss_score": 5.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-601"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:iphone_os:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1946062", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-60/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-08-19T21:15:27.710", "last_modified": "2026-04-13T15:17:02.017", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00029, "epss_percentile": 0.08195, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-8041", "description": "In the address bar, Firefox for Android truncated the display of URLs from the end instead of prioritizing the origin. This vulnerability was fixed in Firefox 141.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-451"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1670725", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-56/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1670725", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Issue Tracking", "Permissions Required"]}], "published": "2025-08-19T21:15:29.250", "last_modified": "2026-04-13T15:17:12.403", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00036, "epss_percentile": 0.10566, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-10531", "description": "Mitigation bypass in the Web Compatibility: Tooling component. This vulnerability was fixed in Firefox 143 and Thunderbird 143.", "cvss_score": 5.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-288"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1978453", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-73/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-77/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-09-16T13:15:46.617", "last_modified": "2026-04-13T15:16:36.513", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0003, "epss_percentile": 0.08528, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-22486", "description": "Missing Authorization vulnerability in Re Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Re Gallery: from n/a through 1.18.9.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/wordpress/plugin/regallery/vulnerability/wordpress-re-gallery-responsive-photo-gallery-plugin-plugin-1-17-17-broken-access-control-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-01-08T17:15:50.777", "last_modified": "2026-04-13T10:16:11.417", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00042, "epss_percentile": 0.12585, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-0883", "description": "Information disclosure in the Networking component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-200"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1989340", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-03/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-05/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-01-13T14:16:38.853", "last_modified": "2026-04-13T15:17:17.223", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00015, "epss_percentile": 0.03029, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1005", "name": "Data from Local System", "tactic": "Collection"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-0886", "description": "Incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-119"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2005658", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-02/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-03/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-05/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-01-13T14:16:39.140", "last_modified": "2026-04-13T15:17:17.743", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00018, "epss_percentile": 0.04526, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-0888", "description": "Information disclosure in the XML component. This vulnerability was fixed in Firefox 147 and Thunderbird 147.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-200"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1985996", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-01-13T14:16:39.340", "last_modified": "2026-04-13T15:17:18.117", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00014, "epss_percentile": 0.02474, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1005", "name": "Data from Local System", "tactic": "Collection"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-0890", "description": "Spoofing issue in the DOM: Copy & Paste and Drag & Drop component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.", "cvss_score": 5.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-290"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2005081", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-03/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-05/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-01-13T14:16:39.523", "last_modified": "2026-04-13T15:17:18.443", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00017, "epss_percentile": 0.03973, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2804", "description": "Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.", "cvss_score": 5.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-416"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2013584", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-02-24T14:16:28.917", "last_modified": "2026-04-13T15:17:31.677", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00034, "epss_percentile": 0.09812, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-62844", "description": "A weak authentication vulnerability has been reported to affect QHora. If an attacker gains local network access, they can then exploit the vulnerability to gain sensitive information.\n\nWe have already fixed the vulnerability in the following version:\nQuRouter 2.6.2.007 and later", "cvss_score": 5.5, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-1390"], "affected_products": [{"vendor": "qnap", "product": "qurouter", "cpe": "cpe:2.3:o:qnap:qurouter:2.6.0.239:build_20250625:*:*:*:*:*:*"}, {"vendor": "qnap", "product": "qurouter", "cpe": "cpe:2.3:o:qnap:qurouter:2.6.0.688:build_20250818:*:*:*:*:*:*"}, {"vendor": "qnap", "product": "qurouter", "cpe": "cpe:2.3:o:qnap:qurouter:2.6.1.028:build_20251001:*:*:*:*:*:*"}], "references": [{"url": "https://www.qnap.com/en/security-advisory/qsa-26-12", "source": "security@qnapsecurity.com.tw", "tags": ["Vendor Advisory"]}], "published": "2026-03-20T17:16:42.387", "last_modified": "2026-04-14T14:24:28.777", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00027, "epss_percentile": 0.07537, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-63260", "description": "SyncFusion 30.1.37 is vulnerable to Cross Site Scripting (XSS) via the Document-Editor reply to comment field and Chat-UI Chat message.", "cvss_score": 5.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [{"vendor": "syncfusion", "product": "syncfusion", "cpe": "cpe:2.3:a:syncfusion:syncfusion:30.1.37:*:*:*:*:*:*:*"}], "references": [{"url": "http://syncfusion.com", "source": "cve@mitre.org", "tags": ["Product"]}, {"url": "https://pentest-tools.com/PTT-2025-023-Multiple-Stored-XSS.pdf", "source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"]}], "published": "2026-03-20T20:16:47.087", "last_modified": "2026-04-14T19:26:57.653", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00029, "epss_percentile": 0.08248, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33237", "description": "WWBN AVideo is an open source video platform. Prior to version 26.0, the Scheduler plugin's `run()` function in `plugin/Scheduler/Scheduler.php` calls `url_get_contents()` with an admin-configurable `callbackURL` that is validated only by `isValidURL()` (URL format check). Unlike other AVideo endpoints that were recently patched for SSRF (GHSA-9x67-f2v7-63rw, GHSA-h39h-7cvg-q7j6), the Scheduler's callback URL is never passed through `isSSRFSafeURL()`, which blocks requests to RFC-1918 private addresses, loopback, and cloud metadata endpoints. An admin can configure a scheduled task with an internal network `callbackURL` to perform SSRF against cloud infrastructure metadata services or internal APIs not otherwise reachable from the internet. Version 26.0 contains a patch for the issue.", "cvss_score": 5.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-918"], "affected_products": [{"vendor": "wwbn", "product": "avideo", "cpe": "cpe:2.3:a:wwbn:avideo:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/WWBN/AVideo/commit/df926e500580c2a1e3c70351f0c30f4e15c0fd83", "source": "security-advisories@github.com", "tags": ["Patch"]}, {"url": "https://github.com/WWBN/AVideo/issues/10403", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/WWBN/AVideo/security/advisories/GHSA-v467-g7g7-hhfh", "source": "security-advisories@github.com", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}], "published": "2026-03-21T00:16:26.523", "last_modified": "2026-04-13T18:16:29.593", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00038, "epss_percentile": 0.11114, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1090", "name": "Proxy", "tactic": "Command and Control"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-21724", "description": "A vulnerability has been discovered in Grafana OSS where an authorization bypass in the provisioning contact points API allows users with Editor role to modify protected webhook URLs without the required alert.notifications.receivers.protected:write permission.", "cvss_score": 5.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-285"], "affected_products": [{"vendor": "grafana", "product": "grafana", "cpe": "cpe:2.3:a:grafana:grafana:*:*:*:*:-:*:*:*"}, {"vendor": "grafana", "product": "grafana", "cpe": "cpe:2.3:a:grafana:grafana:*:*:*:*:-:*:*:*"}, {"vendor": "grafana", "product": "grafana", "cpe": "cpe:2.3:a:grafana:grafana:*:*:*:*:-:*:*:*"}, {"vendor": "grafana", "product": "grafana", "cpe": "cpe:2.3:a:grafana:grafana:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://grafana.com/security/security-advisories/cve-2026-21724", "source": "security@grafana.com", "tags": ["Vendor Advisory"]}], "published": "2026-03-26T21:17:03.227", "last_modified": "2026-04-14T01:00:10.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0003, "epss_percentile": 0.08346, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34364", "description": "WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `categories.json.php` endpoint, which serves the category listing API, fails to enforce user group-based access controls on categories. In the default request path (no `?user=` parameter), user group filtering is entirely skipped, exposing all non-private categories including those restricted to specific user groups. When the `?user=` parameter is supplied, a type confusion bug causes the filter to use the admin user's (user_id=1) group memberships instead of the current user's, rendering the filter ineffective. Commit 6e8a673eed07be5628d0b60fbfabd171f3ce74c9 contains a fix.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-863"], "affected_products": [{"vendor": "wwbn", "product": "avideo", "cpe": "cpe:2.3:a:wwbn:avideo:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/WWBN/AVideo/commit/6e8a673eed07be5628d0b60fbfabd171f3ce74c9", "source": "security-advisories@github.com", "tags": ["Patch"]}, {"url": "https://github.com/WWBN/AVideo/security/advisories/GHSA-73gr-r64q-7jh4", "source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"]}, {"url": "https://github.com/WWBN/AVideo/security/advisories/GHSA-73gr-r64q-7jh4", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"]}], "published": "2026-03-27T18:16:05.570", "last_modified": "2026-04-14T01:22:38.370", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00012, "epss_percentile": 0.01621, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-26352", "description": "Smoothwall Express versions prior to 3.1 Update 13 contain a stored cross-site scripting vulnerability in the /cgi-bin/vpnmain.cgi script due to improper sanitation of the VPN_IP parameter. Authenticated attackers can inject arbitrary JavaScript through VPN configuration settings that executes when the affected page is viewed by other users.", "cvss_score": 5.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [{"vendor": "smoothwall", "product": "smoothwall_express", "cpe": "cpe:2.3:o:smoothwall:smoothwall_express:*:*:*:*:*:*:*:*"}, {"vendor": "smoothwall", "product": "smoothwall_express", "cpe": "cpe:2.3:o:smoothwall:smoothwall_express:3.1:update1:*:*:-:*:*:*"}, {"vendor": "smoothwall", "product": "smoothwall_express", "cpe": "cpe:2.3:o:smoothwall:smoothwall_express:3.1:update10:*:*:-:*:*:*"}, {"vendor": "smoothwall", "product": "smoothwall_express", "cpe": "cpe:2.3:o:smoothwall:smoothwall_express:3.1:update11:*:*:-:*:*:*"}, {"vendor": "smoothwall", "product": "smoothwall_express", "cpe": "cpe:2.3:o:smoothwall:smoothwall_express:3.1:update12:*:*:-:*:*:*"}, {"vendor": "smoothwall", "product": "smoothwall_express", "cpe": "cpe:2.3:o:smoothwall:smoothwall_express:3.1:update2:*:*:-:*:*:*"}, {"vendor": "smoothwall", "product": "smoothwall_express", "cpe": "cpe:2.3:o:smoothwall:smoothwall_express:3.1:update3:*:*:-:*:*:*"}, {"vendor": "smoothwall", "product": "smoothwall_express", "cpe": "cpe:2.3:o:smoothwall:smoothwall_express:3.1:update4:*:*:-:*:*:*"}, {"vendor": "smoothwall", "product": "smoothwall_express", "cpe": "cpe:2.3:o:smoothwall:smoothwall_express:3.1:update5:*:*:-:*:*:*"}, {"vendor": "smoothwall", "product": "smoothwall_express", "cpe": "cpe:2.3:o:smoothwall:smoothwall_express:3.1:update6:*:*:-:*:*:*"}, {"vendor": "smoothwall", "product": "smoothwall_express", "cpe": "cpe:2.3:o:smoothwall:smoothwall_express:3.1:update7:*:*:-:*:*:*"}, {"vendor": "smoothwall", "product": "smoothwall_express", "cpe": "cpe:2.3:o:smoothwall:smoothwall_express:3.1:update8:*:*:-:*:*:*"}, {"vendor": "smoothwall", "product": "smoothwall_express", "cpe": "cpe:2.3:o:smoothwall:smoothwall_express:3.1:update9:*:*:-:*:*:*"}], "references": [{"url": "https://community.smoothwall.org/forum/viewtopic.php?t=45095", "source": "disclosure@vulncheck.com", "tags": ["Release Notes", "Product"]}, {"url": "https://www.vulncheck.com/advisories/smoothwall-express-stored-xss-in-vpnmain-cgi-via-vpn-ip-parameter", "source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"]}], "published": "2026-03-30T17:16:14.363", "last_modified": "2026-04-14T16:34:30.427", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00029, "epss_percentile": 0.08248, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27508", "description": "Smoothwall Express versions prior to 3.1 Update 13 contain a reflected cross-site scripting vulnerability in the /redirect.cgi endpoint due to improper sanitation of the url parameter. Attackers can craft malicious URLs with javascript: schemes that execute arbitrary JavaScript in victims' browsers when clicked through the unsanitized link.", "cvss_score": 5.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [{"vendor": "smoothwall", "product": "smoothwall_express", "cpe": "cpe:2.3:o:smoothwall:smoothwall_express:*:*:*:*:*:*:*:*"}, {"vendor": "smoothwall", "product": "smoothwall_express", "cpe": "cpe:2.3:o:smoothwall:smoothwall_express:3.1:update1:*:*:-:*:*:*"}, {"vendor": "smoothwall", "product": "smoothwall_express", "cpe": "cpe:2.3:o:smoothwall:smoothwall_express:3.1:update10:*:*:-:*:*:*"}, {"vendor": "smoothwall", "product": "smoothwall_express", "cpe": "cpe:2.3:o:smoothwall:smoothwall_express:3.1:update11:*:*:-:*:*:*"}, {"vendor": "smoothwall", "product": "smoothwall_express", "cpe": "cpe:2.3:o:smoothwall:smoothwall_express:3.1:update12:*:*:-:*:*:*"}, {"vendor": "smoothwall", "product": "smoothwall_express", "cpe": "cpe:2.3:o:smoothwall:smoothwall_express:3.1:update2:*:*:-:*:*:*"}, {"vendor": "smoothwall", "product": "smoothwall_express", "cpe": "cpe:2.3:o:smoothwall:smoothwall_express:3.1:update3:*:*:-:*:*:*"}, {"vendor": "smoothwall", "product": "smoothwall_express", "cpe": "cpe:2.3:o:smoothwall:smoothwall_express:3.1:update4:*:*:-:*:*:*"}, {"vendor": "smoothwall", "product": "smoothwall_express", "cpe": "cpe:2.3:o:smoothwall:smoothwall_express:3.1:update5:*:*:-:*:*:*"}, {"vendor": "smoothwall", "product": "smoothwall_express", "cpe": "cpe:2.3:o:smoothwall:smoothwall_express:3.1:update6:*:*:-:*:*:*"}, {"vendor": "smoothwall", "product": "smoothwall_express", "cpe": "cpe:2.3:o:smoothwall:smoothwall_express:3.1:update7:*:*:-:*:*:*"}, {"vendor": "smoothwall", "product": "smoothwall_express", "cpe": "cpe:2.3:o:smoothwall:smoothwall_express:3.1:update8:*:*:-:*:*:*"}, {"vendor": "smoothwall", "product": "smoothwall_express", "cpe": "cpe:2.3:o:smoothwall:smoothwall_express:3.1:update9:*:*:-:*:*:*"}], "references": [{"url": "https://community.smoothwall.org/forum/viewtopic.php?t=45095", "source": "disclosure@vulncheck.com", "tags": ["Product", "Release Notes"]}, {"url": "https://www.vulncheck.com/advisories/smoothwall-express-reflected-xss-in-redirect-cgi-via-url-parameter", "source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"]}], "published": "2026-03-30T17:16:15.440", "last_modified": "2026-04-14T16:32:57.800", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00031, "epss_percentile": 0.08923, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-24028", "description": "An attacker might be able to trigger an out-of-bounds read by sending a crafted DNS response packet, when custom Lua code uses newDNSPacketOverlay to parse DNS packets. The out-of-bounds read might trigger a crash, leading to a denial of service, or access unrelated memory, leading to potential information disclosure.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-126"], "affected_products": [{"vendor": "powerdns", "product": "dnsdist", "cpe": "cpe:2.3:a:powerdns:dnsdist:*:*:*:*:*:*:*:*"}, {"vendor": "powerdns", "product": "dnsdist", "cpe": "cpe:2.3:a:powerdns:dnsdist:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html", "source": "security@open-xchange.com", "tags": ["Vendor Advisory"]}], "published": "2026-03-31T12:16:27.487", "last_modified": "2026-04-14T16:27:24.727", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00015, "epss_percentile": 0.02849, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-24030", "description": "An attacker might be able to trick DNSdist into allocating too much memory while processing DNS over QUIC or DNS over HTTP/3 payloads, resulting in a denial of service. In setups with a large quantity of memory available this usually results in an exception and the QUIC connection is properly closed, but in some cases the system might enter an out-of-memory state instead and terminate the process.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-789"], "affected_products": [{"vendor": "powerdns", "product": "dnsdist", "cpe": "cpe:2.3:a:powerdns:dnsdist:*:*:*:*:*:*:*:*"}, {"vendor": "powerdns", "product": "dnsdist", "cpe": "cpe:2.3:a:powerdns:dnsdist:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html", "source": "security@open-xchange.com", "tags": ["Vendor Advisory"]}], "published": "2026-03-31T12:16:27.770", "last_modified": "2026-04-14T16:15:28.823", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00015, "epss_percentile": 0.02849, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34443", "description": "FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.211, checkIpByMask() in app/Misc/Helper.php checks whether the input IP contains a / character. Plain IP addresses never contain /, so the function always returns false without checking any CIDR ranges. The entire 10.0.0.0/8 and 172.16.0.0/12 private ranges are unprotected. This issue has been patched in version 1.8.211.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-918"], "affected_products": [{"vendor": "freescout", "product": "freescout", "cpe": "cpe:2.3:a:freescout:freescout:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/freescout-help-desk/freescout/commit/ca6d5bb572d3e8f52a0e654a8623a53cb0fdd580", "source": "security-advisories@github.com", "tags": ["Patch"]}, {"url": "https://github.com/freescout-help-desk/freescout/releases/tag/1.8.211", "source": "security-advisories@github.com", "tags": ["Release Notes"]}, {"url": "https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-c9v3-4c59-x5q2", "source": "security-advisories@github.com", "tags": ["Vendor Advisory", "Exploit"]}], "published": "2026-03-31T22:16:19.507", "last_modified": "2026-04-13T15:14:59.970", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00037, "epss_percentile": 0.10773, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1090", "name": "Proxy", "tactic": "Command and Control"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-3776", "description": "The application does not validate the presence of required appearance (AP) data before accessing stamp annotation resources. When a PDF contains a stamp annotation missing its AP entry, the code continues to dereference the associated object without a prior null or validity check, which allows a crafted document to trigger a null pointer dereference and crash the application, resulting in denial of service.", "cvss_score": 5.5, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-476"], "affected_products": [{"vendor": "foxit", "product": "pdf_editor", "cpe": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*"}, {"vendor": "foxit", "product": "pdf_editor", "cpe": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*"}, {"vendor": "foxit", "product": "pdf_editor", "cpe": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*"}, {"vendor": "foxit", "product": "pdf_editor", "cpe": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*"}, {"vendor": "foxit", "product": "pdf_editor", "cpe": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*"}, {"vendor": "foxit", "product": "pdf_reader", "cpe": "cpe:2.3:a:foxit:pdf_reader:*:*:*:*:*:*:*:*"}, {"vendor": "foxit", "product": "pdf_editor", "cpe": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*"}, {"vendor": "foxit", "product": "pdf_editor", "cpe": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*"}, {"vendor": "foxit", "product": "pdf_editor", "cpe": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*"}, {"vendor": "foxit", "product": "pdf_editor", "cpe": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*"}, {"vendor": "foxit", "product": "pdf_editor", "cpe": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*"}, {"vendor": "foxit", "product": "pdf_reader", "cpe": "cpe:2.3:a:foxit:pdf_reader:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://www.foxit.com/support/security-bulletins.html", "source": "14984358-7092-470d-8f34-ade47a7658a2", "tags": ["Vendor Advisory"]}], "published": "2026-04-01T02:16:02.590", "last_modified": "2026-04-14T17:55:57.200", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00021, "epss_percentile": 0.05542, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-3777", "description": "The application does not properly validate the lifetime and validity of internal view cache pointers after JavaScript changes the document zoom and page state. When a script modifies the zoom property and then triggers a page change, the original view object may be destroyed while stale pointers are still kept and later dereferenced, which under crafted JavaScript and document structures can lead to a use-after-free condition and potentially allow arbitrary code execution.", "cvss_score": 5.5, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-416"], "affected_products": [{"vendor": "foxit", "product": "pdf_editor", "cpe": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*"}, {"vendor": "foxit", "product": "pdf_editor", "cpe": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*"}, {"vendor": "foxit", "product": "pdf_editor", "cpe": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*"}, {"vendor": "foxit", "product": "pdf_editor", "cpe": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*"}, {"vendor": "foxit", "product": "pdf_editor", "cpe": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*"}, {"vendor": "foxit", "product": "pdf_reader", "cpe": "cpe:2.3:a:foxit:pdf_reader:*:*:*:*:*:*:*:*"}, {"vendor": "foxit", "product": "pdf_editor", "cpe": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*"}, {"vendor": "foxit", "product": "pdf_editor", "cpe": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*"}, {"vendor": "foxit", "product": "pdf_editor", "cpe": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*"}, {"vendor": "foxit", "product": "pdf_editor", "cpe": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*"}, {"vendor": "foxit", "product": "pdf_editor", "cpe": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*"}, {"vendor": "foxit", "product": "pdf_reader", "cpe": "cpe:2.3:a:foxit:pdf_reader:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://www.foxit.com/support/security-bulletins.html", "source": "14984358-7092-470d-8f34-ade47a7658a2", "tags": ["Vendor Advisory"]}], "published": "2026-04-01T02:16:02.737", "last_modified": "2026-04-14T17:54:52.200", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00016, "epss_percentile": 0.03607, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34749", "description": "Payload is a free and open source headless content management system. Prior to version 3.79.1, a Cross-Site Request Forgery (CSRF) vulnerability exists in the authentication flow. Under certain conditions, the configured CSRF protection could be bypassed, allowing cross-site requests to be made. This issue has been patched in version 3.79.1.", "cvss_score": 5.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-352"], "affected_products": [{"vendor": "payloadcms", "product": "payload", "cpe": "cpe:2.3:a:payloadcms:payload:*:*:*:*:*:node.js:*:*"}], "references": [{"url": "https://github.com/payloadcms/payload/releases/tag/v3.79.1", "source": "security-advisories@github.com", "tags": ["Product", "Release Notes"]}, {"url": "https://github.com/payloadcms/payload/security/advisories/GHSA-p6mr-xf3r-ghq4", "source": "security-advisories@github.com", "tags": ["Vendor Advisory", "Mitigation"]}], "published": "2026-04-01T20:16:27.187", "last_modified": "2026-04-13T19:13:43.503", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00025, "epss_percentile": 0.06677, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34523", "description": "SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, a path traversal vulnerability in the static file route handler allows any unauthenticated user to determine whether files exist anywhere on the server's filesystem. by sending percent-encoded \"../\" sequences (%2E%2E%2F) in requests to static file routes, an attacker can check for the existence of files. This issue has been patched in version 1.17.0.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-22"], "affected_products": [{"vendor": "sillytavern", "product": "sillytavern", "cpe": "cpe:2.3:a:sillytavern:sillytavern:*:*:*:*:*:node.js:*:*"}], "references": [{"url": "https://github.com/SillyTavern/SillyTavern/releases/tag/1.17.0", "source": "security-advisories@github.com", "tags": ["Release Notes"]}, {"url": "https://github.com/SillyTavern/SillyTavern/security/advisories/GHSA-525j-2hrj-m8fp", "source": "security-advisories@github.com", "tags": ["Vendor Advisory", "Exploit"]}], "published": "2026-04-02T18:16:29.613", "last_modified": "2026-04-13T18:35:55.150", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00067, "epss_percentile": 0.20763, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1083", "name": "File and Directory Discovery", "tactic": "Discovery"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-25742", "description": "Zulip is an open-source team collaboration tool. Prior to version 11.6, Zulip is an open-source team collaboration tool. From version 1.4.0 to before version 11.6, even after spectator access (enable_spectator_access / WEB_PUBLIC_STREAMS_ENABLED) is disabled, attachments originating from web-public streams can still be retrieved anonymously. As a result, file contents remain accessible even after public access is intended to be disabled. Similarly, even after spectator access is disabled, the /users/me/<stream_id>/topics endpoint remains reachable anonymously, allowing retrieval of topic history for web-public streams. This issue has been patched in version 11.6. This issue has been patched in version 11.6.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-862"], "affected_products": [{"vendor": "zulip", "product": "zulip", "cpe": "cpe:2.3:a:zulip:zulip:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/zulip/zulip/commit/3c045414299680b9f5dca7d76cf6cef6121c0236", "source": "security-advisories@github.com", "tags": ["Patch"]}, {"url": "https://github.com/zulip/zulip/commit/41e23347b5218b3b0397a55176c7d97396735bae", "source": "security-advisories@github.com", "tags": ["Patch"]}, {"url": "https://github.com/zulip/zulip/releases/tag/11.6", "source": "security-advisories@github.com", "tags": ["Release Notes"]}, {"url": "https://github.com/zulip/zulip/security/advisories/GHSA-f47p-xjqq-g28w", "source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"]}, {"url": "https://github.com/zulip/zulip/security/advisories/GHSA-f47p-xjqq-g28w", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"]}], "published": "2026-04-03T21:17:10.060", "last_modified": "2026-04-13T18:07:16.917", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00039, "epss_percentile": 0.11576, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34933", "description": "Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. Prior to version 0.9-rc4, any unprivileged local user can crash avahi-daemon by sending a single D-Bus method call with conflicting publish flags. This issue has been patched in version 0.9-rc4.", "cvss_score": 5.5, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-617"], "affected_products": [{"vendor": "avahi", "product": "avahi", "cpe": "cpe:2.3:a:avahi:avahi:*:*:*:*:*:*:*:*"}, {"vendor": "avahi", "product": "avahi", "cpe": "cpe:2.3:a:avahi:avahi:0.9:rc1:*:*:*:*:*:*"}, {"vendor": "avahi", "product": "avahi", "cpe": "cpe:2.3:a:avahi:avahi:0.9:rc2:*:*:*:*:*:*"}, {"vendor": "avahi", "product": "avahi", "cpe": "cpe:2.3:a:avahi:avahi:0.9:rc3:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/avahi/avahi/commit/625ca0fac19229f6dfa3a6c6b698ae657187e50c", "source": "security-advisories@github.com", "tags": ["Patch"]}, {"url": "https://github.com/avahi/avahi/pull/891", "source": "security-advisories@github.com", "tags": ["Issue Tracking", "Patch"]}, {"url": "https://github.com/avahi/avahi/security/advisories/GHSA-w65r-6gxh-vhvc", "source": "security-advisories@github.com", "tags": ["Exploit", "Patch", "Vendor Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2026/04/11/9", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List", "Third Party Advisory"]}, {"url": "https://github.com/avahi/avahi/security/advisories/GHSA-w65r-6gxh-vhvc", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Patch", "Vendor Advisory"]}], "published": "2026-04-03T23:17:05.377", "last_modified": "2026-04-13T17:26:03.063", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00019, "epss_percentile": 0.04936, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2016-20051", "description": "Snews CMS 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials without authentication by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting a page containing a hidden form that submits POST requests to the changeup action, modifying the admin username and password parameters to gain unauthorized access.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-352"], "affected_products": [{"vendor": "snewscms", "product": "snews", "cpe": "cpe:2.3:a:snewscms:snews:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://www.exploit-db.com/exploits/40705", "source": "disclosure@vulncheck.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"]}, {"url": "https://www.vulncheck.com/advisories/snews-cms-cross-site-request-forgery-via-changeup", "source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"]}], "published": "2026-04-04T14:16:17.370", "last_modified": "2026-04-14T19:04:50.897", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0002, "epss_percentile": 0.0537, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2016-20053", "description": "Redaxo CMS 5.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by tricking authenticated administrators into visiting malicious pages. Attackers can craft HTML forms targeting the users endpoint with hidden fields containing admin credentials and account parameters to add new administrator accounts without user consent.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-352"], "affected_products": [{"vendor": "redaxo", "product": "redaxo", "cpe": "cpe:2.3:a:redaxo:redaxo:5.2:*:*:*:*:*:*:*"}], "references": [{"url": "https://www.exploit-db.com/exploits/40708", "source": "disclosure@vulncheck.com", "tags": ["Exploit", "VDB Entry"]}, {"url": "https://www.vulncheck.com/advisories/redaxo-cms-cross-site-request-forgery-via-users-endpoint", "source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"]}], "published": "2026-04-04T14:16:17.700", "last_modified": "2026-04-14T19:08:09.820", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00023, "epss_percentile": 0.0612, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33406", "description": "Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6.5, configuration values from the /api/config endpoint are placed directly into HTML value=\"\" attributes without escaping in settings-advanced.js, enabling HTML attribute injection. A double quote in any config value breaks out of the attribute context. JavaScript execution is blocked by the server's CSP (script-src 'self'), but injected attributes can alter element styling for UI redressing. The primary attack vector is importing a malicious teleporter backup, which bypasses per-field server-side validation. This vulnerability is fixed in 6.5.", "cvss_score": 5.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [{"vendor": "pi-hole", "product": "web_interface", "cpe": "cpe:2.3:a:pi-hole:web_interface:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/pi-hole/web/security/advisories/GHSA-9rfm-c5g6-538p", "source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"]}], "published": "2026-04-06T15:17:10.627", "last_modified": "2026-04-14T02:04:17.300", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00037, "epss_percentile": 0.10997, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-48651", "description": "In importWrappedKey of KMKeymasterApplet.java, there is a possible way access keys that should be restricted due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "cvss_score": 5.5, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": [], "affected_products": [{"vendor": "google", "product": "android", "cpe": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*"}], "references": [{"url": "https://source.android.com/docs/security/bulletin/2026/2026-04-01", "source": "security@android.com", "tags": ["Vendor Advisory"]}], "published": "2026-04-06T19:16:25.867", "last_modified": "2026-04-13T21:16:23.373", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 5e-05, "epss_percentile": 0.00226, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35450", "description": "WWBN AVideo is an open source video platform. In versions 26.0 and prior, the plugin/API/check.ffmpeg.json.php endpoint probes the FFmpeg remote server configuration and returns connectivity status without any authentication. All sibling FFmpeg management endpoints (kill.ffmpeg.json.php, list.ffmpeg.json.php, ffmpeg.php) require User::isAdmin().", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-306"], "affected_products": [{"vendor": "wwbn", "product": "avideo", "cpe": "cpe:2.3:a:wwbn:avideo:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/WWBN/AVideo/security/advisories/GHSA-2vg4-rrx4-qcpq", "source": "security-advisories@github.com", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}], "published": "2026-04-06T22:16:23.463", "last_modified": "2026-04-14T15:37:29.017", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0004, "epss_percentile": 0.12081, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35452", "description": "WWBN AVideo is an open source video platform. In versions 26.0 and prior, the plugin/CloneSite/client.log.php endpoint serves the clone operation log file without any authentication. Every other endpoint in the CloneSite plugin directory enforces User::isAdmin(). The log contains internal filesystem paths, remote server URLs, and SSH connection metadata.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-200"], "affected_products": [{"vendor": "wwbn", "product": "avideo", "cpe": "cpe:2.3:a:wwbn:avideo:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/WWBN/AVideo/security/advisories/GHSA-99j6-hj87-6fcf", "source": "security-advisories@github.com", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}], "published": "2026-04-06T22:16:23.610", "last_modified": "2026-04-14T15:37:41.140", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0004, "epss_percentile": 0.12081, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1005", "name": "Data from Local System", "tactic": "Collection"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-3466", "description": "Insufficient sanitization of dashboard dashlet title links in Checkmk 2.2.0 (EOL), Checkmk 2.3.0 before 2.3.0p46, Checkmk 2.4.0 before 2.4.0p25, and Checkmk 2.5.0 (beta) before 2.5.0b3 allows an attacker with dashboard creation privileges to perform stored cross-site scripting (XSS) attacks by tricking a victim into clicking a crafted dashlet title link on a shared dashboard.", "cvss_score": 5.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [{"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:-:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:b1:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:b2:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:b3:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:b4:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:b5:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:b6:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:b7:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:b8:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:i1:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p1:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p10:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p11:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p12:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p13:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p14:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p15:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p16:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p17:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p18:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p19:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p2:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p20:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p21:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p22:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p23:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p24:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p25:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p26:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p27:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p28:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p29:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p3:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p30:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p31:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p32:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p33:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p34:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p35:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p36:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p37:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p38:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p39:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p4:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p40:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p41:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p42:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p43:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p44:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p45:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p46:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p47:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p5:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p6:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p7:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p8:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.2.0:p9:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:-:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:b1:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:b2:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:b3:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:b4:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:b5:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:b6:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p1:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p10:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p11:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p12:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p13:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p14:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p15:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p16:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p17:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p18:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p19:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p2:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p20:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p21:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p22:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p23:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p24:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p25:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p26:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p27:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p28:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p29:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p3:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p30:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p31:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p32:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p33:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p34:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p35:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p36:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p37:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p38:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p39:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p4:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p40:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p41:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p42:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p43:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p44:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p45:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p5:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p6:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p7:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p8:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.3.0:p9:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.4.0:-:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.4.0:b1:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.4.0:b2:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.4.0:b3:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.4.0:b4:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.4.0:b5:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.4.0:b6:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.4.0:p1:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.4.0:p10:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.4.0:p11:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.4.0:p12:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.4.0:p13:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.4.0:p14:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.4.0:p15:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.4.0:p16:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.4.0:p17:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.4.0:p18:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.4.0:p19:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.4.0:p2:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.4.0:p20:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.4.0:p21:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.4.0:p22:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.4.0:p23:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.4.0:p24:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.4.0:p3:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.4.0:p4:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.4.0:p5:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.4.0:p6:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.4.0:p7:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.4.0:p8:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.4.0:p9:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.5.0:b1:*:*:*:*:*:*"}, {"vendor": "checkmk", "product": "checkmk", "cpe": "cpe:2.3:a:checkmk:checkmk:2.5.0:b2:*:*:*:*:*:*"}], "references": [{"url": "https://checkmk.com/werk/19033", "source": "security@checkmk.com", "tags": ["Vendor Advisory"]}, {"url": "https://www.vulncheck.com/advisories/checkmk-stored-cross-site-scripting-in-dashlet-title", "source": "security@checkmk.com", "tags": ["Release Notes", "Third Party Advisory"]}], "published": "2026-04-07T13:16:47.150", "last_modified": "2026-04-14T15:39:45.173", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00052, "epss_percentile": 0.16268, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-22680", "description": "OpenViking versions prior to 0.3.3 contain a missing authorization vulnerability in the task polling endpoints that allows unauthorized attackers to enumerate or retrieve background task metadata created by other users. Attackers can access the /api/v1/tasks and /api/v1/tasks/{task_id} routes without authentication to expose task type, task status, resource identifiers, archive URIs, result payloads, and error information, potentially causing cross-tenant interference in multi-tenant deployments.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-862"], "affected_products": [{"vendor": "volcengine", "product": "openviking", "cpe": "cpe:2.3:a:volcengine:openviking:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/volcengine/OpenViking/commit/8c1c3f3608364ee0bb0e45f73478771a68aebdf5", "source": "disclosure@vulncheck.com", "tags": ["Patch"]}, {"url": "https://github.com/volcengine/OpenViking/pull/1182", "source": "disclosure@vulncheck.com", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}, {"url": "https://github.com/volcengine/OpenViking/releases/tag/v0.3.3", "source": "disclosure@vulncheck.com", "tags": ["Release Notes"]}, {"url": "https://www.vulncheck.com/advisories/openviking-missing-authorization-via-task-polling", "source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"]}, {"url": "https://github.com/volcengine/OpenViking/pull/1182", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}], "published": "2026-04-07T18:16:38.853", "last_modified": "2026-04-14T16:16:31.870", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0006, "epss_percentile": 0.18553, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32712", "description": "Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Prior to 3.4.3, a Stored Cross-Site Scripting (XSS) vulnerability exists in the Daily Sales management table. The customer_name column is configured with escape: false in the bootstrap-table column configuration, causing customer names to be rendered as raw HTML. An attacker with customer management permissions can inject arbitrary JavaScript into a customer's first_name or last_name field, which executes in the browser of any user viewing the Daily Sales page. This vulnerability is fixed in 3.4.3.", "cvss_score": 5.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [{"vendor": "opensourcepos", "product": "open_source_point_of_sale", "cpe": "cpe:2.3:a:opensourcepos:open_source_point_of_sale:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/opensourcepos/opensourcepos/security/advisories/GHSA-hcfr-9hfv-mcwp", "source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"]}], "published": "2026-04-07T21:17:16.430", "last_modified": "2026-04-14T18:45:18.430", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00024, "epss_percentile": 0.06435, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34080", "description": "xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy parser vulnerability allows bypassing eavesdrop restrictions. The proxy checks for eavesdrop=true in policy rules but fails to handle eavesdrop ='true' (with a space before the equals sign) and similar cases. Clients can intercept D-Bus messages they should not have access to. This vulnerability is fixed in 0.1.7.", "cvss_score": 5.5, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-1289"], "affected_products": [{"vendor": "flatpak", "product": "xdg-dbus-proxy", "cpe": "cpe:2.3:a:flatpak:xdg-dbus-proxy:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/flatpak/xdg-dbus-proxy/security/advisories/GHSA-vjp5-hjfm-7677", "source": "security-advisories@github.com", "tags": ["Vendor Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2026/04/10/15", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}], "published": "2026-04-07T21:17:17.720", "last_modified": "2026-04-14T19:23:12.807", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00032, "epss_percentile": 0.08985, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32288", "description": "tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the \"old GNU sparse map\" format.", "cvss_score": 5.5, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": [], "affected_products": [], "references": [{"url": "https://go.dev/cl/763766", "source": "security@golang.org", "tags": []}, {"url": "https://go.dev/issue/78301", "source": "security@golang.org", "tags": []}, {"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "source": "security@golang.org", "tags": []}, {"url": "https://pkg.go.dev/vuln/GO-2026-4869", "source": "security@golang.org", "tags": []}], "published": "2026-04-08T02:16:03.707", "last_modified": "2026-04-13T19:16:40.210", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 6e-05, "epss_percentile": 0.0029, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39464", "description": "Server-Side Request Forgery (SSRF) vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd coming-soon allows Server Side Request Forgery.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through <= 6.19.8.", "cvss_score": 5.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-918"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/coming-soon/vulnerability/wordpress-coming-soon-page-under-construction-maintenance-mode-by-seedprod-plugin-6-19-8-server-side-request-forgery-ssrf-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:21.667", "last_modified": "2026-04-14T16:16:44.317", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00022, "epss_percentile": 0.05956, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1090", "name": "Proxy", "tactic": "Command and Control"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39473", "description": "Insertion of Sensitive Information Into Sent Data vulnerability in Pär Thernström Simple History simple-history allows Retrieve Embedded Sensitive Data.This issue affects Simple History: from n/a through <= 5.24.0.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-201"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/simple-history/vulnerability/wordpress-simple-history-plugin-5-24-0-sensitive-data-exposure-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:22.110", "last_modified": "2026-04-13T17:16:29.537", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00036, "epss_percentile": 0.10565, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39504", "description": "Missing Authorization vulnerability in InstaWP InstaWP Connect instawp-connect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects InstaWP Connect: from n/a through <= 0.1.2.5.", "cvss_score": 5.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/instawp-connect/vulnerability/wordpress-instawp-connect-plugin-0-1-2-5-broken-access-control-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:24.513", "last_modified": "2026-04-13T19:16:43.793", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00028, "epss_percentile": 0.07886, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39509", "description": "Missing Authorization vulnerability in wpWax Directorist directorist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directorist: from n/a through <= 8.5.10.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/directorist/vulnerability/wordpress-directorist-plugin-8-5-10-broken-access-control-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:25.080", "last_modified": "2026-04-13T19:16:44.147", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00037, "epss_percentile": 0.1083, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39516", "description": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Retrieve Embedded Sensitive Data.This issue affects Nexter Blocks: from n/a through <= 4.7.0.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-497"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/the-plus-addons-for-block-editor/vulnerability/wordpress-nexter-blocks-plugin-4-7-0-sensitive-data-exposure-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:25.353", "last_modified": "2026-04-14T15:16:34.597", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00024, "epss_percentile": 0.065, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39520", "description": "Missing Authorization vulnerability in weDevs weDocs wedocs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects weDocs: from n/a through <= 2.1.18.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/wedocs/vulnerability/wordpress-wedocs-plugin-2-1-18-broken-access-control-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:25.630", "last_modified": "2026-04-13T19:16:44.327", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00037, "epss_percentile": 0.1083, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39526", "description": "Authorization Bypass Through User-Controlled Key vulnerability in wpstream WpStream wpstream allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpStream: from n/a through < 4.11.2.", "cvss_score": 5.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-639"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/wpstream/vulnerability/wordpress-wpstream-plugin-4-11-2-insecure-direct-object-references-idor-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:25.940", "last_modified": "2026-04-14T15:16:34.780", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00022, "epss_percentile": 0.05956, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39535", "description": "Missing Authorization vulnerability in fullworks Display Eventbrite Events widget-for-eventbrite-api allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Display Eventbrite Events: from n/a through <= 6.5.6.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/widget-for-eventbrite-api/vulnerability/wordpress-display-eventbrite-events-plugin-6-5-6-broken-access-control-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:26.213", "last_modified": "2026-04-13T19:16:44.503", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00037, "epss_percentile": 0.1083, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39536", "description": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WP Chill RSVP and Event Management rsvp allows Retrieve Embedded Sensitive Data.This issue affects RSVP and Event Management: from n/a through <= 2.7.16.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-497"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/rsvp/vulnerability/wordpress-rsvp-and-event-management-plugin-2-7-16-sensitive-data-exposure-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:26.360", "last_modified": "2026-04-13T16:16:30.467", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00036, "epss_percentile": 0.10565, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39542", "description": "Insertion of Sensitive Information Into Sent Data vulnerability in Doofinder Doofinder for WooCommerce doofinder-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Doofinder for WooCommerce: from n/a through <= 2.10.13.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-201"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/doofinder-for-woocommerce/vulnerability/wordpress-doofinder-for-woocommerce-plugin-2-10-13-sensitive-data-exposure-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:26.790", "last_modified": "2026-04-14T19:16:38.560", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00024, "epss_percentile": 0.065, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39562", "description": "Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.10.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/sprout-invoices/vulnerability/wordpress-client-invoicing-by-sprout-invoices-plugin-20-8-10-broken-access-control-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:27.343", "last_modified": "2026-04-13T19:16:44.677", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00037, "epss_percentile": 0.1083, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39564", "description": "Insertion of Sensitive Information Into Sent Data vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Retrieve Embedded Sensitive Data.This issue affects Sunshine Photo Cart: from n/a through < 3.6.2.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-201"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/sunshine-photo-cart/vulnerability/wordpress-sunshine-photo-cart-plugin-3-6-2-sensitive-data-exposure-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:27.637", "last_modified": "2026-04-14T19:16:38.967", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00024, "epss_percentile": 0.065, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39570", "description": "Insertion of Sensitive Information Into Sent Data vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Retrieve Embedded Sensitive Data.This issue affects 12 Step Meeting List: from n/a through <= 3.19.9.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-201"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/12-step-meeting-list/vulnerability/wordpress-12-step-meeting-list-plugin-3-19-9-sensitive-data-exposure-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:28.220", "last_modified": "2026-04-14T18:17:38.487", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00024, "epss_percentile": 0.065, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39571", "description": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Themefic Instantio instantio allows Retrieve Embedded Sensitive Data.This issue affects Instantio: from n/a through <= 3.3.30.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-497"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/instantio/vulnerability/wordpress-instantio-plugin-3-3-30-sensitive-data-exposure-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:28.360", "last_modified": "2026-04-13T16:16:30.647", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00036, "epss_percentile": 0.10565, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39585", "description": "Missing Authorization vulnerability in Arraytics Booktics booktics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booktics: from n/a through <= 1.0.16.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/booktics/vulnerability/wordpress-booktics-plugin-1-0-16-broken-access-control-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:28.777", "last_modified": "2026-04-13T19:16:44.860", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00037, "epss_percentile": 0.1083, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39586", "description": "Insertion of Sensitive Information Into Sent Data vulnerability in Ateeq Rafeeq RepairBuddy computer-repair-shop allows Retrieve Embedded Sensitive Data.This issue affects RepairBuddy: from n/a through <= 4.1132.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-201"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/computer-repair-shop/vulnerability/wordpress-repairbuddy-plugin-4-1132-sensitive-data-exposure-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:28.923", "last_modified": "2026-04-13T16:16:30.820", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00036, "epss_percentile": 0.10565, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39588", "description": "Missing Authorization vulnerability in nmerii NM Gift Registry and Wishlist Lite nm-gift-registry-and-wishlist-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NM Gift Registry and Wishlist Lite: from n/a through <= 5.13.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/nm-gift-registry-and-wishlist-lite/vulnerability/wordpress-nm-gift-registry-and-wishlist-lite-plugin-5-13-broken-access-control-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:29.063", "last_modified": "2026-04-13T19:16:45.040", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00037, "epss_percentile": 0.1083, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39606", "description": "Missing Authorization vulnerability in Foysal Imran BizReview bizreview allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BizReview: from n/a through <= 1.5.13.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/bizreview/vulnerability/wordpress-bizreview-plugin-1-5-13-broken-access-control-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:29.890", "last_modified": "2026-04-13T19:16:45.397", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00037, "epss_percentile": 0.1083, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39608", "description": "Missing Authorization vulnerability in iPOSPays iPOSpays Gateways WC ipospays-gateways-wc allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iPOSpays Gateways WC: from n/a through <= 1.3.7.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/ipospays-gateways-wc/vulnerability/wordpress-ipospays-gateways-wc-plugin-1-3-7-broken-access-control-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:30.170", "last_modified": "2026-04-13T19:16:45.577", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00037, "epss_percentile": 0.1083, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39610", "description": "Missing Authorization vulnerability in Pankaj Kumar WpXmas-Snow wpxmas-snow allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpXmas-Snow: from n/a through <= 1.1.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/wpxmas-snow/vulnerability/wordpress-wpxmas-snow-plugin-1-1-broken-access-control-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:30.440", "last_modified": "2026-04-13T19:16:45.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00037, "epss_percentile": 0.1083, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39612", "description": "Missing Authorization vulnerability in kutethemes KuteShop kuteshop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KuteShop: from n/a through <= 4.2.9.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Theme/kuteshop/vulnerability/wordpress-kuteshop-theme-4-2-9-arbitrary-shortcode-execution-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:30.760", "last_modified": "2026-04-13T19:16:45.933", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00037, "epss_percentile": 0.1083, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39614", "description": "Missing Authorization vulnerability in ilGhera JW Player for WordPress jw-player-7-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JW Player for WordPress: from n/a through <= 2.3.6.", "cvss_score": 5.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/jw-player-7-for-wp/vulnerability/wordpress-jw-player-for-wordpress-plugin-2-3-6-broken-access-control-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:31.190", "last_modified": "2026-04-13T19:16:46.113", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00028, "epss_percentile": 0.07886, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39616", "description": "Authorization Bypass Through User-Controlled Key vulnerability in dFactory Download Attachments download-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Attachments: from n/a through <= 1.4.0.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-639"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/download-attachments/vulnerability/wordpress-download-attachments-plugin-1-4-0-insecure-direct-object-references-idor-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:31.460", "last_modified": "2026-04-14T15:16:35.150", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00022, "epss_percentile": 0.05956, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39622", "description": "Missing Authorization vulnerability in acmethemes Education Base education-base allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Education Base: from n/a through <= 3.0.8.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Theme/education-base/vulnerability/wordpress-education-base-theme-3-0-8-broken-access-control-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:32.410", "last_modified": "2026-04-13T19:16:46.297", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00037, "epss_percentile": 0.1083, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39624", "description": "Missing Authorization vulnerability in kutethemes Biolife biolife allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Biolife: from n/a through <= 3.2.3.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Theme/biolife/vulnerability/wordpress-biolife-theme-3-2-3-arbitrary-shortcode-execution-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:32.673", "last_modified": "2026-04-13T19:16:46.497", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00037, "epss_percentile": 0.1083, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39626", "description": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutethemes Armania armania allows Code Injection.This issue affects Armania: from n/a through <= 1.4.8.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-80"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Theme/armania/vulnerability/wordpress-armania-theme-1-4-8-arbitrary-shortcode-execution-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:32.937", "last_modified": "2026-04-14T15:16:35.753", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00038, "epss_percentile": 0.11137, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39628", "description": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutethemes DukaMarket dukamarket allows Code Injection.This issue affects DukaMarket: from n/a through <= 1.3.0.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-80"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Theme/dukamarket/vulnerability/wordpress-dukamarket-theme-1-3-0-arbitrary-shortcode-execution-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:33.210", "last_modified": "2026-04-14T15:16:35.977", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00038, "epss_percentile": 0.11137, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39634", "description": "Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Portfolio grandportfolio allows Cross Site Request Forgery.This issue affects Grand Portfolio: from n/a through <= 3.3.", "cvss_score": 5.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-352"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Theme/grandportfolio/vulnerability/wordpress-grand-portfolio-theme-3-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:34.020", "last_modified": "2026-04-14T15:16:36.630", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00011, "epss_percentile": 0.01302, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39643", "description": "Missing Authorization vulnerability in Payment Plugins Payment Plugins for PayPal WooCommerce pymntpl-paypal-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Plugins for PayPal WooCommerce: from n/a through <= 2.0.13.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/pymntpl-paypal-woocommerce/vulnerability/wordpress-payment-plugins-for-paypal-woocommerce-plugin-2-0-13-broken-access-control-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:35.077", "last_modified": "2026-04-13T19:16:46.783", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00037, "epss_percentile": 0.1083, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39645", "description": "Server-Side Request Forgery (SSRF) vulnerability in Global Payments GlobalPayments WooCommerce global-payments-woocommerce allows Server Side Request Forgery.This issue affects GlobalPayments WooCommerce: from n/a through <= 1.18.0.", "cvss_score": 5.4, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-918"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/global-payments-woocommerce/vulnerability/wordpress-globalpayments-woocommerce-plugin-1-18-0-server-side-request-forgery-ssrf-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:35.340", "last_modified": "2026-04-13T21:16:29.230", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00035, "epss_percentile": 0.10231, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1090", "name": "Proxy", "tactic": "Command and Control"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39647", "description": "Server-Side Request Forgery (SSRF) vulnerability in sonaar MP3 Audio Player for Music, Radio & Podcast by Sonaar mp3-music-player-by-sonaar allows Server Side Request Forgery.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through <= 5.11.", "cvss_score": 5.4, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-918"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/mp3-music-player-by-sonaar/vulnerability/wordpress-mp3-audio-player-for-music-radio-podcast-by-sonaar-plugin-5-11-server-side-request-forgery-ssrf-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:35.620", "last_modified": "2026-04-13T21:16:29.407", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00035, "epss_percentile": 0.10231, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1090", "name": "Proxy", "tactic": "Command and Control"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39649", "description": "Missing Authorization vulnerability in themebeez Royale News royale-news allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Royale News: from n/a through <= 2.2.4.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Theme/royale-news/vulnerability/wordpress-royale-news-theme-2-2-4-broken-access-control-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:35.883", "last_modified": "2026-04-13T19:16:46.970", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00037, "epss_percentile": 0.1083, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39656", "description": "Missing Authorization vulnerability in Razorpay Razorpay for WooCommerce woo-razorpay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Razorpay for WooCommerce: from n/a through <= 4.8.2.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/woo-razorpay/vulnerability/wordpress-razorpay-for-woocommerce-plugin-4-8-2-broken-access-control-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:36.717", "last_modified": "2026-04-13T19:16:47.513", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00037, "epss_percentile": 0.1083, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39658", "description": "Missing Authorization vulnerability in Coding Panda Panda Pods Repeater Field panda-pods-repeater-field allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Panda Pods Repeater Field: from n/a through <= 1.5.12.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/panda-pods-repeater-field/vulnerability/wordpress-panda-pods-repeater-field-plugin-1-5-12-broken-access-control-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:36.970", "last_modified": "2026-04-13T19:16:47.697", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00037, "epss_percentile": 0.1083, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39660", "description": "Missing Authorization vulnerability in Automattic WP Job Manager wp-job-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Manager: from n/a through <= 2.4.1.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/wp-job-manager/vulnerability/wordpress-wp-job-manager-plugin-2-4-1-broken-access-control-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:37.227", "last_modified": "2026-04-13T19:16:47.873", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00037, "epss_percentile": 0.1083, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39663", "description": "Missing Authorization vulnerability in themetechmount TrueBooker truebooker-appointment-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TrueBooker: from n/a through <= 1.1.5.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/truebooker-appointment-booking/vulnerability/wordpress-truebooker-plugin-1-1-5-broken-access-control-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:37.490", "last_modified": "2026-04-13T19:16:48.053", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00037, "epss_percentile": 0.1083, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39669", "description": "Missing Authorization vulnerability in NitroPack NitroPack nitropack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NitroPack: from n/a through <= 1.19.3.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/nitropack/vulnerability/wordpress-nitropack-plugin-1-19-3-broken-access-control-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:38.297", "last_modified": "2026-04-13T19:16:48.230", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00037, "epss_percentile": 0.1083, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39673", "description": "Missing Authorization vulnerability in shrikantkale iZooto izooto-web-push allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iZooto: from n/a through <= 3.7.20.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/izooto-web-push/vulnerability/wordpress-izooto-plugin-3-7-20-broken-access-control-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:38.827", "last_modified": "2026-04-13T19:16:48.407", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00037, "epss_percentile": 0.1083, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39675", "description": "Missing Authorization vulnerability in webmuehle Court Reservation court-reservation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Court Reservation: from n/a through <= 1.10.11.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/court-reservation/vulnerability/wordpress-court-reservation-plugin-1-10-11-broken-access-control-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:39.087", "last_modified": "2026-04-13T19:16:48.577", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00037, "epss_percentile": 0.1083, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39685", "description": "Missing Authorization vulnerability in lvaudore The Moneytizer the-moneytizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Moneytizer: from n/a through <= 10.0.10.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/the-moneytizer/vulnerability/wordpress-the-moneytizer-plugin-10-0-10-broken-access-control-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:40.403", "last_modified": "2026-04-13T19:16:48.753", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00037, "epss_percentile": 0.1083, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39687", "description": "Missing Authorization vulnerability in Rapid Car Check Rapid Car Check Vehicle Data free-vehicle-data-uk allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rapid Car Check Vehicle Data: from n/a through <= 2.0.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/free-vehicle-data-uk/vulnerability/wordpress-rapid-car-check-vehicle-data-plugin-2-0-broken-access-control-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:40.660", "last_modified": "2026-04-13T19:16:48.923", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00037, "epss_percentile": 0.1083, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39691", "description": "Missing Authorization vulnerability in AdAstraCrypto Cryptocurrency Donation Box – Bitcoin & Crypto Donations cryptocurrency-donation-box allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cryptocurrency Donation Box – Bitcoin & Crypto Donations: from n/a through <= 2.2.13.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/cryptocurrency-donation-box/vulnerability/wordpress-cryptocurrency-donation-box-bitcoin-crypto-donations-plugin-2-2-13-broken-access-control-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:41.370", "last_modified": "2026-04-13T19:16:49.280", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00037, "epss_percentile": 0.1083, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39695", "description": "Server-Side Request Forgery (SSRF) vulnerability in podigee Podigee podigee allows Server Side Request Forgery.This issue affects Podigee: from n/a through <= 1.4.0.", "cvss_score": 5.4, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-918"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/podigee/vulnerability/wordpress-podigee-plugin-1-4-0-server-side-request-forgery-ssrf-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:41.910", "last_modified": "2026-04-13T20:16:41.910", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00035, "epss_percentile": 0.10231, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1090", "name": "Proxy", "tactic": "Command and Control"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39697", "description": "Missing Authorization vulnerability in HBSS Technologies MAIO &#8211; The new AI GEO / SEO tool maio-the-new-ai-geo-seo-tool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MAIO &#8211; The new AI GEO / SEO tool: from n/a through <= 6.2.8.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/maio-the-new-ai-geo-seo-tool/vulnerability/wordpress-maio-the-new-ai-geo-seo-tool-plugin-6-2-8-broken-access-control-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:42.173", "last_modified": "2026-04-13T19:16:49.457", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00037, "epss_percentile": 0.1083, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39699", "description": "Missing Authorization vulnerability in massiveshift AI Workflow Automation ai-workflow-automation-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Workflow Automation: from n/a through <= 1.4.2.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/ai-workflow-automation-lite/vulnerability/wordpress-ai-workflow-automation-plugin-1-4-2-broken-access-control-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:42.437", "last_modified": "2026-04-13T19:16:49.643", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00037, "epss_percentile": 0.1083, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39701", "description": "Missing Authorization vulnerability in Andrew ShopWP wpshopify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShopWP: from n/a through <= 5.2.4.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/wpshopify/vulnerability/wordpress-shopwp-plugin-5-2-4-broken-access-control-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:42.690", "last_modified": "2026-04-13T19:16:49.820", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00037, "epss_percentile": 0.1083, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39705", "description": "Missing Authorization vulnerability in Mulika Team MIPL WC Multisite Sync mipl-wc-multisite-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MIPL WC Multisite Sync: from n/a through <= 1.4.4.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/mipl-wc-multisite-sync/vulnerability/wordpress-mipl-wc-multisite-sync-plugin-1-4-4-broken-access-control-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:43.230", "last_modified": "2026-04-13T19:16:49.997", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00037, "epss_percentile": 0.1083, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39707", "description": "Missing Authorization vulnerability in ZealousWeb Accept PayPal Payments using Contact Form 7 contact-form-7-paypal-extension allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accept PayPal Payments using Contact Form 7: from n/a through <= 4.0.4.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/contact-form-7-paypal-extension/vulnerability/wordpress-accept-paypal-payments-using-contact-form-7-plugin-4-0-4-broken-access-control-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:43.490", "last_modified": "2026-04-13T19:16:50.217", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00037, "epss_percentile": 0.1083, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39709", "description": "Insertion of Sensitive Information Into Sent Data vulnerability in thetechtribe The Tribal the-tech-tribe allows Retrieve Embedded Sensitive Data.This issue affects The Tribal: from n/a through <= 1.3.4.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-201"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/the-tech-tribe/vulnerability/wordpress-the-tribal-plugin-1-3-4-sensitive-data-exposure-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:43.753", "last_modified": "2026-04-13T19:16:50.393", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00036, "epss_percentile": 0.10565, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39711", "description": "Insertion of Sensitive Information Into Sent Data vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows Retrieve Embedded Sensitive Data.This issue affects RT-Theme 18 | Extensions: from n/a through <= 2.5.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-201"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/rt18-extensions/vulnerability/wordpress-rt-theme-18-extensions-plugin-2-5-sensitive-data-exposure-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:44.010", "last_modified": "2026-04-13T19:16:50.570", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00036, "epss_percentile": 0.10565, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39713", "description": "Missing Authorization vulnerability in mailercloud Mailercloud &#8211; Integrate webforms and synchronize website contacts mailercloud-integrate-webforms-synchronize-contacts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mailercloud &#8211; Integrate webforms and synchronize website contacts: from n/a through <= 1.0.7.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/mailercloud-integrate-webforms-synchronize-contacts/vulnerability/wordpress-mailercloud-integrate-webforms-and-synchronize-website-contacts-plugin-1-0-7-broken-access-control-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:44.267", "last_modified": "2026-04-13T19:16:50.740", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00037, "epss_percentile": 0.1083, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39715", "description": "Missing Authorization vulnerability in AnyTrack AnyTrack Affiliate Link Manager anytrack-affiliate-link-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AnyTrack Affiliate Link Manager: from n/a through <= 1.5.5.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/anytrack-affiliate-link-manager/vulnerability/wordpress-anytrack-affiliate-link-manager-plugin-1-5-5-broken-access-control-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:44.533", "last_modified": "2026-04-13T19:16:50.923", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00037, "epss_percentile": 0.1083, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40028", "description": "Hayabusa versions prior to 3.8.0 contain a cross-site scripting (XSS) vulnerability in its HTML report output that allows an attacker to execute arbitrary JavaScript when a user scans JSON-exported logs containing malicious content in the Computer field. An attacker can inject JavaScript into the Computer field of JSON logs that executes in the forensic examiner's browser session when viewing the generated HTML report, leading to information disclosure or code execution.", "cvss_score": 5.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://github.com/Yamato-Security/hayabusa/releases/tag/v3.8.0", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://mobasi.ai/sentinel", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/hayabusa-xss-via-json-log-import", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-08T22:16:23.137", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00031, "epss_percentile": 0.08624, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5886", "description": "Out of bounds read in WebAudio in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-125"], "affected_products": [{"vendor": "google", "product": "chrome", "cpe": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html", "source": "chrome-cve-admin@google.com", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://issues.chromium.org/issues/485397283", "source": "chrome-cve-admin@google.com", "tags": ["Issue Tracking", "Permissions Required"]}], "published": "2026-04-08T22:16:28.367", "last_modified": "2026-04-13T21:19:35.253", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0003, "epss_percentile": 0.08499, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5895", "description": "Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. (Chromium security severity: Low)", "cvss_score": 5.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-451"], "affected_products": [{"vendor": "google", "product": "chrome", "cpe": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html", "source": "chrome-cve-admin@google.com", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://issues.chromium.org/issues/374285495", "source": "chrome-cve-admin@google.com", "tags": ["Issue Tracking", "Permissions Required"]}], "published": "2026-04-08T22:16:29.397", "last_modified": "2026-04-13T21:18:01.867", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00067, "epss_percentile": 0.20772, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4332", "description": "GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that, in customizable analytics dashboards, could have allowed an authenticated user to execute arbitrary JavaScript in the context of other users' browsers due to improper input sanitization.", "cvss_score": 5.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/", "source": "cve@gitlab.com", "tags": []}, {"url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/593853", "source": "cve@gitlab.com", "tags": []}, {"url": "https://hackerone.com/reports/3600345", "source": "cve@gitlab.com", "tags": []}], "published": "2026-04-08T23:16:59.683", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00018, "epss_percentile": 0.04372, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5811", "description": "A vulnerability was identified in SourceCodester Online Food Ordering System 1.0. Affected by this issue is the function save_product of the file /Actions.php of the component POST Parameter Handler. Such manipulation of the argument price leads to business logic errors. The attack may be performed from remote. The exploit is publicly available and might be used.", "cvss_score": 5.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-840"], "affected_products": [], "references": [{"url": "https://github.com/meifukun/Web-Security-PoCs/blob/main/Online-Food-Ordering-System/BusinessLogic-Product-NegativePrice.md", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/787678", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356259", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356259/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.sourcecodester.com/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-08T23:17:00.390", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00044, "epss_percentile": 0.1331, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5812", "description": "A security flaw has been discovered in SourceCodester Pharmacy Product Management System 1.0. This affects an unknown part of the file add-sales.php of the component POST Parameter Handler. Performing a manipulation of the argument txtqty results in business logic errors. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.", "cvss_score": 5.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-840"], "affected_products": [], "references": [{"url": "https://github.com/meifukun/Web-Security-PoCs/blob/main/Pharmacy-Product-Management-System/Logic-AddSales-NegativeQty.md", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/787680", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356260", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356260/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.sourcecodester.com/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-08T23:17:00.620", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00044, "epss_percentile": 0.1331, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4124", "description": "The Ziggeo plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.1.1. The wp_ajax_ziggeo_ajax handler  only verifies a nonce (check_ajax_referer) but performs no capability checks via current_user_can(). Furthermore, the nonce ('ziggeo_ajax_nonce') is exposed to all logged-in users on every page via the wp_head and admin_head hooks . This makes it possible for authenticated attackers, with Subscriber-level access and above, to invoke multiple administrative operations including: saving arbitrary translation strings (translations_panel_save_strings via update_option('ziggeo_translations')), creating/updating/deleting event templates (event_editor_save_template/update_template/remove_template via update_option('ziggeo_events')), modifying SDK application settings (sdk_applications operations), and managing notifications (notification_handler via update_option('ziggeo_notifications')).", "cvss_score": 5.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://plugins.trac.wordpress.org/browser/ziggeo/tags/3.1.1/admin/page_editor_events_ajax.php#L13", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/ziggeo/tags/3.1.1/admin/page_sdk_ajax.php#L8", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/ziggeo/tags/3.1.1/admin/page_translations_ajax.php#L13", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/ziggeo/tags/3.1.1/core/ajax.php#L31", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/ziggeo/tags/3.1.1/core/header.php#L67", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/ziggeo/trunk/admin/page_editor_events_ajax.php#L13", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/ziggeo/trunk/admin/page_sdk_ajax.php#L8", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/ziggeo/trunk/admin/page_translations_ajax.php#L13", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/ziggeo/trunk/core/ajax.php#L31", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/ziggeo/trunk/core/header.php#L67", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3494290%40ziggeo&new=3494290%40ziggeo&sfp_email=&sfph_mail=", "source": "security@wordfence.com", "tags": []}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/15477c00-0764-4850-8bce-d65b6b1cbe4c?source=cve", "source": "security@wordfence.com", "tags": []}], "published": "2026-04-09T04:17:14.467", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00054, "epss_percentile": 0.16928, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5833", "description": "A security vulnerability has been detected in awwaiid mcp-server-taskwarrior up to 1.0.1. This impacts the function server.setRequestHandler of the file index.ts. Such manipulation of the argument Identifier leads to command injection. The attack must be carried out locally. The exploit has been disclosed publicly and may be used. The name of the patch is 1ee3d282debfa0a99afeb41d22c4b2fd5a3148f2. Applying a patch is advised to resolve this issue. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-74", "CWE-77"], "affected_products": [], "references": [{"url": "https://github.com/awwaiid/mcp-server-taskwarrior/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/awwaiid/mcp-server-taskwarrior/commit/1ee3d282debfa0a99afeb41d22c4b2fd5a3148f2", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/awwaiid/mcp-server-taskwarrior/issues/8", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/awwaiid/mcp-server-taskwarrior/issues/8#issuecomment-4139402095", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/user-attachments/files/25923228/mcp-server-taskwarrior_bug.pdf", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/789810", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356289", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356289/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-09T04:17:16.900", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00224, "epss_percentile": 0.45113, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2519", "description": "The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to price manipulation via the 'tips' parameter in all versions up to, and including, 27.0. This is due to the plugin trusting a user-supplied input without server-side validation against the configured price. This makes it possible for unauthenticated attackers to submit a negative number to the 'tips' parameter, causing the total price to be reduced to zero.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-472"], "affected_products": [], "references": [{"url": "https://plugins.trac.wordpress.org/browser/bookly-responsive-appointment-booking-tool/trunk/frontend/modules/booking/Ajax.php#L709", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/bookly-responsive-appointment-booking-tool/trunk/lib/CartInfo.php#L450", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/bookly-responsive-appointment-booking-tool/trunk/lib/UserBookingData.php#L355", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/changeset/3480956/", "source": "security@wordfence.com", "tags": []}, {"url": "https://www.booking-wp-plugin.com/change-log/", "source": "security@wordfence.com", "tags": []}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ead87d8b-2659-4e8b-a0b9-138b1db89e36?source=cve", "source": "security@wordfence.com", "tags": []}], "published": "2026-04-09T13:16:42.843", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00032, "epss_percentile": 0.09199, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-70365", "description": "A stored cross-site scripting (XSS) vulnerability exists in Kiamo before 8.4 due to improper output encoding of user-supplied input in administrative interfaces. An authenticated administrative user can inject arbitrary JavaScript code that is executed in the browser of users viewing the affected pages.", "cvss_score": 5.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "http://kiamo.com", "source": "cve@mitre.org", "tags": []}, {"url": "https://github.com/hackvens/blog.hackvens.fr/blob/main/_posts/advisories/2025-12-23-CVE-2025-70365-Kiamo.md", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-09T16:16:25.707", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00029, "epss_percentile": 0.08061, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35040", "description": "fast-jwt provides fast JSON Web Token (JWT) implementation. Prior to 6.2.1, using certain modifiers on RegExp objects in the allowedAud, allowedIss, allowedSub, allowedJti, or allowedNonce options in verify functions can cause certain unintended behaviours. This is because some modifiers are stateful and will cause failures in every second verification attempt regardless of the validity of the token provided. Such modifiers are /g (global matching) and /y (sticky matching). This does NOT allow invalid tokens to be accepted, only for valid tokens to be improperly rejected in some configurations. Instead it causes 50% of valid authentication requests to fail in an alternating pattern. This vulnerability is fixed in 6.2.1.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-440", "CWE-697"], "affected_products": [], "references": [{"url": "https://github.com/nearform/fast-jwt/commit/18d25904e4617e8753526d1b3ab5a2cccdea726a", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/nearform/fast-jwt/pull/593", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/nearform/fast-jwt/releases/tag/v6.2.1", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/nearform/fast-jwt/security/advisories/GHSA-3j8v-cgw4-2g6q", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-09T16:16:27.213", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00061, "epss_percentile": 0.1883, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39855", "description": "osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an integer underflow vulnerability exists in osslsigncode version 2.12 and earlier in the PE page-hash computation code (pe_page_hash_calc()). When page hash processing is performed on a PE file, the function subtracts hdrsize from pagesize without first validating that pagesize >= hdrsize. If a malicious PE file sets SizeOfHeaders (hdrsize) larger than SectionAlignment (pagesize), the subtraction underflows and produces a very large unsigned length. The code allocates a zero-filled buffer of pagesize bytes and then attempts to hash pagesize - hdrsize bytes from that buffer. After the underflow, this results in an out-of-bounds read from the heap and can crash the process. The vulnerability can be triggered while signing a malicious PE file with page hashing enabled (-ph), or while verifying a malicious signed PE file that already contains page hashes. Verification of an already signed file does not require the verifier to pass -ph. This vulnerability is fixed in 2.13.", "cvss_score": 5.5, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-125", "CWE-190", "CWE-191"], "affected_products": [], "references": [{"url": "https://github.com/mtrojnar/osslsigncode/commit/2a5409b7c4b6c6fad2b093531e8fea6cf08e1568", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/mtrojnar/osslsigncode/releases/tag/2.13", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/mtrojnar/osslsigncode/security/advisories/GHSA-76vv-x5rr-q3mr", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-09T17:16:29.140", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00018, "epss_percentile": 0.04292, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39856", "description": "osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an out-of-bounds read vulnerability exists in osslsigncode version 2.12 and earlier in the PE page-hash computation code (pe_page_hash_calc()). When processing PE sections for page hashing, the function uses PointerToRawData and SizeOfRawData values from section headers without validating that the referenced region lies within the mapped file. An attacker can craft a PE file with section headers that point beyond the end of the file. When osslsigncode computes page hashes for such a file, it may attempt to hash data from an invalid memory region, causing an out-of-bounds read and potentially crashing the process. The vulnerability can be triggered while signing a malicious PE file with page hashing enabled (-ph), or while verifying a malicious signed PE file that already contains page hashes. Verification of an already signed file does not require the verifier to pass -ph. This vulnerability is fixed in 2.13.", "cvss_score": 5.5, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-125"], "affected_products": [], "references": [{"url": "https://github.com/mtrojnar/osslsigncode/commit/92f8761b4770f76a36731969b5040ce3b9a09570", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/mtrojnar/osslsigncode/releases/tag/2.13", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/mtrojnar/osslsigncode/security/advisories/GHSA-rjrx-chvw-8jw8", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-09T17:16:29.310", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00018, "epss_percentile": 0.04292, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35207", "description": "dde-control-center is the control panel of DDE, the Deepin Desktop Environment. plugin-deepinid is a plugin in dde-control-center, which provides the deepinid cloud service. Prior to 6.1.80, plugin-deepinid is configured to skip TLS certificate verification when fetching the user's avatar from openapi.deepin.com or other providers. An MITM attacker could intercept the traffic, replace the avatar with a malicious or misleading image, and potentially identify the user by the avatar. This vulnerability is fixed in dde-control-center 6.1.80 and 5.9.9.", "cvss_score": 5.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-295"], "affected_products": [], "references": [{"url": "https://github.com/linuxdeepin/dde-control-center/commit/6fc206120be28d9eef7d72258662bcabb834367f", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/linuxdeepin/dde-control-center/commit/cd95b054ff10a35bc9284431631305bd56244b3d", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/linuxdeepin/dde-control-center/pull/3146", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-jf2h-4vqc-3jgc", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-09T18:17:01.110", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00016, "epss_percentile": 0.03581, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1557", "name": "Adversary-in-the-Middle", "tactic": "Credential Access"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40071", "description": "pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev97, the /json/package_order, /json/link_order, and /json/abort_link WebUI JSON endpoints enforce weaker permissions than the core API methods they invoke. This allows authenticated low-privileged users to execute MODIFY operations that should be denied by pyLoad's own permission model. This vulnerability is fixed in 0.5.0b3.dev97.", "cvss_score": 5.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-863"], "affected_products": [], "references": [{"url": "https://github.com/pyload/pyload/security/advisories/GHSA-rfgh-63mg-8pwm", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/pyload/pyload/security/advisories/GHSA-rfgh-63mg-8pwm", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": []}], "published": "2026-04-09T18:17:03.367", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00029, "epss_percentile": 0.08138, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32990", "description": "Improper Input Validation vulnerability in Apache Tomcat due to an incomplete fix of CVE-2025-66614.\n\nThis issue affects Apache Tomcat: from 11.0.15 through 11.0.19, from 10.1.50 through 10.1.52, from 9.0.113 through 9.0.115.\n\nUsers are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-20"], "affected_products": [{"vendor": "apache", "product": "tomcat", "cpe": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*"}, {"vendor": "apache", "product": "tomcat", "cpe": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*"}, {"vendor": "apache", "product": "tomcat", "cpe": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://lists.apache.org/thread/1nl9zqft0ksqlhlkd3j4obyjz1ghoyn7", "source": "security@apache.org", "tags": ["Mailing List", "Vendor Advisory"]}], "published": "2026-04-09T20:16:24.810", "last_modified": "2026-04-14T12:47:51.797", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00041, "epss_percentile": 0.12235, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40087", "description": "LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-string prompt-template validation was incomplete in two respects. First, some prompt template classes accepted f-string templates and formatted them without enforcing the same attribute-access validation as PromptTemplate. In particular, DictPromptTemplate and ImagePromptTemplate could accept templates containing attribute access or indexing expressions and subsequently evaluate those expressions during formatting. Second, f-string validation based on parsed top-level field names did not reject nested replacement fields inside format specifiers. In this pattern, the nested replacement field appears in the format specifier rather than in the top-level field name. As a result, earlier validation based on parsed field names did not reject the template even though Python formatting would still attempt to resolve the nested expression at runtime. This vulnerability is fixed in 0.3.84 and 1.2.28.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-1336"], "affected_products": [], "references": [{"url": "https://github.com/langchain-ai/langchain/commit/6bab0ba3c12328008ddca3e0d54ff5a6151cd27b", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/langchain-ai/langchain/commit/af2ed47c6f008cdd551f3c0d87db3774c8dfe258", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/langchain-ai/langchain/pull/36612", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/langchain-ai/langchain/pull/36613", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D0.3.84", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D1.2.28", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/langchain-ai/langchain/security/advisories/GHSA-926x-3r5x-gfhw", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-09T20:16:27.400", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00036, "epss_percentile": 0.10664, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33776", "description": "A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a local user with low privileges to read sensitive information.\n\nA local user with low privileges can execute the CLI command 'show mgd' with specific arguments which will expose sensitive information.\n\nThis issue affects\n\nJunos OS:\n  *  all versions before 22.4R3-S8,\n  *  23.2 versions before 23.2R2-S6,\n  *  23.4 versions before 23.4R2-S6,\n  *  24.2 versions before 24.2R2-S4,\n  *  24.4 versions before 24.4R2-S1,\n  *  25.2 version before 25.2R1-S2, 25.2R2;\n\n\n\nJunos OS Evolved:\n  *  all versions before 23.2R2-S6-EVO,\n  *  23.4 version before 23.4R2-S6-EVO,\n  *  24.2 version before 24.2R2-S4-EVO,\n  *  24.4 versions before 24.4R2-S1-EVO,\n  *  25.2 versions before 25.2R2-EVO.", "cvss_score": 5.5, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://kb.juniper.net/JSA107866", "source": "sirt@juniper.net", "tags": []}], "published": "2026-04-09T22:16:26.267", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00011, "epss_percentile": 0.01423, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33786", "description": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis control daemon (chassisd) of Juniper Networks Junos OS on SRX1600, SRX2300 and SRX4300 allows a local attacker with low privileges to cause a complete Denial of Service (DoS).\n\nWhen a specific 'show chassis' CLI command is executed, chassisd crashes and restarts which causes a momentary impact to all traffic until all modules are online again.\n\nThis issue affects Junos OS on SRX1600, SRX2300 and SRX4300:\n\n\n\n  *  24.4 versions before 24.4R1-S3, 24.4R2.\n\n\nThis issue does not affect Junos OS versions before 24.4R1.", "cvss_score": 5.5, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-754"], "affected_products": [], "references": [{"url": "https://kb.juniper.net/JSA107810", "source": "sirt@juniper.net", "tags": []}], "published": "2026-04-09T22:16:28.193", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00013, "epss_percentile": 0.0202, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33787", "description": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis control daemon (chassisd) of Juniper Networks Junos OS on SRX1500, SRX4100, SRX4200 and SRX4600 allows a local attacker with low privileges to cause a complete Denial of Service (DoS).\n\nWhen a specific 'show chassis' CLI command is executed, chassisd crashes and restarts which causes a momentary impact to all traffic until all modules are online again.\n\n\n\nThis issue affects Junos OS on SRX1500, SRX4100, SRX4200 and SRX4600: \n\n\n\n  *  23.2 versions before 23.2R2-S6,\n  *  23.4 versions before 23.4R2-S7\n  *  24.2 versions before 24.2R2-S2,\n  *  24.4 versions before 24.4R2,\n  *  25.2 versions before 25.2R1-S1, 25.2R2.", "cvss_score": 5.5, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-754"], "affected_products": [], "references": [{"url": "https://kb.juniper.net/JSA107873", "source": "sirt@juniper.net", "tags": []}], "published": "2026-04-09T22:16:28.387", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00013, "epss_percentile": 0.0202, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35626", "description": "OpenClaw before 2026.3.22 contains an unauthenticated resource exhaustion vulnerability in voice call webhook handling that buffers request bodies before provider signature checks. Attackers can send large or malicious webhook requests to exhaust server resources without authentication by bypassing signature validation.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-405"], "affected_products": [], "references": [{"url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://github.com/openclaw/openclaw/commit/651dc7450b68a5396a009db78ef9382633707ead", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-rm59-992w-x2mv", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/openclaw-unauthenticated-resource-exhaustion-via-voice-call-webhook", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-09T22:16:31.047", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00065, "epss_percentile": 0.20155, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35633", "description": "OpenClaw before 2026.3.22 contains an unbounded memory allocation vulnerability in remote media HTTP error handling that allows attackers to trigger excessive memory consumption. Attackers can send crafted HTTP error responses with large bodies to remote media endpoints, causing the application to allocate unbounded memory before failure handling occurs.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-789"], "affected_products": [], "references": [{"url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://github.com/openclaw/openclaw/commit/81445a901091a5d27ef0b56fceedbe4724566438", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-4qwc-c7g9-4xcw", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/openclaw-unbounded-memory-allocation-via-remote-media-error-responses", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-09T22:16:32.187", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00181, "epss_percentile": 0.39788, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35640", "description": "OpenClaw before 2026.3.25 parses JSON request bodies before validating webhook signatures, allowing unauthenticated attackers to force resource-intensive parsing operations. Remote attackers can send malicious webhook requests to trigger denial of service by exhausting server resources through forced JSON parsing before signature rejection.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-696"], "affected_products": [], "references": [{"url": "https://github.com/openclaw/openclaw/commit/5e8cb22176e9235e224be0bc530699261eb60e53", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-3h52-cx59-c456", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/openclaw-denial-of-service-via-unauthenticated-webhook-request-parsing", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-09T22:16:33.507", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00053, "epss_percentile": 0.16398, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40112", "description": "PraisonAI is a multi-agent teams system. Prior to 4.5.128, the Flask API endpoint in src/praisonai/api.py renders agent output as HTML without effective sanitization. The _sanitize_html function relies on the nh3 library, which is not listed as a required or optional dependency in pyproject.toml. When nh3 is absent (the default installation), the sanitizer is a no-op that returns HTML unchanged. An attacker who can influence agent input (via RAG data poisoning, web scraping results, or prompt injection) can inject arbitrary JavaScript that executes in the browser of anyone viewing the API output. This vulnerability is fixed in 4.5.128.", "cvss_score": 5.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-cfg2-mxfj-j6pw", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-cfg2-mxfj-j6pw", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": []}], "published": "2026-04-09T22:16:34.707", "last_modified": "2026-04-14T15:16:37.427", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00029, "epss_percentile": 0.08026, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40151", "description": "PraisonAI is a multi-agent teams system. Prior to 4.5.128, the AgentOS deployment platform exposes a GET /api/agents endpoint that returns agent names, roles, and the first 100 characters of agent system instructions to any unauthenticated caller. The AgentOS FastAPI application has no authentication middleware, no API key validation, and defaults to CORS allow_origins=[\"*\"] with host=\"0.0.0.0\", making every deployment network-accessible and queryable from any origin by default. This vulnerability is fixed in 4.5.128.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-200"], "affected_products": [], "references": [{"url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-pm96-6xpr-978x", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-09T22:16:36.047", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00034, "epss_percentile": 0.09669, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1005", "name": "Data from Local System", "tactic": "Collection"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40152", "description": "PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he list_files() tool in FileTools validates the directory parameter against workspace boundaries via _validate_path(), but passes the pattern parameter directly to Path.glob() without any validation. Since Python's Path.glob() supports .. path segments, an attacker can use relative path traversal in the glob pattern to enumerate arbitrary files outside the workspace, obtaining file metadata (existence, name, size, timestamps) for any path on the filesystem. This vulnerability is fixed in 1.5.128.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-22"], "affected_products": [], "references": [{"url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-7j2f-xc8p-fjmq", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-09T22:16:36.193", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00048, "epss_percentile": 0.14609, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1083", "name": "File and Directory Discovery", "tactic": "Discovery"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5986", "description": "A weakness has been identified in Zod jsVideoUrlParser up to 0.5.1. The impacted element is the function getTime in the library lib/util.js. This manipulation of the argument timestamp causes inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-400", "CWE-1333"], "affected_products": [], "references": [{"url": "https://github.com/Zod-/jsVideoUrlParser/issues/121", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/Zod-/jsVideoUrlParser/issues/121#issue-4159661957", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/791911", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356540", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356540/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-09T23:17:01.920", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00042, "epss_percentile": 0.12587, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2712", "description": "The WP-Optimize plugin for WordPress is vulnerable to unauthorized access of functionality due to missing capability checks in the `receive_heartbeat()` function in `includes/class-wp-optimize-heartbeat.php` in all versions up to, and including, 4.5.0. This is due to the Heartbeat handler directly invoking `Updraft_Smush_Manager_Commands` methods without verifying user capabilities, nonce tokens, or the allowed commands whitelist that the normal AJAX handler (`updraft_smush_ajax`) enforces. This makes it possible for authenticated attackers, with Subscriber-level access and above, to invoke admin-only Smush operations including reading log files (`get_smush_logs`), deleting all backup images (`clean_all_backup_images`), triggering bulk image processing (`process_bulk_smush`), and modifying Smush options (`update_smush_options`).", "cvss_score": 5.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-863"], "affected_products": [], "references": [{"url": "https://plugins.trac.wordpress.org/browser/wp-optimize/tags/4.4.1/includes/class-wp-optimize-heartbeat.php#L65", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/wp-optimize/tags/4.4.1/includes/class-wp-optimize-heartbeat.php#L82", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/wp-optimize/trunk/includes/class-wp-optimize-heartbeat.php#L65", "source": "security@wordfence.com", "tags": []}, {"url": "https://research.cleantalk.org/cve-2026-2712/", "source": "security@wordfence.com", "tags": []}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6a0a376e-ea3a-40ca-9341-f28f92e15e02?source=cve", "source": "security@wordfence.com", "tags": []}], "published": "2026-04-10T02:16:02.913", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00038, "epss_percentile": 0.11334, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4664", "description": "The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.103.0. This is due to the `create_review_permissions_check()` function comparing the user-supplied `key` parameter against the order's `ivole_secret_key` meta value using strict equality (`===`), without verifying that the stored key is non-empty. For orders where no review reminder email has been sent, the `ivole_secret_key` meta is not set, causing `get_meta()` to return an empty string. An attacker can supply `key: \"\"` to match this empty value and bypass the permission check. This makes it possible for unauthenticated attackers to submit, modify, and inject product reviews on any product — including products not associated with the referenced order — via the REST API endpoint `POST /ivole/v1/review`. Reviews are auto-approved by default since `ivole_enable_moderation` defaults to `\"no\"`.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-287"], "affected_products": [], "references": [{"url": "https://plugins.trac.wordpress.org/browser/customer-reviews-woocommerce/tags/5.102.0/includes/emails/class-cr-email.php#L345", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/customer-reviews-woocommerce/tags/5.102.0/includes/reviews/class-cr-endpoint.php#L646", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/customer-reviews-woocommerce/tags/5.102.0/includes/reviews/class-cr-endpoint.php#L654", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/customer-reviews-woocommerce/tags/5.102.0/includes/reviews/class-cr-endpoint.php#L655", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fcustomer-reviews-woocommerce/tags/5.103.0&new_path=%2Fcustomer-reviews-woocommerce/tags/5.104.0", "source": "security@wordfence.com", "tags": []}, {"url": "https://wordpress.org/plugins/customer-reviews-woocommerce/", "source": "security@wordfence.com", "tags": []}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/27e3dfe3-ad33-4d0c-a999-d0734df2f59b?source=cve", "source": "security@wordfence.com", "tags": []}], "published": "2026-04-10T02:16:03.710", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00147, "epss_percentile": 0.35038, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1078", "name": "Valid Accounts", "tactic": "Initial Access"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5998", "description": "A flaw has been found in zhayujie chatgpt-on-wechat CowAgent up to 2.0.4. This affects the function dispatch of the file agent/memory/service.py of the component API Memory Content Endpoint. This manipulation of the argument filename causes path traversal. The attack can be initiated remotely. The exploit has been published and may be used. Upgrading to version 2.0.5 mitigates this issue. Patch name: 174ee0cafc9e8e9d97a23c305418251485b8aa89. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-22"], "affected_products": [], "references": [{"url": "https://github.com/zhayujie/chatgpt-on-wechat/commit/174ee0cafc9e8e9d97a23c305418251485b8aa89", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/zhayujie/chatgpt-on-wechat/issues/2734", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/zhayujie/chatgpt-on-wechat/issues/2734#issue-4178013778", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/zhayujie/chatgpt-on-wechat/releases/tag/2.0.5", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/793558", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356552", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356552/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-10T02:16:04.460", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00048, "epss_percentile": 0.14831, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1083", "name": "File and Directory Discovery", "tactic": "Discovery"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40212", "description": "OpenStack Skyline before 5.0.1, 6.0.0, and 7.0.0 has a DOM-based Cross-Site Scripting (XSS) vulnerability in the console because document.write is used unsafely, which is relevant in scenarios where administrators use the console web interface to view instance console logs.", "cvss_score": 5.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://bugs.launchpad.net/skyline-console/+bug/2138575", "source": "cve@mitre.org", "tags": []}, {"url": "https://review.opendev.org/973351", "source": "cve@mitre.org", "tags": []}, {"url": "https://security.openstack.org/ossa/OSSA-2026-006.html", "source": "cve@mitre.org", "tags": []}, {"url": "https://www.openwall.com/lists/oss-security/2026/04/09/30", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-10T08:16:25.850", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0003, "epss_percentile": 0.08525, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-29043", "description": "HDF5 is software for managing data. In 1.14.1-2 and earlier, an attacker who can control an h5 file parsed by HDF5 can trigger a write-based heap buffer overflow condition in the H5T__ref_mem_setnull method. This can lead to a denial-of-service condition, and potentially further issues such as remote code execution depending on the practical exploitability of the heap overflow against modern operating systems.", "cvss_score": 5.5, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-122"], "affected_products": [], "references": [{"url": "https://github.com/HDFGroup/hdf5/security/advisories/GHSA-qm2m-5g5w-2277", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-10T16:16:30.693", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0004, "epss_percentile": 0.12024, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-22560", "description": "An open redirect vulnerability in Rocket.Chat versions prior to 8.4.0 allows users to be redirected to arbitrary URLs by manipulating parameters within a SAML endpoint.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-601"], "affected_products": [], "references": [{"url": "https://github.com/RocketChat/Rocket.Chat/pull/38994", "source": "support@hackerone.com", "tags": []}, {"url": "https://hackerone.com/reports/3418031", "source": "support@hackerone.com", "tags": []}], "published": "2026-04-10T17:17:01.980", "last_modified": "2026-04-14T19:16:33.373", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00017, "epss_percentile": 0.04065, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35600", "description": "Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, task titles are embedded directly into Markdown link syntax in overdue email notifications without escaping Markdown special characters. When rendered by goldmark and sanitized by bluemonday (which allows <a> and <img> tags), injected Markdown constructs produce phishing links and tracking pixels in legitimate notification emails. This vulnerability is fixed in 2.3.0.", "cvss_score": 5.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://github.com/go-vikunja/vikunja/commit/0f3730d045f20e261e3cdfc6d93c325653395b64", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/go-vikunja/vikunja/pull/2580", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/go-vikunja/vikunja/releases/tag/v2.3.0", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/go-vikunja/vikunja/security/advisories/GHSA-45q4-x4r9-8fqj", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-10T17:17:03.680", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0003, "epss_percentile": 0.08525, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35602", "description": "Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the Vikunja file import endpoint uses the attacker-controlled Size field from the JSON metadata inside the import zip instead of the actual decompressed file content length for the file size enforcement check. By setting Size to 0 in the JSON while including large compressed file entries in the zip, an attacker bypasses the configured maximum file size limit. This vulnerability is fixed in 2.3.0.", "cvss_score": 5.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-770"], "affected_products": [], "references": [{"url": "https://github.com/go-vikunja/vikunja/pull/2575", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/go-vikunja/vikunja/releases/tag/v2.3.0", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/go-vikunja/vikunja/security/advisories/GHSA-qh78-rvg3-cv54", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/go-vikunja/vikunja/security/advisories/GHSA-qh78-rvg3-cv54", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": []}], "published": "2026-04-10T17:17:03.993", "last_modified": "2026-04-14T15:16:29.813", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00036, "epss_percentile": 0.10733, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35620", "description": "OpenClaw before 2026.3.24 contains missing authorization vulnerabilities in the /send and /allowlist chat command handlers. The /send command allows non-owner command-authorized senders to change owner-only session delivery policy settings, and the /allowlist mutating commands fail to enforce operator.admin scope. Attackers with operator.write scope can invoke /send on|off|inherit to persistently mutate the current session's sendPolicy, and execute /allowlist add commands to modify config-backed allowFrom entries and pairing-store allowlist entries without proper admin authorization.", "cvss_score": 5.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-862"], "affected_products": [{"vendor": "openclaw", "product": "openclaw", "cpe": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*"}], "references": [{"url": "https://github.com/openclaw/openclaw/commit/555b2578a8cc6e1b93f717496935ead97bfbed8b", "source": "disclosure@vulncheck.com", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/commit/ccfeecb6887cd97937e33a71877ad512741e82b2", "source": "disclosure@vulncheck.com", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/commit/ea018a68ccb92dbc735bc1df9880d5c95c63ca35", "source": "disclosure@vulncheck.com", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-39mp-545q-w789", "source": "disclosure@vulncheck.com", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-vqvg-86cc-cg83", "source": "disclosure@vulncheck.com", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}, {"url": "https://www.vulncheck.com/advisories/openclaw-missing-authorization-in-send-and-allowlist-chat-commands", "source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"]}], "published": "2026-04-10T17:17:04.320", "last_modified": "2026-04-13T20:27:09.027", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00055, "epss_percentile": 0.17273, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35647", "description": "OpenClaw before 2026.3.25 contains an access control vulnerability where verification notices bypass DM policy checks and reply to unpaired peers. Attackers can send verification notices to users outside allowed direct message policies by exploiting insufficient access validation before message transmission.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-288"], "affected_products": [{"vendor": "openclaw", "product": "openclaw", "cpe": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*"}], "references": [{"url": "https://github.com/openclaw/openclaw/commit/2383daf5c4a4e08d9553e0e949552ad755ef9ec2", "source": "disclosure@vulncheck.com", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-9wqx-g2cw-vc7r", "source": "disclosure@vulncheck.com", "tags": ["Vendor Advisory"]}, {"url": "https://www.vulncheck.com/advisories/openclaw-direct-message-policy-bypass-via-verification-notices", "source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"]}], "published": "2026-04-10T17:17:05.077", "last_modified": "2026-04-13T20:45:57.483", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00028, "epss_percentile": 0.07805, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35654", "description": "OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Microsoft Teams feedback invokes that allows unauthorized senders to record session feedback. Attackers can bypass sender allowlist checks via feedback invoke endpoints to trigger unauthorized feedback recording or reflection.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-288"], "affected_products": [{"vendor": "openclaw", "product": "openclaw", "cpe": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*"}], "references": [{"url": "https://github.com/openclaw/openclaw/commit/c5415a474bb085404c20f8b312e436997977b1ea", "source": "disclosure@vulncheck.com", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-rf6h-5gpw-qrgq", "source": "disclosure@vulncheck.com", "tags": ["Vendor Advisory"]}, {"url": "https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-microsoft-teams-feedback-invoke", "source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"]}], "published": "2026-04-10T17:17:06.370", "last_modified": "2026-04-13T21:06:55.790", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00028, "epss_percentile": 0.07805, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35661", "description": "OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Telegram callback query handling that allows attackers to mutate session state without satisfying normal DM pairing requirements. Remote attackers can exploit weaker callback-only authorization in direct messages to bypass DM pairing and modify session state.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-288"], "affected_products": [{"vendor": "openclaw", "product": "openclaw", "cpe": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*"}], "references": [{"url": "https://github.com/openclaw/openclaw/commit/269282ac69ab6030d5f30d04822668f607f13065", "source": "disclosure@vulncheck.com", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-j4c9-w69r-cw33", "source": "disclosure@vulncheck.com", "tags": ["Vendor Advisory"]}, {"url": "https://www.vulncheck.com/advisories/openclaw-telegram-dm-scoped-inline-button-callback-authorization-bypass", "source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"]}], "published": "2026-04-10T17:17:07.687", "last_modified": "2026-04-13T20:32:13.767", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00038, "epss_percentile": 0.11396, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35664", "description": "OpenClaw before 2026.3.25 contains an authentication bypass vulnerability in raw card send surface that allows unpaired recipients to mint legacy callback payloads. Attackers can send raw card commands to bypass DM pairing restrictions and reach callback handling without proper authorization.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-288"], "affected_products": [{"vendor": "openclaw", "product": "openclaw", "cpe": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*"}], "references": [{"url": "https://github.com/openclaw/openclaw/commit/81c45976db532324b5a0918a70decc19520dc354", "source": "disclosure@vulncheck.com", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-77w2-crqv-cmv3", "source": "disclosure@vulncheck.com", "tags": ["Vendor Advisory"]}, {"url": "https://www.vulncheck.com/advisories/openclaw-dm-pairing-bypass-via-legacy-card-callbacks", "source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"]}], "published": "2026-04-10T17:17:08.240", "last_modified": "2026-04-13T20:39:15.373", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00057, "epss_percentile": 0.1787, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35665", "description": "OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-32011 where the Feishu webhook handler accepts request bodies with permissive limits of 1MB and 30-second timeout before signature verification. An unauthenticated attacker can exhaust server connection resources by sending concurrent slow HTTP POST requests to the Feishu webhook endpoint, blocking legitimate webhook deliveries.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-405"], "affected_products": [{"vendor": "openclaw", "product": "openclaw", "cpe": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*"}], "references": [{"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-w6m8-cqvj-pg5v", "source": "disclosure@vulncheck.com", "tags": ["Exploit", "Vendor Advisory"]}, {"url": "https://www.vulncheck.com/advisories/openclaw-denial-of-service-via-feishu-webhook-pre-auth-body-parsing", "source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"]}], "published": "2026-04-10T17:17:08.437", "last_modified": "2026-04-13T20:42:44.077", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00058, "epss_percentile": 0.18045, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40086", "description": "Rembg is a tool to remove images background. Prior to 2.0.75, a path traversal vulnerability in the rembg HTTP server allows unauthenticated remote attackers to read arbitrary files from the server's filesystem. By sending a crafted request with a malicious model_path parameter, an attacker can force the server to attempt loading any file as an ONNX model, revealing file existence, permissions, and potentially file contents through error messages. This vulnerability is fixed in 2.0.75.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-22", "CWE-73"], "affected_products": [], "references": [{"url": "https://github.com/danielgatis/rembg/commit/7c76d3cdc5757ffbda6a76664b24cfbecdb80273", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/danielgatis/rembg/releases/tag/v2.0.75", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/danielgatis/rembg/security/advisories/GHSA-3wqj-33cg-xc48", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-10T17:17:12.663", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00049, "epss_percentile": 0.14902, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1083", "name": "File and Directory Discovery", "tactic": "Discovery"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40100", "description": "FastGPT is an AI Agent building platform. Prior to 4.14.10.3, the /api/core/app/mcpTools/runTool endpoint accepts arbitrary URLs without authentication. The internal IP check in isInternalAddress() only blocks private IPs when CHECK_INTERNAL_IP=true, which is not the default. This allows unauthenticated attackers to perform SSRF against internal network resources. This vulnerability is fixed in 4.14.10.3.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-918"], "affected_products": [], "references": [{"url": "https://github.com/labring/FastGPT/security/advisories/GHSA-jrhc-f3j7-f8g4", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-10T17:17:12.997", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00046, "epss_percentile": 0.14176, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1090", "name": "Proxy", "tactic": "Command and Control"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40159", "description": "PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI’s MCP (Model Context Protocol) integration allows spawning background servers via stdio using user-supplied command strings (e.g., MCP(\"npx -y @smithery/cli ...\")). These commands are executed through Python’s subprocess module. By default, the implementation forwards the entire parent process environment to the spawned subprocess. As a result, any MCP command executed in this manner inherits all environment variables from the host process, including sensitive data such as API keys, authentication tokens, and database credentials. This behavior introduces a security risk when untrusted or third-party commands are used. In common scenarios where MCP tools are invoked via package runners such as npx -y, arbitrary code from external or potentially compromised packages may execute with access to these inherited environment variables. This creates a risk of unintended credential exposure and enables potential supply chain attacks through silent exfiltration of secrets. This vulnerability is fixed in 4.5.128.", "cvss_score": 5.5, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-200", "CWE-214"], "affected_products": [], "references": [{"url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-pj2r-f9mw-vrcq", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-10T17:17:13.763", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00016, "epss_percentile": 0.03363, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1005", "name": "Data from Local System", "tactic": "Collection"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32893", "description": "Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, a Reflected Cross-Site Scripting (XSS) vulnerability in the exercise question list admin panel allows an attacker to execute arbitrary JavaScript in an authenticated teacher's browser. The pagination code merges all $_GET parameters via array_merge() and outputs the result via http_build_query() directly into HTML href attributes without htmlspecialchars() encoding. This vulnerability is fixed in 2.0.0-RC.3.", "cvss_score": 5.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://github.com/chamilo/chamilo-lms/commit/72bc403f89b1ebb73a139f8f6cf0478857592276", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-37jh-g64j-88mc", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-10T18:16:41.953", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00029, "epss_percentile": 0.08061, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33705", "description": "Chamilo LMS is a learning management system. Prior to 1.11.38, Twig template files (.tpl) under /main/template/default/ are directly accessible without authentication via HTTP GET requests. These templates expose internal application logic, variable names, AJAX endpoint URLs, and admin panel structure. This vulnerability is fixed in 1.11.38.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-538"], "affected_products": [], "references": [{"url": "https://github.com/chamilo/chamilo-lms/commit/4efb5ee8ed849ca147ca1fe7472ef7b98db17bff", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-5wjg-8x28-px57", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-10T19:16:23.653", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00042, "epss_percentile": 0.12648, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33737", "description": "Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, multiple files use simplexml_load_string() without XXE protection. With LIBXML_NOENT flag, arbitrary server files can be read. This vulnerability is fixed in 1.11.38 and 2.0.0-RC.3.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-611"], "affected_products": [], "references": [{"url": "https://github.com/chamilo/chamilo-lms/commit/22b1cb1c609b643765c88654155aba27070c927e", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/chamilo/chamilo-lms/commit/af6b7002af7c15825e98fc522e2ead0d00cacaa3", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-c4ww-qgf2-v89j", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-10T19:16:24.560", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00027, "epss_percentile": 0.07386, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33119", "description": "User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.", "cvss_score": 5.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-451"], "affected_products": [{"vendor": "microsoft", "product": "edge", "cpe": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:android:*:*"}], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33119", "source": "secure@microsoft.com", "tags": ["Vendor Advisory"]}], "published": "2026-04-10T22:16:21.287", "last_modified": "2026-04-14T11:57:14.647", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00061, "epss_percentile": 0.18985, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-3691", "description": "OpenClaw Client PKCE Verifier Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose stored credentials on affected installations of OpenClaw. User interaction is required to exploit this vulnerability in that the target must initiate an OAuth authorization flow.\n\nThe specific flaw exists within the implementation of OAuth authorization. The issue results from the exposure of sensitive data in the authorization URL query string. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-29381.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-200"], "affected_products": [], "references": [{"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-6g25-pc82-vfwp", "source": "zdi-disclosures@trendmicro.com", "tags": []}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-26-229/", "source": "zdi-disclosures@trendmicro.com", "tags": []}], "published": "2026-04-11T01:16:16.123", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00061, "epss_percentile": 0.19083, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1005", "name": "Data from Local System", "tactic": "Collection"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-3358", "description": "The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized private course enrollment in all versions up to, and including, 3.9.7. This is due to missing post_status validation in the `enroll_now()` and `course_enrollment()` functions. Both enrollment endpoints verify the nonce, user authentication, and whether the course is purchasable, but fail to check if the course has a `private` post_status. This makes it possible for authenticated attackers with Subscriber-level access or above to enroll in private courses by sending a crafted POST request with the target course ID. The enrollment record is created in the database and the private course title and enrollment status are exposed in the subscriber's dashboard, though WordPress core access control prevents the subscriber from viewing the actual course content (returns 404). Enrollment in private courses should be restricted to users with the `read_private_posts` capability.", "cvss_score": 5.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.7/classes/Course.php#L134", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.7/classes/Course.php#L2066", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/tutor/trunk/classes/Course.php#L2053", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/tutor/trunk/classes/Course.php#L2989", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/changeset/3496394/tutor/trunk/classes/Course.php", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Ftutor/tags/3.9.7&new_path=%2Ftutor/tags/3.9.8", "source": "security@wordfence.com", "tags": []}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0c173356-7228-4253-bb28-2c2e11af76fd?source=cve", "source": "security@wordfence.com", "tags": []}], "published": "2026-04-11T02:16:01.770", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00059, "epss_percentile": 0.18383, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6160", "description": "A vulnerability was found in code-projects Simple ChatBox 1.0. Affected by this issue is the function SimpleChatbox_PHP of the file chatbox.sql of the component Endpoint. Performing a manipulation results in file and directory information exposure. It is possible to initiate the attack remotely. The exploit has been made public and could be used.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-200", "CWE-538"], "affected_products": [], "references": [{"url": "https://code-projects.org/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/ahmadmarz10-hub/CVEsMarz/blob/main/Sensitive%20Information%20Disclosure%20in%20Simple%20Chatbox%20PHP%20Exposed%20Database%20Backup.md", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/796696", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357040", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357040/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-13T05:16:05.420", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00031, "epss_percentile": 0.0876, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1005", "name": "Data from Local System", "tactic": "Collection"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35565", "description": "Stored Cross-Site Scripting (XSS) via Unsanitized Topology Metadata in Apache Storm UI\n\n\nVersions Affected: before 2.8.6\n\n\nDescription: The Storm UI visualization component interpolates topology metadata including component IDs, stream names, and grouping values directly into HTML via innerHTML in parseNode() and parseEdge() without sanitization at any layer. An authenticated user with topology submission rights could craft a topology containing malicious HTML/JavaScript in component identifiers (e.g., a bolt ID containing an onerror event handler). This payload flows through Nimbus → Thrift → the Visualization API → vis.js tooltip rendering, resulting in stored cross-site scripting. \n\nIn multi-tenant deployments where topology submission is available to less-trusted users but the UI is accessed by operators or administrators, this enables privilege escalation through script execution in an admin's browser session.\n\n\nMitigation: 2.x users should upgrade to 2.8.6. Users who cannot upgrade immediately should monkey-patch the parseNode() and parseEdge() functions in the visualization JavaScript file to HTML-escape all API-supplied values including nodeId, :capacity, :latency, :component, :stream, and :grouping before interpolation into tooltip HTML strings, and should additionally restrict topology submission to trusted users via Nimbus ACLs as a defense-in-depth measure. A guide on how to do this is available in the release notes of 2.8.6.\n\nCredit: This issue was discovered while investigating another report by K.", "cvss_score": 5.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://storm.apache.org/2026/04/12/storm286-released.html", "source": "security@apache.org", "tags": []}, {"url": "http://www.openwall.com/lists/oss-security/2026/04/12/7", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2026-04-13T10:16:11.770", "last_modified": "2026-04-13T15:17:33.953", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00033, "epss_percentile": 0.09347, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-63743", "description": "Cross-Site Scripting vulnerability in the Snipe-IT web-based asset management system v8.3.0 to up and including v8.3.1 allows authenticated attacker with lowest privileges sufficient only to log in, to inject arbitrary JavaScript code via \"Name\" and \"Surname\" fields. The JavaScript code is executed whenever \"Activity Report\" or modified profile is viewed directly by any user with sufficient permissions. Successful exploitation of this issue requires that the profile's \"Display Name\" is not set. The vulnerability is fixed in v8.3.2.", "cvss_score": 5.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "http://grokability.com", "source": "cve@mitre.org", "tags": []}, {"url": "http://snipe-it.com", "source": "cve@mitre.org", "tags": []}, {"url": "https://github.com/grokability/snipe-it/commit/b6d397bcca4e8a05176b782de769d7160058bfc4#diff-7fe056d76c09808dac923c4639161d587c3fff281a01122f3e10c4a781674a65", "source": "cve@mitre.org", "tags": []}, {"url": "https://github.com/mikust/CVEs/tree/main/CVE-2025-63743", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-13T16:16:24.487", "last_modified": "2026-04-14T15:16:24.613", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00014, "epss_percentile": 0.02303, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6201", "description": "A vulnerability was identified in CodeAstro Online Job Portal 1.0. The impacted element is an unknown function of the file /jobs/job-delete.php of the component Delete Job Posting Handler. Such manipulation of the argument ID leads to improper access controls. The attack can be launched remotely. The exploit is publicly available and might be used.", "cvss_score": 5.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-266", "CWE-284"], "affected_products": [], "references": [{"url": "https://codeastro.com/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/Xmyronn/CodeAstro-Online-Job-Portal-IDOR.git", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/797515", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357123", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357123/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-13T20:16:47.287", "last_modified": "2026-04-13T20:16:47.287", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00036, "epss_percentile": 0.10595, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-70936", "description": "Vtiger CRM 8.4.0 contains a reflected cross-site scripting (XSS) vulnerability in the MailManager module. Improper handling of user-controlled input in the _folder parameter allows a specially crafted, double URL-encoded payload to be reflected and executed in the context of an authenticated user s session.", "cvss_score": 5.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://www.simonjuguna.com/cve-2025-70936-reflected-xss-vulnerability-in-vtiger-crm-v8-4-0/", "source": "cve@mitre.org", "tags": []}, {"url": "https://www.vtiger.com/open-source-crm/", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-13T21:16:23.793", "last_modified": "2026-04-14T16:16:35.077", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00018, "epss_percentile": 0.04749, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33740", "description": "EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below, the POST /api/v1/Email/importEml endpoint contains an Insecure Direct Object Reference (IDOR) vulnerability where the attacker-supplied fileId parameter is used to fetch any attachment directly from the repository without verifying that the current user has authorization to access it. Any authenticated user with Email:create and Import permissions can exploit this to read another user's .eml attachment contents by importing them as a new email into the attacker's mailbox, while the original victim attachment record is deleted as a side effect of the import flow. This is inconsistent with the standard attachment download path, which enforces ACL checks before returning file data, and is practically exploitable because attachment IDs are commonly exposed in normal UI and API workflows such as stream payloads and download links. This issue is fixed in version 9.3.4.", "cvss_score": 5.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-639"], "affected_products": [], "references": [{"url": "https://github.com/espocrm/espocrm/commit/88e3ba6a7b5cab5dbc2298e2a093d3aa383aa95f", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/espocrm/espocrm/releases/tag/9.3.4", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/espocrm/espocrm/security/advisories/GHSA-wr7j-hxf8-hc4w", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-13T21:16:25.007", "last_modified": "2026-04-13T21:16:25.007", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0002, "epss_percentile": 0.05422, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33899", "description": "ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-189 and 6.9.13-44, when `Magick` parses an XML file it is possible that a single zero byte is written out of the bounds. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-122", "CWE-191"], "affected_products": [], "references": [{"url": "https://github.com/ImageMagick/ImageMagick/commit/ae679e2fd19ec656bfab9f822ae4cf06bf91604d", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cr67-pvmx-2pp2", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-13T21:16:25.170", "last_modified": "2026-04-13T21:16:25.170", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00039, "epss_percentile": 0.11627, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6219", "description": "A vulnerability was determined in aandrew-me ytDownloader up to 3.20.2. This affects the function child_process.exec of the file src/compressor.js of the component Compressor Feature. This manipulation causes command injection. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-74", "CWE-77"], "affected_products": [], "references": [{"url": "https://gist.github.com/ngocnn97/53a9f251d1cb99b1b8033e211407d1b1", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/ngocnn97/security-advisories/blob/main/YtDownloader_Command_Injection_PoC.mp4", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/785843", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/785844", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357140", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357140/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-13T21:16:32.410", "last_modified": "2026-04-13T21:16:32.410", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00178, "epss_percentile": 0.39341, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33902", "description": "ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a stack overflow vulnerability in ImageMagick's FX expression parser allows an attacker to crash the process by providing a deeply nested expression. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.", "cvss_score": 5.5, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-674"], "affected_products": [], "references": [{"url": "https://github.com/ImageMagick/ImageMagick/commit/d3c0a37485314c5ccef72efb18f3847cd53868ba", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-f4qm-vj5j-9xpw", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-13T22:16:28.680", "last_modified": "2026-04-13T22:16:28.680", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00012, "epss_percentile": 0.01569, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33905", "description": "ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, the -sample operation has an out of bounds read when an specific offset is set through the `sample:offset` define that could lead to an out of bounds read. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.", "cvss_score": 5.5, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-125"], "affected_products": [], "references": [{"url": "https://github.com/ImageMagick/ImageMagick/commit/cca607366fb38c2dde019a9088b8415ffba3a835", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pcvx-ph33-r5vv", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-13T22:16:28.837", "last_modified": "2026-04-13T22:16:28.837", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00012, "epss_percentile": 0.01525, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40183", "description": "ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, the JXL encoder has an heap write overflow when a user specifies that the image should be encoded as 16 bit floats. This issue has been fixed in version 7.1.2-19.", "cvss_score": 5.5, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-122"], "affected_products": [], "references": [{"url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-jvgr-9ph5-m8v4", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-13T22:16:29.643", "last_modified": "2026-04-13T22:16:29.643", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00012, "epss_percentile": 0.01569, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40310", "description": "ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below both 7.1.2-19 and 6.9.13-44, contain a heap out-of-bounds write in the JP2 encoder with when a user specifies an invalid sampling index. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.", "cvss_score": 5.5, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-122", "CWE-787"], "affected_products": [], "references": [{"url": "https://github.com/ImageMagick/ImageMagick/commit/3d653bea2df085c728a1c8f775808e1e9249dff9", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pwg5-6jfc-crvh", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-13T22:16:29.790", "last_modified": "2026-04-13T22:16:29.790", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00012, "epss_percentile": 0.01525, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40311", "description": "ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below 7.1.2-19 and 6.9.13-44 contain a heap use-after-free vulnerability that can cause a crash when reading and printing values from an invalid XMP profile. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.", "cvss_score": 5.5, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-416", "CWE-693"], "affected_products": [], "references": [{"url": "https://github.com/ImageMagick/ImageMagick/commit/5facfecf1abb3fed46a08f614dcc43d1e548e20d", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r83h-crwp-3vm7", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-13T22:16:29.950", "last_modified": "2026-04-13T22:16:29.950", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00015, "epss_percentile": 0.03181, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34069", "description": "nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. In versions 1.2.2 and below, an unauthenticated p2p peer can cause the RequestMacroChain message handler task to panic. Sending a RequestMacroChain message where the first locator hash on the victim’s main chain is a micro block hash (not a macro block hash) causes said panic. The RequestMacroChain::handle handler selects the locator based only on \"is on main chain\", then calls get_macro_blocks() and panics via .unwrap() when the selected hash is not a macro block (BlockchainError::BlockIsNotMacro). This issue has been fixed in version 1.3.0.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-617"], "affected_products": [], "references": [{"url": "https://github.com/nimiq/core-rs-albatross/commit/ae6c1e92342e72f80fd12accbe66ee80dd6802ac", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/nimiq/core-rs-albatross/pull/3660", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/nimiq/core-rs-albatross/releases/tag/v1.3.0", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-48m6-486p-9j8p", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-14T00:16:07.023", "last_modified": "2026-04-14T00:16:07.023", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00039, "epss_percentile": 0.11627, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-31924", "description": "Cleartext Transmission of Sensitive Information vulnerability in Apache APISIX.\n\ntencent-cloud-cls log export uses plaintext HTTP\nThis issue affects Apache APISIX: from 2.99.0 through 3.15.0.\n\nUsers are recommended to upgrade to version 3.16.0, which fixes the issue.", "cvss_score": 5.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-319"], "affected_products": [], "references": [{"url": "https://lists.apache.org/thread/sqxjjlt87c1q28db28ztdxylm5pgwohq", "source": "security@apache.org", "tags": []}, {"url": "http://www.openwall.com/lists/oss-security/2026/04/14/2", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2026-04-14T09:16:35.953", "last_modified": "2026-04-14T20:16:38.340", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00013, "epss_percentile": 0.02003, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 15.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-24069", "description": "Kiuwan SAST improperly authorizes SSO logins for locally disabled mapped user accounts, allowing disabled users to continue accessing the application. Kiuwan Cloud was affected, and Kiuwan SAST on-premise (KOP) was affected before 2.8.2509.4.", "cvss_score": 5.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-863"], "affected_products": [], "references": [{"url": "https://r.sec-consult.com/kiuwanlock", "source": "551230f0-3615-47bd-b7cc-93e92e730bbf", "tags": []}, {"url": "http://seclists.org/fulldisclosure/2026/Apr/5", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2026-04-14T12:16:20.247", "last_modified": "2026-04-14T19:16:33.553", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00017, "epss_percentile": 0.04065, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4914", "description": "Stored XSS in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to obtain limited information from other user sessions. User interaction is required.", "cvss_score": 5.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-CVE-2026-4913-CVE-2026-4914?language=en_US", "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "tags": []}], "published": "2026-04-14T15:16:39.750", "last_modified": "2026-04-14T15:16:39.750", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2024-23104", "description": "An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.8, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiVoice 7.0.0 through 7.0.1 may allow a remote authenticated attacker with at least read-only permission on system maintenance to access backup information via crafted HTTP requests", "cvss_score": 5.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-200"], "affected_products": [], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-124", "source": "psirt@fortinet.com", "tags": []}], "published": "2026-04-14T16:16:28.723", "last_modified": "2026-04-14T16:16:28.723", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1005", "name": "Data from Local System", "tactic": "Collection"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-61886", "description": "An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.4, FortiSandbox PaaS 5.0.0 through 5.0.4 may allow an attacker to perform an XSS attack via crafted HTTP requests.", "cvss_score": 5.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-109", "source": "psirt@fortinet.com", "tags": []}], "published": "2026-04-14T16:16:31.800", "last_modified": "2026-04-14T16:16:31.800", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27285", "description": "InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application or disrupt its functionality. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "cvss_score": 5.5, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-122"], "affected_products": [], "references": [{"url": "https://helpx.adobe.com/security/products/indesign/apsb26-32.html", "source": "psirt@adobe.com", "tags": []}], "published": "2026-04-14T17:16:48.200", "last_modified": "2026-04-14T17:16:48.200", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27286", "description": "InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "cvss_score": 5.5, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-122"], "affected_products": [], "references": [{"url": "https://helpx.adobe.com/security/products/indesign/apsb26-32.html", "source": "psirt@adobe.com", "tags": []}], "published": "2026-04-14T17:16:48.357", "last_modified": "2026-04-14T17:16:48.357", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-20806", "description": "Access of resource using incompatible type ('type confusion') in Windows COM allows an authorized attacker to disclose information locally.", "cvss_score": 5.5, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-843"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20806", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:16:42.540", "last_modified": "2026-04-14T18:16:42.540", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27258", "description": "DNG SDK versions 1.7.1 2502 and earlier are affected by an out-of-bounds write vulnerability that could lead to application denial-of-service. An attacker could leverage this vulnerability to corrupt memory, causing the application to crash or become unresponsive. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "cvss_score": 5.5, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-787"], "affected_products": [], "references": [{"url": "https://helpx.adobe.com/security/products/dng-sdk/apsb26-41.html", "source": "psirt@adobe.com", "tags": []}], "published": "2026-04-14T18:16:56.247", "last_modified": "2026-04-14T18:16:56.247", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27288", "description": "Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage.", "cvss_score": 5.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://helpx.adobe.com/security/products/aem-screens/apsb26-34.html", "source": "psirt@adobe.com", "tags": []}], "published": "2026-04-14T18:16:56.450", "last_modified": "2026-04-14T19:16:33.933", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27930", "description": "Out-of-bounds read in Windows GDI allows an unauthorized attacker to disclose information locally.", "cvss_score": 5.5, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-125"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27930", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:04.747", "last_modified": "2026-04-14T18:17:04.747", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27931", "description": "Out-of-bounds read in Windows GDI allows an unauthorized attacker to disclose information locally.", "cvss_score": 5.5, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-125"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27931", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:06.280", "last_modified": "2026-04-14T18:17:06.280", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32079", "description": "Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.", "cvss_score": 5.5, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-200"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32079", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:10.327", "last_modified": "2026-04-14T18:17:10.327", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1005", "name": "Data from Local System", "tactic": "Collection"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32081", "description": "Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.", "cvss_score": 5.5, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-200"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32081", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:10.850", "last_modified": "2026-04-14T18:17:10.850", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1005", "name": "Data from Local System", "tactic": "Collection"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32084", "description": "Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.", "cvss_score": 5.5, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-200"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32084", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:11.833", "last_modified": "2026-04-14T18:17:11.833", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1005", "name": "Data from Local System", "tactic": "Collection"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32085", "description": "Exposure of sensitive information to an unauthorized actor in Windows Remote Procedure Call allows an authorized attacker to disclose information locally.", "cvss_score": 5.5, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-200"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32085", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:12.217", "last_modified": "2026-04-14T18:17:12.217", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1005", "name": "Data from Local System", "tactic": "Collection"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32181", "description": "Improper privilege management in Microsoft Windows allows an authorized attacker to deny service locally.", "cvss_score": 5.5, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-269"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32181", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:20.453", "last_modified": "2026-04-14T18:17:20.453", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32212", "description": "Improper link resolution before file access ('link following') in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.", "cvss_score": 5.5, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-59", "CWE-269"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32212", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:27.900", "last_modified": "2026-04-14T18:17:27.900", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32214", "description": "Improper access control in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.", "cvss_score": 5.5, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-284"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32214", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:28.250", "last_modified": "2026-04-14T18:17:28.250", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32215", "description": "Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.", "cvss_score": 5.5, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-532"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32215", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:28.597", "last_modified": "2026-04-14T18:17:28.597", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1005", "name": "Data from Local System", "tactic": "Collection"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32216", "description": "Null pointer dereference in Windows Redirected Drive Buffering allows an authorized attacker to deny service locally.", "cvss_score": 5.5, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-476"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32216", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:28.880", "last_modified": "2026-04-14T18:17:28.880", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32217", "description": "Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.", "cvss_score": 5.5, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-532"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32217", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:29.050", "last_modified": "2026-04-14T18:17:29.050", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1005", "name": "Data from Local System", "tactic": "Collection"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32218", "description": "Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.", "cvss_score": 5.5, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-532"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32218", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:29.393", "last_modified": "2026-04-14T18:17:29.393", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1005", "name": "Data from Local System", "tactic": "Collection"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33103", "description": "Improper access control in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to disclose information locally.", "cvss_score": 5.5, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-284"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33103", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:33.000", "last_modified": "2026-04-14T18:17:33.000", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34623", "description": "Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a specially crafted web page.", "cvss_score": 5.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://helpx.adobe.com/security/products/aem-screens/apsb26-34.html", "source": "psirt@adobe.com", "tags": []}], "published": "2026-04-14T19:16:37.903", "last_modified": "2026-04-14T19:16:37.903", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34624", "description": "Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage.", "cvss_score": 5.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://helpx.adobe.com/security/products/aem-screens/apsb26-34.html", "source": "psirt@adobe.com", "tags": []}], "published": "2026-04-14T19:16:38.087", "last_modified": "2026-04-14T19:16:38.087", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34625", "description": "Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage.", "cvss_score": 5.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://helpx.adobe.com/security/products/aem-screens/apsb26-34.html", "source": "psirt@adobe.com", "tags": []}], "published": "2026-04-14T19:16:38.293", "last_modified": "2026-04-14T19:16:38.293", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27222", "description": "Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Divide By Zero vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application or render it unresponsive. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "cvss_score": 5.5, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-369"], "affected_products": [], "references": [{"url": "https://helpx.adobe.com/security/products/bridge/apsb26-39.html", "source": "psirt@adobe.com", "tags": []}], "published": "2026-04-14T20:16:32.927", "last_modified": "2026-04-14T20:16:32.927", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 16, "ats_level": "INFO", "ats_breakdown": {"severity": 16.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-0243", "description": "Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6.", "cvss_score": 5.1, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-787"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1827142%2C1932783", "source": "security@mozilla.org", "tags": ["Broken Link", "Issue Tracking"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-01/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-02/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-04/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-05/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00004.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-01-07T16:15:38.973", "last_modified": "2026-04-13T15:16:34.457", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0003, "epss_percentile": 0.08357, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 15, "ats_level": "INFO", "ats_breakdown": {"severity": 15.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-4089", "description": "Due to insufficient escaping of special characters in the \"copy as cURL\" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability was fixed in Firefox 138 and Thunderbird 138.", "cvss_score": 5.1, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-77"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1949994%2C1956698%2C1960198", "source": "security@mozilla.org", "tags": ["Broken Link"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-28/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-31/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-04-29T14:15:35.537", "last_modified": "2026-04-13T15:17:00.560", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00068, "epss_percentile": 0.20793, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 15, "ats_level": "INFO", "ats_breakdown": {"severity": 15.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34881", "description": "OpenStack Glance before 29.1.1, 30.x before 30.1.1, and 31.0.0 is affected by Server-Side Request Forgery (SSRF). By use of HTTP redirects, an authenticated user can bypass URL validation checks and redirect to internal services. Only glance image import functionality is affected. In particular, the web-download and glance-download import methods are subject to this vulnerability, as is the optional (not enabled by default) ovf_process image import plugin.", "cvss_score": 5.0, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-918"], "affected_products": [{"vendor": "openstack", "product": "glance", "cpe": "cpe:2.3:a:openstack:glance:*:*:*:*:*:*:*:*"}, {"vendor": "openstack", "product": "glance", "cpe": "cpe:2.3:a:openstack:glance:*:*:*:*:*:*:*:*"}, {"vendor": "openstack", "product": "glance", "cpe": "cpe:2.3:a:openstack:glance:31.0.0:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugs.launchpad.net/glance/+bug/2138602", "source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}, {"url": "https://security.openstack.org/ossa/OSSA-2026-004.html", "source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"]}, {"url": "https://bugs.launchpad.net/glance/+bug/2138602", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}], "published": "2026-03-31T06:16:01.130", "last_modified": "2026-04-14T01:51:48.620", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00029, "epss_percentile": 0.08111, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1090", "name": "Proxy", "tactic": "Command and Control"}], "ats_score": 15, "ats_level": "INFO", "ats_breakdown": {"severity": 15.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34526", "description": "SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, in src/endpoints/search.js, the hostname is checked against /^\\d+\\.\\d+\\.\\d+\\.\\d+$/. This only matches literal dotted-quad IPv4 (e.g. 127.0.0.1, 10.0.0.1). It does not catch: localhost (hostname, not dotted-quad), [::1] (IPv6 loopback), and DNS names resolving to internal addresses (e.g. localtest.me -> 127.0.0.1). A separate port check (urlObj.port !== '') limits exploitation to services on default ports (80/443), making this lower severity than a fully unrestricted SSRF. This issue has been patched in version 1.17.0.", "cvss_score": 5.0, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-918"], "affected_products": [{"vendor": "sillytavern", "product": "sillytavern", "cpe": "cpe:2.3:a:sillytavern:sillytavern:*:*:*:*:*:node.js:*:*"}], "references": [{"url": "https://github.com/SillyTavern/SillyTavern/releases/tag/1.17.0", "source": "security-advisories@github.com", "tags": ["Release Notes"]}, {"url": "https://github.com/SillyTavern/SillyTavern/security/advisories/GHSA-wm7j-m6jm-8797", "source": "security-advisories@github.com", "tags": ["Vendor Advisory", "Exploit"]}, {"url": "https://github.com/SillyTavern/SillyTavern/security/advisories/GHSA-wm7j-m6jm-8797", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Vendor Advisory", "Exploit"]}], "published": "2026-04-02T18:16:29.917", "last_modified": "2026-04-13T18:39:45.460", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0003, "epss_percentile": 0.08346, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1090", "name": "Proxy", "tactic": "Command and Control"}], "ats_score": 15, "ats_level": "INFO", "ats_breakdown": {"severity": 15.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34061", "description": "nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an elected validator proposer can send an election macro block whose header.interlink does not match the canonical next interlink. Honest validators accept that proposal in verify_macro_block_proposal() because the proposal path validates header shape, successor relation, proposer, body root, and state, but never checks the interlink binding for election blocks. The same finalized block is later rejected by verify_block() during push with InvalidInterlink. Because validators prevote and precommit the malformed header hash itself, the failure happens after Tendermint decides the block, not before voting. This issue has been patched in version 1.3.0.", "cvss_score": 4.9, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-345"], "affected_products": [{"vendor": "nimiq", "product": "core-rs-albatross", "cpe": "cpe:2.3:a:nimiq:core-rs-albatross:*:*:*:*:*:rust:*:*"}], "references": [{"url": "https://github.com/nimiq/core-rs-albatross/commit/9d7d17c9163384e79f61cdbbfe9853ae57bb8bf7", "source": "security-advisories@github.com", "tags": ["Patch"]}, {"url": "https://github.com/nimiq/core-rs-albatross/pull/3668", "source": "security-advisories@github.com", "tags": ["Patch"]}, {"url": "https://github.com/nimiq/core-rs-albatross/releases/tag/v1.3.0", "source": "security-advisories@github.com", "tags": ["Release Notes"]}, {"url": "https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-gr83-j5f8-p2r5", "source": "security-advisories@github.com", "tags": ["Third Party Advisory"]}], "published": "2026-04-03T23:17:03.940", "last_modified": "2026-04-13T17:41:37.357", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00023, "epss_percentile": 0.0622, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 15, "ats_level": "INFO", "ats_breakdown": {"severity": 14.7, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5704", "description": "A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files onto a system without detection.", "cvss_score": 5.0, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-434"], "affected_products": [], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-5704", "source": "secalert@redhat.com", "tags": []}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455360", "source": "secalert@redhat.com", "tags": []}, {"url": "http://www.openwall.com/lists/oss-security/2026/04/11/10", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "http://www.openwall.com/lists/oss-security/2026/04/11/11", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "http://www.openwall.com/lists/oss-security/2026/04/12/2", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2026-04-06T16:16:42.140", "last_modified": "2026-04-12T06:16:21.607", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00025, "epss_percentile": 0.06962, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1105", "name": "Ingress Tool Transfer", "tactic": "Command and Control"}], "ats_score": 15, "ats_level": "INFO", "ats_breakdown": {"severity": 15.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35516", "description": "LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, LinkRepository::update and CheckLinksCommand::checkLink do not check for private IPs. An authenticated user can read responses from internal services (AWS IMDSv1, cloud metadata, internal APIs) by creating a link with a public URL and then updating it to a private IP. The links:check cron job makes the request server-side without IP filtering. This can expose cloud credentials, internal service data, and network topology. This vulnerability is fixed in 2.5.4.", "cvss_score": 5.0, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-918"], "affected_products": [{"vendor": "linkace", "product": "linkace", "cpe": "cpe:2.3:a:linkace:linkace:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/Kovah/LinkAce/security/advisories/GHSA-4jhm-r4f5-p7xm", "source": "security-advisories@github.com", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}, {"url": "https://github.com/Kovah/LinkAce/security/advisories/GHSA-4jhm-r4f5-p7xm", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}], "published": "2026-04-07T16:16:27.937", "last_modified": "2026-04-14T20:27:53.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00028, "epss_percentile": 0.07886, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1090", "name": "Proxy", "tactic": "Command and Control"}], "ats_score": 15, "ats_level": "INFO", "ats_breakdown": {"severity": 15.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39521", "description": "Server-Side Request Forgery (SSRF) vulnerability in Nelio Software Nelio Content nelio-content allows Server Side Request Forgery.This issue affects Nelio Content: from n/a through <= 4.3.1.", "cvss_score": 4.9, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-918"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/nelio-content/vulnerability/wordpress-nelio-content-plugin-4-3-1-server-side-request-forgery-ssrf-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:25.793", "last_modified": "2026-04-13T16:16:30.283", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00028, "epss_percentile": 0.07886, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1090", "name": "Proxy", "tactic": "Command and Control"}], "ats_score": 15, "ats_level": "INFO", "ats_breakdown": {"severity": 14.7, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34757", "description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained from png_get_PLTE, png_get_tRNS, or png_get_hIST back into the corresponding setter on the same png_struct/png_info pair causes the setter to read from freed memory and copy its contents into the replacement buffer. The setter frees the internal buffer before copying from the caller-supplied pointer, which now dangles. The freed region may contain stale data (producing silently corrupted chunk metadata) or data from subsequent heap allocations (leaking unrelated heap contents into the chunk struct). This vulnerability is fixed in 1.6.57.", "cvss_score": 5.1, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-416"], "affected_products": [], "references": [{"url": "https://github.com/pnggroup/libpng/commit/398cbe3df03f4e11bb031e07f416dfdde3684e8a", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/pnggroup/libpng/commit/55d20aaa322c9274491cda82c5cd4f99b48c6bcc", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/pnggroup/libpng/issues/836", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/pnggroup/libpng/issues/837", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-6fr7-g8h7-v645", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-09T15:16:11.003", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00012, "epss_percentile": 0.01702, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 15, "ats_level": "INFO", "ats_breakdown": {"severity": 15.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35634", "description": "OpenClaw before 2026.3.23 contains an authentication bypass vulnerability in the Canvas gateway where authorizeCanvasRequest() unconditionally allows local-direct requests without validating bearer tokens or canvas capabilities. Attackers can send unauthenticated loopback HTTP and WebSocket requests to Canvas routes to bypass authentication and gain unauthorized access.", "cvss_score": 5.1, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-288"], "affected_products": [], "references": [{"url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://github.com/openclaw/openclaw/commit/d5dc6b6573ae489bc7e5651090f4767b93537c9e", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-6mqc-jqh6-x8fc", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/openclaw-authentication-bypass-via-local-direct-requests-in-canvas-gateway", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-09T22:16:32.380", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00024, "epss_percentile": 0.06577, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 15, "ats_level": "INFO", "ats_breakdown": {"severity": 15.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4979", "description": "The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP plugin for WordPress is vulnerable to blind Server-Side Request Forgery in all versions up to, and including, 1.2.58. This is due to insufficient URL origin validation in the process_image_crop() method when processing avatar/banner image crop operations. The function accepts a user-controlled URL via the uwp_crop POST parameter and only validates it using esc_url() for sanitization and wp_check_filetype() for extension verification, without enforcing that the URL references a local uploads file. The URL is then passed to uwp_resizeThumbnailImage() which uses it in PHP image processing functions (getimagesize(), imagecreatefrom*()) that support URL wrappers and perform outbound HTTP requests. This makes it possible for authenticated attackers with subscriber-level access and above to coerce the WordPress server into making arbitrary HTTP requests to attacker-controlled or internal network destinations, enabling internal network scanning and potential access to sensitive services.", "cvss_score": 5.0, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-918"], "affected_products": [], "references": [{"url": "https://github.com/AyeCode/userswp/commit/ca0c81b9c76a26c5ac78a8f3604cf9122a7a4aa1", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/userswp/tags/1.2.55/includes/class-forms.php#L198", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/userswp/tags/1.2.55/includes/helpers/misc.php#L136", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/userswp/trunk/includes/class-forms.php#L198", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/userswp/trunk/includes/helpers/misc.php#L136", "source": "security@wordfence.com", "tags": []}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9cd2b3fd-1bca-4611-9753-ccb57b0e36a4?source=cve", "source": "security@wordfence.com", "tags": []}], "published": "2026-04-11T02:16:02.463", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00031, "epss_percentile": 0.08927, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1090", "name": "Proxy", "tactic": "Command and Control"}], "ats_score": 15, "ats_level": "INFO", "ats_breakdown": {"severity": 15.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40447", "description": "Integer overflow or wraparound vulnerability in Samsung Open Source Escargot allows undefined behavior.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335.", "cvss_score": 5.1, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-190"], "affected_products": [], "references": [{"url": "https://github.com/Samsung/escargot/pull/1554", "source": "PSIRT@samsung.com", "tags": []}], "published": "2026-04-13T06:16:06.790", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00013, "epss_percentile": 0.02086, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 15, "ats_level": "INFO", "ats_breakdown": {"severity": 15.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34866", "description": "Out-of-bounds write vulnerability in the WEB module.Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.", "cvss_score": 5.1, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-120"], "affected_products": [], "references": [{"url": "https://consumer.huawei.com/en/support/bulletinwearables/2026/4/", "source": "psirt@huawei.com", "tags": []}], "published": "2026-04-13T07:16:50.127", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 6e-05, "epss_percentile": 0.00412, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 15, "ats_level": "INFO", "ats_breakdown": {"severity": 15.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34238", "description": "ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, an integer overflow in the despeckle operation causes a heap buffer overflow on 32-bit builds that will result in an out of bounds write. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.", "cvss_score": 5.1, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-190", "CWE-787"], "affected_products": [], "references": [{"url": "https://github.com/ImageMagick/ImageMagick/commit/bcd8519c70ecd9ebbc180920f2cf97b267d1f440", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-26qp-ffjh-2x4v", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-13T22:16:29.310", "last_modified": "2026-04-13T22:16:29.310", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00012, "epss_percentile": 0.01525, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 15, "ats_level": "INFO", "ats_breakdown": {"severity": 15.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27673", "description": "Due to a missing authorization check, SAP S/4HANA (Private Cloud and On-Premise) allows an authenticated user to delete files on the operating system and gain unauthorized control over file operations which could leads to no impact on Confidentiality, Low impact on Integrity and Availability of the application.", "cvss_score": 4.9, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://me.sap.com/notes/3703813", "source": "cna@sap.com", "tags": []}, {"url": "https://url.sap/sapsecuritypatchday", "source": "cna@sap.com", "tags": []}], "published": "2026-04-14T00:16:05.477", "last_modified": "2026-04-14T00:16:05.477", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00031, "epss_percentile": 0.08847, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 15, "ats_level": "INFO", "ats_breakdown": {"severity": 14.7, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34262", "description": "Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer", "cvss_score": 5.0, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-522"], "affected_products": [], "references": [{"url": "https://me.sap.com/notes/3730639", "source": "cna@sap.com", "tags": []}, {"url": "https://url.sap/sapsecuritypatchday", "source": "cna@sap.com", "tags": []}], "published": "2026-04-14T01:16:04.050", "last_modified": "2026-04-14T01:16:04.050", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00025, "epss_percentile": 0.06878, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 15, "ats_level": "INFO", "ats_breakdown": {"severity": 15.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39418", "description": "MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, sandbox network protection can be bypassed by using socket.sendto() with the MSG_FASTOPEN flag. This allows authenticated user with tool-editing permissions to reach internal services that are explicitly blocked by the sandbox's banned hosts configuration. MaxKB's sandbox uses LD_PRELOAD to hook the connect() function and block connections to banned IPs, but Linux's sendto() with the MSG_FASTOPEN flag can establish TCP connections directly through the kernel without ever calling connect(), completely bypassing the IP validation. Although sendto is listed in the syscall() wrapper, this is ineffective because glibc invokes the kernel syscall directly rather than routing through the hooked syscall() function. This issue has been fixed in version 2.8.0.", "cvss_score": 5.0, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-918"], "affected_products": [], "references": [{"url": "https://github.com/1Panel-dev/MaxKB/commit/4d06362750b15390437f1d2e4d14ec79baef8559", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/1Panel-dev/MaxKB/releases/tag/v2.8.0", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-w9g4-q3gm-6q6w", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-14T01:16:04.353", "last_modified": "2026-04-14T01:16:04.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00027, "epss_percentile": 0.07651, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1090", "name": "Proxy", "tactic": "Command and Control"}], "ats_score": 15, "ats_level": "INFO", "ats_breakdown": {"severity": 15.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39811", "description": "A integer overflow or wraparound vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow attacker to denial of service via <insert attack vector here>", "cvss_score": 4.9, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-190"], "affected_products": [], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-108", "source": "psirt@fortinet.com", "tags": []}], "published": "2026-04-14T16:16:45.310", "last_modified": "2026-04-14T16:16:45.310", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 15, "ats_level": "INFO", "ats_breakdown": {"severity": 14.7, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-22692", "description": "October is a Content Management System (CMS) and web platform. Versions prior to 3.7.13 and versions 4.0.0 through 4.1.4 contain a sandbox bypass vulnerability in the optional Twig safe mode feature (CMS_SAFE_MODE). Certain methods on the collect() helper were not properly restricted, allowing authenticated users with template editing permissions to bypass sandbox protections. Exploitation requires authenticated backend access with CMS template editing permissions and only affects installations with CMS_SAFE_MODE enabled (disabled by default). This issue has been fixed in versions 3.7.13 and 4.1.5. To workaround this issue, users can disable CMS_SAFE_MODE if untrusted template editing is not required, and restrict CMS template editing permissions to fully trusted administrators only.", "cvss_score": 4.9, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-284", "CWE-693"], "affected_products": [], "references": [{"url": "https://github.com/octobercms/october/security/advisories/GHSA-m5qg-jc75-4jp6", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-14T17:16:28.423", "last_modified": "2026-04-14T17:16:28.423", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 15, "ats_level": "INFO", "ats_breakdown": {"severity": 14.7, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2022-27672", "description": "When SMT is enabled, certain AMD processors may speculatively execute instructions using a target\nfrom the sibling thread after an SMT mode switch potentially resulting in information disclosure.", "cvss_score": 4.7, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": [], "affected_products": [{"vendor": "amd", "product": "athlon_x4_750_firmware", "cpe": "cpe:2.3:o:amd:athlon_x4_750_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "athlon_x4_760k_firmware", "cpe": "cpe:2.3:o:amd:athlon_x4_760k_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "athlon_x4_830_firmware", "cpe": "cpe:2.3:o:amd:athlon_x4_830_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "athlon_x4_840_firmware", "cpe": "cpe:2.3:o:amd:athlon_x4_840_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "athlon_x4_860k_firmware", "cpe": "cpe:2.3:o:amd:athlon_x4_860k_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "athlon_x4_870k_firmware", "cpe": "cpe:2.3:o:amd:athlon_x4_870k_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "athlon_x4_880k_firmware", "cpe": "cpe:2.3:o:amd:athlon_x4_880k_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "athlon_x4_835_firmware", "cpe": "cpe:2.3:o:amd:athlon_x4_835_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "athlon_x4_845_firmware", "cpe": "cpe:2.3:o:amd:athlon_x4_845_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "athlon_x4_940_firmware", "cpe": "cpe:2.3:o:amd:athlon_x4_940_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "athlon_x4_950_firmware", "cpe": "cpe:2.3:o:amd:athlon_x4_950_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "athlon_x4_970_firmware", "cpe": "cpe:2.3:o:amd:athlon_x4_970_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_threadripper_pro_5995wx_firmware", "cpe": "cpe:2.3:o:amd:ryzen_threadripper_pro_5995wx_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_threadripper_pro_5975w_firmware", "cpe": "cpe:2.3:o:amd:ryzen_threadripper_pro_5975w_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_threadripper_pro_5965wx_firmware", "cpe": "cpe:2.3:o:amd:ryzen_threadripper_pro_5965wx_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_threadripper_pro_5955wx_firmware", "cpe": "cpe:2.3:o:amd:ryzen_threadripper_pro_5955wx_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_threadripper_pro_5945wx_firmware", "cpe": "cpe:2.3:o:amd:ryzen_threadripper_pro_5945wx_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_threadripper_2990wx_firmware", "cpe": "cpe:2.3:o:amd:ryzen_threadripper_2990wx_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_threadripper_2970wx_firmware", "cpe": "cpe:2.3:o:amd:ryzen_threadripper_2970wx_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_threadripper_2950x_firmware", "cpe": "cpe:2.3:o:amd:ryzen_threadripper_2950x_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_threadripper_2920x_firmware", "cpe": "cpe:2.3:o:amd:ryzen_threadripper_2920x_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_threadripper_3960x_firmware", "cpe": "cpe:2.3:o:amd:ryzen_threadripper_3960x_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_threadripper_3970x_firmware", "cpe": "cpe:2.3:o:amd:ryzen_threadripper_3970x_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_threadripper_3990x_firmware", "cpe": "cpe:2.3:o:amd:ryzen_threadripper_3990x_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "a12-9730p_firmware", "cpe": "cpe:2.3:o:amd:a12-9730p_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "a12-9700p_firmware", "cpe": "cpe:2.3:o:amd:a12-9700p_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "a10-9630p_firmware", "cpe": "cpe:2.3:o:amd:a10-9630p_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "a10-9600p_firmware", "cpe": "cpe:2.3:o:amd:a10-9600p_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "a9-9420_firmware", "cpe": "cpe:2.3:o:amd:a9-9420_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "a9-9410_firmware", "cpe": "cpe:2.3:o:amd:a9-9410_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "a6-9220_firmware", "cpe": "cpe:2.3:o:amd:a6-9220_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "a6-9220c_firmware", "cpe": "cpe:2.3:o:amd:a6-9220c_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "a6-9210_firmware", "cpe": "cpe:2.3:o:amd:a6-9210_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "a4-9120_firmware", "cpe": "cpe:2.3:o:amd:a4-9120_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "a4-9120c_firmware", "cpe": "cpe:2.3:o:amd:a4-9120c_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_7_2700x_firmware", "cpe": "cpe:2.3:o:amd:ryzen_7_2700x_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_7_2700_firmware", "cpe": "cpe:2.3:o:amd:ryzen_7_2700_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_5_2600x_firmware", "cpe": "cpe:2.3:o:amd:ryzen_5_2600x_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_5_2600_firmware", "cpe": "cpe:2.3:o:amd:ryzen_5_2600_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_3_1200_firmware", "cpe": "cpe:2.3:o:amd:ryzen_3_1200_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_3_2300x_firmware", "cpe": "cpe:2.3:o:amd:ryzen_3_2300x_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_5_1600_af_firmware", "cpe": "cpe:2.3:o:amd:ryzen_5_1600_af_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_5_2500x_firmware", "cpe": "cpe:2.3:o:amd:ryzen_5_2500x_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_7_2700e_firmware", "cpe": "cpe:2.3:o:amd:ryzen_7_2700e_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_3_3100_firmware", "cpe": "cpe:2.3:o:amd:ryzen_3_3100_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_3_3300x_firmware", "cpe": "cpe:2.3:o:amd:ryzen_3_3300x_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_5_3500_firmware", "cpe": "cpe:2.3:o:amd:ryzen_5_3500_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_5_3500x_firmware", "cpe": "cpe:2.3:o:amd:ryzen_5_3500x_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_5_3600_firmware", "cpe": "cpe:2.3:o:amd:ryzen_5_3600_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_5_3600x_firmware", "cpe": "cpe:2.3:o:amd:ryzen_5_3600x_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_5_3600xt_firmware", "cpe": "cpe:2.3:o:amd:ryzen_5_3600xt_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_7_3700x_firmware", "cpe": "cpe:2.3:o:amd:ryzen_7_3700x_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_7_3800x_firmware", "cpe": "cpe:2.3:o:amd:ryzen_7_3800x_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_7_3800xt_firmware", "cpe": "cpe:2.3:o:amd:ryzen_7_3800xt_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_9_3900_firmware", "cpe": "cpe:2.3:o:amd:ryzen_9_3900_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_9_3900x_firmware", "cpe": "cpe:2.3:o:amd:ryzen_9_3900x_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_9_3900xt_firmware", "cpe": "cpe:2.3:o:amd:ryzen_9_3900xt_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_9_3950x_firmware", "cpe": "cpe:2.3:o:amd:ryzen_9_3950x_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_9_pro_3900_firmware", "cpe": "cpe:2.3:o:amd:ryzen_9_pro_3900_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_7_4700g_firmware", "cpe": "cpe:2.3:o:amd:ryzen_7_4700g_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_5_4600g_firmware", "cpe": "cpe:2.3:o:amd:ryzen_5_4600g_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_3_4300g_firmware", "cpe": "cpe:2.3:o:amd:ryzen_3_4300g_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_7_4700ge_firmware", "cpe": "cpe:2.3:o:amd:ryzen_7_4700ge_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_5_4600ge_firmware", "cpe": "cpe:2.3:o:amd:ryzen_5_4600ge_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_3_4300ge_firmware", "cpe": "cpe:2.3:o:amd:ryzen_3_4300ge_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_7_2800h_firmware", "cpe": "cpe:2.3:o:amd:ryzen_7_2800h_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_7_2700u_firmware", "cpe": "cpe:2.3:o:amd:ryzen_7_2700u_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_5_2600h_firmware", "cpe": "cpe:2.3:o:amd:ryzen_5_2600h_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_5_2500u_firmware", "cpe": "cpe:2.3:o:amd:ryzen_5_2500u_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_3_2300u_firmware", "cpe": "cpe:2.3:o:amd:ryzen_3_2300u_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_3_2200u_firmware", "cpe": "cpe:2.3:o:amd:ryzen_3_2200u_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "athlon_silver_3050e_firmware", "cpe": "cpe:2.3:o:amd:athlon_silver_3050e_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "athlon_pro_3045b_firmware", "cpe": "cpe:2.3:o:amd:athlon_pro_3045b_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "athlon_silver_3050u_firmware", "cpe": "cpe:2.3:o:amd:athlon_silver_3050u_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "athlon_silver_3050c_firmware", "cpe": "cpe:2.3:o:amd:athlon_silver_3050c_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "athlon_pro_3145b_firmware", "cpe": "cpe:2.3:o:amd:athlon_pro_3145b_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "athlon_gold_3150u_firmware", "cpe": "cpe:2.3:o:amd:athlon_gold_3150u_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "athlon_gold_3150c_firmware", "cpe": "cpe:2.3:o:amd:athlon_gold_3150c_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_7_3780u_firmware", "cpe": "cpe:2.3:o:amd:ryzen_7_3780u_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_7_3750h_firmware", "cpe": "cpe:2.3:o:amd:ryzen_7_3750h_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_7_pro_3700u_firmware", "cpe": "cpe:2.3:o:amd:ryzen_7_pro_3700u_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_7_3700u_firmware", "cpe": "cpe:2.3:o:amd:ryzen_7_3700u_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_5_3580u_firmware", "cpe": "cpe:2.3:o:amd:ryzen_5_3580u_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_5_3550h_firmware", "cpe": "cpe:2.3:o:amd:ryzen_5_3550h_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_5_pro_3500u_firmware", "cpe": "cpe:2.3:o:amd:ryzen_5_pro_3500u_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_5_3500u_firmware", "cpe": "cpe:2.3:o:amd:ryzen_5_3500u_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_3_pro_3300u_firmware", "cpe": "cpe:2.3:o:amd:ryzen_3_pro_3300u_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_3_3300u_firmware", "cpe": "cpe:2.3:o:amd:ryzen_3_3300u_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_3_3250u_firmware", "cpe": "cpe:2.3:o:amd:ryzen_3_3250u_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_3_3200u_firmware", "cpe": "cpe:2.3:o:amd:ryzen_3_3200u_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_7_pro_3700u_firmware", "cpe": "cpe:2.3:o:amd:ryzen_7_pro_3700u_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_5_pro_3500u_firmware", "cpe": "cpe:2.3:o:amd:ryzen_5_pro_3500u_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_3_pro_3300u_firmware", "cpe": "cpe:2.3:o:amd:ryzen_3_pro_3300u_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "athlon_pro_300u_firmware", "cpe": "cpe:2.3:o:amd:athlon_pro_300u_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_7_4800u_firmware", "cpe": "cpe:2.3:o:amd:ryzen_7_4800u_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_7_4700u_firmware", "cpe": "cpe:2.3:o:amd:ryzen_7_4700u_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_5_4600u_firmware", "cpe": "cpe:2.3:o:amd:ryzen_5_4600u_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_5_4500u_firmware", "cpe": "cpe:2.3:o:amd:ryzen_5_4500u_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_3_4300u_firmware", "cpe": "cpe:2.3:o:amd:ryzen_3_4300u_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_9_4900h_firmware", "cpe": "cpe:2.3:o:amd:ryzen_9_4900h_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_7_4800h_firmware", "cpe": "cpe:2.3:o:amd:ryzen_7_4800h_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_5_4600h_firmware", "cpe": "cpe:2.3:o:amd:ryzen_5_4600h_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_9_5980hx_firmware", "cpe": "cpe:2.3:o:amd:ryzen_9_5980hx_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_9_5980hs_firmware", "cpe": "cpe:2.3:o:amd:ryzen_9_5980hs_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_9_5900hx_firmware", "cpe": "cpe:2.3:o:amd:ryzen_9_5900hx_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_9_5900hs_firmware", "cpe": "cpe:2.3:o:amd:ryzen_9_5900hs_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_7_5800h_firmware", "cpe": "cpe:2.3:o:amd:ryzen_7_5800h_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_7_5800hs_firmware", "cpe": "cpe:2.3:o:amd:ryzen_7_5800hs_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_7_pro_5850u_firmware", "cpe": "cpe:2.3:o:amd:ryzen_7_pro_5850u_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_7_5825u_firmware", "cpe": "cpe:2.3:o:amd:ryzen_7_5825u_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_7_5800u_firmware", "cpe": "cpe:2.3:o:amd:ryzen_7_5800u_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_7_5700u_firmware", "cpe": "cpe:2.3:o:amd:ryzen_7_5700u_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_5_5600h_firmware", "cpe": "cpe:2.3:o:amd:ryzen_5_5600h_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_5_5600hs_firmware", "cpe": "cpe:2.3:o:amd:ryzen_5_5600hs_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_5_5625u_firmware", "cpe": "cpe:2.3:o:amd:ryzen_5_5625u_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_5_5600u_firmware", "cpe": "cpe:2.3:o:amd:ryzen_5_5600u_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_5_5500u_firmware", "cpe": "cpe:2.3:o:amd:ryzen_5_5500u_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_3_5425u_firmware", "cpe": "cpe:2.3:o:amd:ryzen_3_5425u_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_3_5400u_firmware", "cpe": "cpe:2.3:o:amd:ryzen_3_5400u_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "ryzen_3_5300u_firmware", "cpe": "cpe:2.3:o:amd:ryzen_3_5300u_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "athlon_gold_7220u_firmware", "cpe": "cpe:2.3:o:amd:athlon_gold_7220u_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "athlon_silver_7120u_firmware", "cpe": "cpe:2.3:o:amd:athlon_silver_7120u_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "athlon_gold_3150u_firmware", "cpe": "cpe:2.3:o:amd:athlon_gold_3150u_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "athlon_silver_3050u_firmware", "cpe": "cpe:2.3:o:amd:athlon_silver_3050u_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "epyc_7232p_firmware", "cpe": "cpe:2.3:o:amd:epyc_7232p_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "epyc_7302p_firmware", "cpe": "cpe:2.3:o:amd:epyc_7302p_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "epyc_7402p_firmware", "cpe": "cpe:2.3:o:amd:epyc_7402p_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "epyc_7502p_firmware", "cpe": "cpe:2.3:o:amd:epyc_7502p_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "epyc_7702p_firmware", "cpe": "cpe:2.3:o:amd:epyc_7702p_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "epyc_7252_firmware", "cpe": "cpe:2.3:o:amd:epyc_7252_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "epyc_7262_firmware", "cpe": "cpe:2.3:o:amd:epyc_7262_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "epyc_7272_firmware", "cpe": "cpe:2.3:o:amd:epyc_7272_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "epyc_7282_firmware", "cpe": "cpe:2.3:o:amd:epyc_7282_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "epyc_7302_firmware", "cpe": "cpe:2.3:o:amd:epyc_7302_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "epyc_7352_firmware", "cpe": "cpe:2.3:o:amd:epyc_7352_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "epyc_7402_firmware", "cpe": "cpe:2.3:o:amd:epyc_7402_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "epyc_7452_firmware", "cpe": "cpe:2.3:o:amd:epyc_7452_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "epyc_7502_firmware", "cpe": "cpe:2.3:o:amd:epyc_7502_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "epyc_7532_firmware", "cpe": "cpe:2.3:o:amd:epyc_7532_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "epyc_7542_firmware", "cpe": "cpe:2.3:o:amd:epyc_7542_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "epyc_7552_firmware", "cpe": "cpe:2.3:o:amd:epyc_7552_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "epyc_7642_firmware", "cpe": "cpe:2.3:o:amd:epyc_7642_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "epyc_7662_firmware", "cpe": "cpe:2.3:o:amd:epyc_7662_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "epyc_7702_firmware", "cpe": "cpe:2.3:o:amd:epyc_7702_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "epyc_7742_firmware", "cpe": "cpe:2.3:o:amd:epyc_7742_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "epyc_7h12_firmware", "cpe": "cpe:2.3:o:amd:epyc_7h12_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "epyc_7f32_firmware", "cpe": "cpe:2.3:o:amd:epyc_7f32_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "epyc_7f52_firmware", "cpe": "cpe:2.3:o:amd:epyc_7f52_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "epyc_7f72_firmware", "cpe": "cpe:2.3:o:amd:epyc_7f72_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "epyc_embedded_3451_firmware", "cpe": "cpe:2.3:o:amd:epyc_embedded_3451_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "epyc_embedded_3551_firmware", "cpe": "cpe:2.3:o:amd:epyc_embedded_3551_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "epyc_embedded_3255_firmware", "cpe": "cpe:2.3:o:amd:epyc_embedded_3255_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "epyc_embedded_3251_firmware", "cpe": "cpe:2.3:o:amd:epyc_embedded_3251_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "epyc_embedded_3201_firmware", "cpe": "cpe:2.3:o:amd:epyc_embedded_3201_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "epyc_embedded_3151_firmware", "cpe": "cpe:2.3:o:amd:epyc_embedded_3151_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "epyc_embedded_3101_firmware", "cpe": "cpe:2.3:o:amd:epyc_embedded_3101_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "epyc_embedded_7601_firmware", "cpe": "cpe:2.3:o:amd:epyc_embedded_7601_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "epyc_embedded_7551_firmware", "cpe": "cpe:2.3:o:amd:epyc_embedded_7551_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "epyc_embedded_7501_firmware", "cpe": "cpe:2.3:o:amd:epyc_embedded_7501_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "epyc_embedded_7451_firmware", "cpe": "cpe:2.3:o:amd:epyc_embedded_7451_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "epyc_embedded_7401_firmware", "cpe": "cpe:2.3:o:amd:epyc_embedded_7401_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "epyc_embedded_7371_firmware", "cpe": "cpe:2.3:o:amd:epyc_embedded_7371_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "epyc_embedded_7351_firmware", "cpe": "cpe:2.3:o:amd:epyc_embedded_7351_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "epyc_embedded_7301_firmware", "cpe": "cpe:2.3:o:amd:epyc_embedded_7301_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "epyc_embedded_7281_firmware", "cpe": "cpe:2.3:o:amd:epyc_embedded_7281_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "epyc_embedded_7261_firmware", "cpe": "cpe:2.3:o:amd:epyc_embedded_7261_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "epyc_embedded_7251_firmware", "cpe": "cpe:2.3:o:amd:epyc_embedded_7251_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "epyc_embedded_755p_firmware", "cpe": "cpe:2.3:o:amd:epyc_embedded_755p_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "epyc_embedded_740p_firmware", "cpe": "cpe:2.3:o:amd:epyc_embedded_740p_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "amd", "product": "epyc_embedded_735p_firmware", "cpe": "cpe:2.3:o:amd:epyc_embedded_735p_firmware:-:*:*:*:*:*:*:*"}], "references": [{"url": "https://security.gentoo.org/glsa/202402-07", "source": "psirt@amd.com", "tags": []}, {"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1045", "source": "psirt@amd.com", "tags": ["Mitigation", "Vendor Advisory"]}, {"url": "http://xenbits.xen.org/xsa/advisory-426.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://security.gentoo.org/glsa/202402-07", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1045", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Vendor Advisory"]}], "published": "2023-03-01T08:15:10.343", "last_modified": "2026-04-13T20:16:23.773", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0012, "epss_percentile": 0.3089, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 14, "ats_level": "INFO", "ats_breakdown": {"severity": 14.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-4087", "description": "A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption. This vulnerability was fixed in Firefox 138, Firefox ESR 128.10, Thunderbird 138, and Thunderbird 128.10.", "cvss_score": 4.8, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-125"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1952465", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-28/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-29/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-31/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-32/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00024.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-04-29T14:15:35.357", "last_modified": "2026-04-13T15:17:00.210", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00436, "epss_percentile": 0.63028, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 14, "ats_level": "INFO", "ats_breakdown": {"severity": 14.4, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-5264", "description": "Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability was fixed in Firefox 139, Firefox ESR 115.24, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11.", "cvss_score": 4.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-77"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1950001", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-42/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-43/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-44/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-45/", "source": "security@mozilla.org", "tags": []}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-46/", "source": "security@mozilla.org", "tags": []}, {"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00043.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00046.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-05-27T13:15:22.200", "last_modified": "2026-04-13T15:17:03.793", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00134, "epss_percentile": 0.33016, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 14, "ats_level": "INFO", "ats_breakdown": {"severity": 14.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-5265", "description": "Due to insufficient escaping of the ampersand character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system.\n*This bug only affects Firefox for Windows. Other versions of Firefox are unaffected.*. This vulnerability was fixed in Firefox 139, Firefox ESR 115.24, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11.", "cvss_score": 4.8, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-77"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1962301", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-42/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-43/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-44/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-45/", "source": "security@mozilla.org", "tags": []}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-46/", "source": "security@mozilla.org", "tags": []}], "published": "2025-05-27T13:15:22.303", "last_modified": "2026-04-13T15:17:04.010", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00059, "epss_percentile": 0.18414, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 14, "ats_level": "INFO", "ats_breakdown": {"severity": 14.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-40891", "description": "A Stored HTML Injection vulnerability was discovered in the Time Machine Snapshot Diff functionality due to improper validation of network traffic data. An unauthenticated attacker can send specially crafted network packets at two different times to inject HTML tags into asset attributes across two snapshots. Exploitation requires a victim to use the Time Machine Snapshot Diff feature on those specific snapshots and perform specific GUI actions, at which point the injected HTML renders in their browser, enabling phishing and open redirect attacks. Full XSS exploitation is prevented by input validation and Content Security Policy. Attack complexity is high due to multiple required conditions.", "cvss_score": 4.7, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [{"vendor": "nozominetworks", "product": "cmc", "cpe": "cpe:2.3:a:nozominetworks:cmc:*:*:*:*:*:*:*:*"}, {"vendor": "nozominetworks", "product": "guardian", "cpe": "cpe:2.3:a:nozominetworks:guardian:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://security.nozominetworks.com/NN-2025:12-01", "source": "prodsec@nozominetworks.com", "tags": ["Vendor Advisory"]}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-827968.html", "source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e", "tags": []}], "published": "2025-12-18T14:15:59.270", "last_modified": "2026-04-14T10:16:26.790", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0004, "epss_percentile": 0.12182, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 14, "ats_level": "INFO", "ats_breakdown": {"severity": 14.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27854", "description": "An attacker might be able to trigger a use-after-free by sending crafted DNS queries to a DNSdist using the DNSQuestion:getEDNSOptions method in custom Lua code. In some cases DNSQuestion:getEDNSOptions might refer to a version of the DNS packet that has been modified, thus triggering a use-after-free and potentially a crash resulting in denial of service.", "cvss_score": 4.8, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-416"], "affected_products": [{"vendor": "powerdns", "product": "dnsdist", "cpe": "cpe:2.3:a:powerdns:dnsdist:*:*:*:*:*:*:*:*"}, {"vendor": "powerdns", "product": "dnsdist", "cpe": "cpe:2.3:a:powerdns:dnsdist:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html", "source": "security@open-xchange.com", "tags": ["Vendor Advisory"]}], "published": "2026-03-31T12:16:28.053", "last_modified": "2026-04-14T16:09:48.420", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00011, "epss_percentile": 0.01319, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 14, "ats_level": "INFO", "ats_breakdown": {"severity": 14.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-3468", "description": "A stored Cross-Site Scripting (XSS) vulnerability has been identified in the SonicWall Email Security appliance due to improper neutralization of user-supplied input during web page generation, allowing a remote authenticated attacker as admin user to potentially execute arbitrary JavaScript code.", "cvss_score": 4.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [{"vendor": "sonicwall", "product": "email_security", "cpe": "cpe:2.3:a:sonicwall:email_security:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0002", "source": "PSIRT@sonicwall.com", "tags": ["Vendor Advisory"]}], "published": "2026-03-31T21:16:32.950", "last_modified": "2026-04-13T16:50:20.080", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00046, "epss_percentile": 0.14059, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 14, "ats_level": "INFO", "ats_breakdown": {"severity": 14.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34561", "description": "CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within System Settings – Social Media Management. Multiple configuration fields, including Social Media and Social Media Link, accept attacker-controlled input that is stored server-side and later rendered without proper output encoding. This issue has been patched in version 0.31.0.0.", "cvss_score": 4.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [{"vendor": "ci4-cms-erp", "product": "ci4ms", "cpe": "cpe:2.3:a:ci4-cms-erp:ci4ms:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/ci4-cms-erp/ci4ms/releases/tag/0.31.0.0", "source": "security-advisories@github.com", "tags": ["Release Notes"]}, {"url": "https://github.com/ci4-cms-erp/ci4ms/security/advisories/GHSA-gcfj-cf7j-vwgj", "source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"]}], "published": "2026-04-01T22:16:19.490", "last_modified": "2026-04-13T17:56:09.093", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00047, "epss_percentile": 0.14317, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 14, "ats_level": "INFO", "ats_breakdown": {"severity": 14.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39484", "description": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in John Darrel Hide My WP Ghost hide-my-wp allows Phishing.This issue affects Hide My WP Ghost: from n/a through < 7.0.00.", "cvss_score": 4.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-601"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/hide-my-wp/vulnerability/wordpress-hide-my-wp-ghost-plugin-7-0-00-open-redirection-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:23.110", "last_modified": "2026-04-14T16:16:44.680", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00022, "epss_percentile": 0.05956, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 14, "ats_level": "INFO", "ats_breakdown": {"severity": 14.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5838", "description": "A vulnerability was determined in PHPGurukul News Portal Project 4.1. This vulnerability affects unknown code of the file /admin/add-subadmins.php. This manipulation of the argument sadminusername causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.", "cvss_score": 4.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-74", "CWE-89"], "affected_products": [], "references": [{"url": "https://github.com/f1rstb100d/CVE/issues/27", "source": "cna@vuldb.com", "tags": []}, {"url": "https://phpgurukul.com/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/789908", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356294", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356294/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-09T05:16:05.580", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00027, "epss_percentile": 0.07653, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 14, "ats_level": "INFO", "ats_breakdown": {"severity": 14.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5839", "description": "A vulnerability was identified in PHPGurukul News Portal Project 4.1. This issue affects some unknown processing of the file /admin/add-subcategory.php. Such manipulation of the argument sucatdescription leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used.", "cvss_score": 4.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-74", "CWE-89"], "affected_products": [], "references": [{"url": "https://github.com/f1rstb100d/CVE/issues/28", "source": "cna@vuldb.com", "tags": []}, {"url": "https://phpgurukul.com/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/789912", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356295", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356295/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-09T05:16:05.780", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00027, "epss_percentile": 0.07653, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 14, "ats_level": "INFO", "ats_breakdown": {"severity": 14.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5840", "description": "A security flaw has been discovered in PHPGurukul News Portal Project 4.1. Impacted is an unknown function of the file /admin/check_availability.php. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks.", "cvss_score": 4.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-74", "CWE-89"], "affected_products": [], "references": [{"url": "https://github.com/f1rstb100d/CVE/issues/29", "source": "cna@vuldb.com", "tags": []}, {"url": "https://phpgurukul.com/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/789913", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356296", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356296/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-09T05:16:05.987", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00027, "epss_percentile": 0.07653, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 14, "ats_level": "INFO", "ats_breakdown": {"severity": 14.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5848", "description": "A vulnerability was found in jeecgboot JimuReport up to 2.3.0. The affected element is the function DriverManager.getConnection of the file /drag/onlDragDataSource/testConnection of the component Data Source Handler. Performing a manipulation of the argument dbUrl results in code injection. The attack may be initiated remotely. The exploit has been made public and could be used. The vendor confirmed the issue and will provide a fix in the upcoming release.", "cvss_score": 4.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-74", "CWE-94"], "affected_products": [], "references": [{"url": "https://github.com/jeecgboot/jimureport/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/jeecgboot/jimureport/issues/4587", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/jeecgboot/jimureport/issues/4587#issuecomment-4152596778", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/790769", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356374", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356374/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-09T06:16:23.070", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00051, "epss_percentile": 0.15556, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 14, "ats_level": "INFO", "ats_breakdown": {"severity": 14.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35623", "description": "OpenClaw before 2026.3.25 contains a missing rate limiting vulnerability in webhook authentication that allows attackers to brute-force weak webhook passwords without throttling. Remote attackers can repeatedly submit incorrect password guesses to the webhook endpoint to compromise authentication and gain unauthorized access.", "cvss_score": 4.8, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-307"], "affected_products": [], "references": [{"url": "https://github.com/openclaw/openclaw/commit/5e08ce36d522a1c96df2bfe88e39303ae2643d92", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-xq8g-hgh6-87hv", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/openclaw-brute-force-attack-via-missing-webhook-password-rate-limiting", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-09T22:16:30.530", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00047, "epss_percentile": 0.14463, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 14, "ats_level": "INFO", "ats_breakdown": {"severity": 14.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35628", "description": "OpenClaw before 2026.3.25 contains a missing rate limiting vulnerability in Telegram webhook authentication that allows attackers to brute-force weak webhook secrets. The vulnerability enables repeated authentication guesses without throttling, permitting attackers to systematically guess webhook secrets through brute-force attacks.", "cvss_score": 4.8, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-307"], "affected_products": [], "references": [{"url": "https://github.com/openclaw/openclaw/commit/c2c136ae9517ddd0789d742a0fdf4c10e8c729a7", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-vcx4-4qxg-mfp4", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/openclaw-brute-force-attack-via-missing-telegram-webhook-rate-limiting", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-09T22:16:31.423", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00038, "epss_percentile": 0.11148, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 14, "ats_level": "INFO", "ats_breakdown": {"severity": 14.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35635", "description": "OpenClaw before 2026.3.22 contains a webhook path route replacement vulnerability in the Synology Chat extension that allows attackers to collapse multi-account configurations onto shared webhook paths. Attackers can exploit inherited or duplicate webhook paths to bypass per-account DM access control policies and replace route ownership across accounts.", "cvss_score": 4.8, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-706"], "affected_products": [], "references": [{"url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://github.com/openclaw/openclaw/commit/980940aa58f862da4e19372597bbc2a9f268d70b", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-rqp8-q22p-5j9q", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/openclaw-webhook-path-route-replacement-vulnerability-in-synology-chat", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-09T22:16:32.567", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00029, "epss_percentile": 0.08118, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 14, "ats_level": "INFO", "ats_breakdown": {"severity": 14.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35646", "description": "OpenClaw before 2026.3.25 contains a pre-authentication rate-limit bypass vulnerability in webhook token validation that allows attackers to brute-force weak webhook secrets. The vulnerability exists because invalid webhook tokens are rejected without throttling repeated authentication attempts, enabling attackers to guess weak tokens through rapid successive requests.", "cvss_score": 4.8, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-307"], "affected_products": [], "references": [{"url": "https://github.com/openclaw/openclaw/commit/0b4d07337467f4d40a0cc1ced83d45ceaec0863c", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-mf5g-6r6f-ghhm", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/openclaw-pre-authentication-rate-limit-bypass-in-webhook-token-validation", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-09T22:16:34.223", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00055, "epss_percentile": 0.17206, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 14, "ats_level": "INFO", "ats_breakdown": {"severity": 14.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5987", "description": "A security vulnerability has been detected in Sanluan PublicCMS up to 6.202506.d. This affects the function AbstractFreemarkerView.doRender of the file publiccms-parent/publiccms-core/src/main/java/com/publiccms/common/base/AbstractFreemarkerView.java of the component FreeMarker Template Handler. Such manipulation leads to improper neutralization of special elements used in a template engine. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.", "cvss_score": 4.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-791", "CWE-1336"], "affected_products": [], "references": [{"url": "https://github.com/sanluan/PublicCMS/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/sanluan/PublicCMS/issues/113", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/792385", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356541", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356541/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-09T23:17:02.133", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00043, "epss_percentile": 0.12891, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 14, "ats_level": "INFO", "ats_breakdown": {"severity": 14.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40223", "description": "In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User=<unset> unit exists and is running.", "cvss_score": 4.7, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-696"], "affected_products": [], "references": [{"url": "https://github.com/systemd/systemd/security/advisories/GHSA-x4h8-rrrg-q78f", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-10T16:16:32.930", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00013, "epss_percentile": 0.02048, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 14, "ats_level": "INFO", "ats_breakdown": {"severity": 14.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35659", "description": "OpenClaw before 2026.3.22 contains a service discovery vulnerability where TXT metadata from Bonjour and DNS-SD could influence CLI routing even when actual service resolution failed. Attackers can exploit unresolved hints to steer routing decisions to unintended targets by providing malicious discovery metadata.", "cvss_score": 4.6, "cvss_vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-345"], "affected_products": [{"vendor": "openclaw", "product": "openclaw", "cpe": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*"}], "references": [{"url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87", "source": "disclosure@vulncheck.com", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/commit/deecf68b59a9b7eea978e40fd3c2fe543087b569", "source": "disclosure@vulncheck.com", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-rvqr-hrcc-j9vv", "source": "disclosure@vulncheck.com", "tags": ["Vendor Advisory"]}, {"url": "https://www.vulncheck.com/advisories/openclaw-unresolved-service-metadata-routing-via-bonjour-and-dns-sd-discovery", "source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"]}], "published": "2026-04-10T17:17:07.277", "last_modified": "2026-04-13T19:21:30.433", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 6e-05, "epss_percentile": 0.00406, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 14, "ats_level": "INFO", "ats_breakdown": {"severity": 13.8, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32932", "description": "Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Open Redirect vulnerability in the session course edit page allows an attacker to redirect an authenticated administrator to an arbitrary external URL after saving coach assignment changes. The redirect also leaks the id_session parameter to the attacker's server. This vulnerability is fixed in 1.11.38 and 2.0.0-RC.3.", "cvss_score": 4.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-601"], "affected_products": [], "references": [{"url": "https://github.com/chamilo/chamilo-lms/commit/b005b3d3e76cf6eafc03e15ac445ceff089551c0", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/chamilo/chamilo-lms/commit/fbd8d7eb37d05ec974293f05b6ffaaf9102ebd2b", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-q2cp-3qj3-wx8q", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-10T18:16:42.590", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00028, "epss_percentile": 0.07812, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 14, "ats_level": "INFO", "ats_breakdown": {"severity": 14.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34857", "description": "UAF vulnerability in the communication module.\nImpact: Successful exploitation of this vulnerability may affect availability.", "cvss_score": 4.7, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-362"], "affected_products": [], "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2026/4/", "source": "psirt@huawei.com", "tags": []}, {"url": "https://consumer.huawei.com/en/support/bulletinvision/2026/4/", "source": "psirt@huawei.com", "tags": []}, {"url": "https://consumer.huawei.com/en/support/bulletinwearables/2026/4/", "source": "psirt@huawei.com", "tags": []}], "published": "2026-04-13T05:16:03.520", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 5e-05, "epss_percentile": 0.0022, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}], "ats_score": 14, "ats_level": "INFO", "ats_breakdown": {"severity": 14.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33657", "description": "EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below have a stored HTML injection vulnerability that allows any authenticated user with standard (non-administrative) privileges to inject arbitrary HTML into system-generated email notifications by crafting malicious content in the post field of stream activity notes. The vulnerability exists because server-side Handlebars templates render the post field using unescaped triple-brace syntax, the Markdown processor preserves inline HTML by default, and the rendering pipeline explicitly skips sanitization for fields present in additionalData, creating a path where attacker-controlled HTML is accepted, stored, and rendered directly into emails without any escaping. Since the emails are sent using the system's configured SMTP identity (such as an administrative sender address), the injected content appears fully trusted to recipients, enabling phishing attacks, user tracking via embedded resources like image beacons, and UI manipulation within email content. The @mention feature further increases the impact by allowing targeted delivery of malicious emails to specific users. This issue has been fixed in version 9.3.4.", "cvss_score": 4.6, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-80", "CWE-116"], "affected_products": [], "references": [{"url": "https://github.com/espocrm/espocrm/releases/tag/9.3.4", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/espocrm/espocrm/security/advisories/GHSA-8prm-r5j9-j574", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/espocrm/espocrm/security/advisories/GHSA-8prm-r5j9-j574", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": []}], "published": "2026-04-13T20:16:34.143", "last_modified": "2026-04-13T21:16:24.627", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00028, "epss_percentile": 0.07972, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 14, "ats_level": "INFO", "ats_breakdown": {"severity": 13.8, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6220", "description": "A vulnerability was identified in HummerRisk up to 1.5.0. This vulnerability affects the function ServerService.addServer of the file ServerService.java of the component Video File Download URL Handler. Such manipulation of the argument streamIp leads to server-side request forgery. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.", "cvss_score": 4.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-918"], "affected_products": [], "references": [{"url": "https://github.com/ccccccctiiiiiiii-lab/public_exp/issues/1", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/785855", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357141", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357141/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-13T22:16:30.550", "last_modified": "2026-04-13T22:16:30.550", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00033, "epss_percentile": 0.0941, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1090", "name": "Proxy", "tactic": "Command and Control"}], "ats_score": 14, "ats_level": "INFO", "ats_breakdown": {"severity": 14.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39417", "description": "MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain an incomplete fix for CVE-2025-53928, where a Remote Code Execution vulnerability still exists in the MCP node of the workflow engine. MaxKB only restricts the referencing code path (loading MCP config from the database). The else branch, responsible for loading mcp_servers directly from user-supplied JSON remains completely unpatched. Since mcp_source is an optional field (required=False), an attacker can simply omit it or set it to any non-referencing value to bypass the fix. By calling the workflow creation API directly with a crafted JSON payload, an attacker can inject a complete MCP node configuration with stdio transport, arbitrary command, and args — achieving RCE when the workflow is triggered via chat. This issue has been fixed in version 2.8.0.", "cvss_score": 4.6, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-20", "CWE-78"], "affected_products": [], "references": [{"url": "https://github.com/1Panel-dev/MaxKB/commit/50e96002ee5dca34c68d3d9333b64ea358c92304", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/1Panel-dev/MaxKB/releases/tag/v2.8.0", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-pw52-326g-r5xj", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-14T00:16:07.193", "last_modified": "2026-04-14T00:16:07.193", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0006, "epss_percentile": 0.18582, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 14, "ats_level": "INFO", "ats_breakdown": {"severity": 13.8, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-22154", "description": "An improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated remote attacker to perform a stored cross site scripting (XSS) attack via crafted HTTP Requests.", "cvss_score": 4.6, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-117", "source": "psirt@fortinet.com", "tags": []}], "published": "2026-04-14T16:16:36.077", "last_modified": "2026-04-14T16:16:36.077", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 14, "ats_level": "INFO", "ats_breakdown": {"severity": 13.8, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39812", "description": "A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox PaaS 5.0.0 through 5.0.5, FortiSandbox PaaS 4.4.0 through 4.4.8, FortiSandbox PaaS 4.2 all versions may allow attacker to execute unauthorized code or commands via <insert attack vector here>", "cvss_score": 4.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-110", "source": "psirt@fortinet.com", "tags": []}], "published": "2026-04-14T16:16:45.490", "last_modified": "2026-04-14T16:16:45.490", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 14, "ats_level": "INFO", "ats_breakdown": {"severity": 14.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-20928", "description": "Improper removal of sensitive information before storage or transfer in Windows Recovery Environment Agent allows an unauthorized attacker to bypass a security feature with a physical attack.", "cvss_score": 4.6, "cvss_vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-212"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20928", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:16:42.870", "last_modified": "2026-04-14T18:16:42.870", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 14, "ats_level": "INFO", "ats_breakdown": {"severity": 13.8, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-20945", "description": "Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.", "cvss_score": 4.6, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20945", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:16:43.737", "last_modified": "2026-04-14T18:16:43.737", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 14, "ats_level": "INFO", "ats_breakdown": {"severity": 13.8, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-26175", "description": "Use of uninitialized resource in Windows Boot Manager allows an unauthorized attacker to bypass a security feature with a physical attack.", "cvss_score": 4.6, "cvss_vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-908"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26175", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:16:52.700", "last_modified": "2026-04-14T18:16:52.700", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 14, "ats_level": "INFO", "ats_breakdown": {"severity": 13.8, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-23108", "description": "Opening Javascript links in a new tab via long-press in the Firefox iOS client could result in a malicious script spoofing the URL of the new tab. This vulnerability was fixed in Firefox for iOS 134.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:iphone_os:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1933172", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-06/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-01-11T04:15:06.280", "last_modified": "2026-04-13T15:16:54.423", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00768, "epss_percentile": 0.73485, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.2, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-1019", "description": "The z-order of the browser windows could be manipulated to hide the fullscreen notification. This could potentially be leveraged to perform a spoofing attack. This vulnerability was fixed in Firefox 135 and Thunderbird 135.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-1021", "CWE-1021"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1940162", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-07/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-11/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-02-04T14:15:32.850", "last_modified": "2026-04-13T15:16:51.027", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00288, "epss_percentile": 0.52224, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-1935", "description": "A web page could trick a user into setting that site as the default handler for a custom URL protocol. This vulnerability was fixed in Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1866661", "source": "security@mozilla.org", "tags": ["Issue Tracking"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-14/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-16/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-17/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-18/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00006.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-03-04T14:15:38.390", "last_modified": "2026-04-13T15:16:52.633", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00189, "epss_percentile": 0.40715, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-27424", "description": "Websites redirecting to a non-HTTP scheme URL could allow a website address to be spoofed for a malicious page. This vulnerability was fixed in Firefox for iOS 136.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-601"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1945392", "source": "security@mozilla.org", "tags": ["Issue Tracking"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-13/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-03-04T14:15:39.397", "last_modified": "2026-04-13T15:16:55.137", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00379, "epss_percentile": 0.59426, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-27425", "description": "Scanning certain QR codes that included text with a website URL could allow the URL to be opened without presenting the user with a confirmation alert first. This vulnerability was fixed in Firefox for iOS 136.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-287"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1941525", "source": "security@mozilla.org", "tags": ["Issue Tracking"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-13/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-03-04T14:15:39.493", "last_modified": "2026-04-13T15:16:55.310", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00403, "epss_percentile": 0.60849, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1078", "name": "Valid Accounts", "tactic": "Initial Access"}], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-5020", "description": "Opening maliciously-crafted URLs in Firefox from other apps such as Safari could have allowed attackers to spoof website addresses if the URLs utilized non-HTTP schemes used internally by the Firefox iOS client. This vulnerability was fixed in Firefox for iOS 139.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-939"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:iphone_os:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1951558", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-39/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-05-21T18:15:53.840", "last_modified": "2026-04-13T15:17:03.370", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00181, "epss_percentile": 0.39747, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-5263", "description": "Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks. This vulnerability was fixed in Firefox 139, Firefox ESR 115.24, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-346"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:-:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1960745", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-42/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-43/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-44/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-45/", "source": "security@mozilla.org", "tags": []}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-46/", "source": "security@mozilla.org", "tags": []}, {"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00043.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00046.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-05-27T13:15:22.100", "last_modified": "2026-04-13T15:17:03.563", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00183, "epss_percentile": 0.4003, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-5266", "description": "Script elements loading cross-origin resources generated load and error events which leaked information enabling XS-Leaks attacks. This vulnerability was fixed in Firefox 139, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-200"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1965628", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-42/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-44/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-45/", "source": "security@mozilla.org", "tags": []}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-46/", "source": "security@mozilla.org", "tags": []}, {"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00043.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00046.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-05-27T13:15:22.403", "last_modified": "2026-04-13T15:17:04.210", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00434, "epss_percentile": 0.62855, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1005", "name": "Data from Local System", "tactic": "Collection"}], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-6425", "description": "An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. This vulnerability was fixed in Firefox 140, Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird 140, and Thunderbird 128.12.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-200"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1717672", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-51/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-52/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-53/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-54/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-55/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00029.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00002.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-06-24T13:15:23.403", "last_modified": "2026-04-13T15:17:06.333", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00113, "epss_percentile": 0.29837, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1005", "name": "Data from Local System", "tactic": "Collection"}], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-6428", "description": "When a URL was provided in a link querystring parameter, Firefox for Android would follow that URL instead of the correct URL, potentially leading to phishing attacks.\n*This bug only affects Firefox for Android. Other versions of Firefox are unaffected.*. This vulnerability was fixed in Firefox 140.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-601"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1970151", "source": "security@mozilla.org", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-51/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-06-24T13:15:23.770", "last_modified": "2026-04-13T15:17:06.867", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00062, "epss_percentile": 0.19313, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-6434", "description": "The exception page for the HTTPS-Only feature, displayed when a website is opened via HTTP, lacked an anti-clickjacking delay, potentially allowing an attacker to trick a user into granting an exception and loading a webpage over HTTP. This vulnerability was fixed in Firefox 140 and Thunderbird 140.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-1021"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1955182", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-51/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-54/", "source": "security@mozilla.org", "tags": []}], "published": "2025-06-24T13:15:24.447", "last_modified": "2026-04-13T15:17:07.977", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00047, "epss_percentile": 0.14346, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-8364", "description": "A crafted URL using a blob: URI could have hidden the true origin of the page, resulting in a potential spoofing attack.\n*Note: This issue only affected Android operating systems. Other operating systems are unaffected.*. This vulnerability was fixed in Firefox 141.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-451"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1909609", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1969937", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-56/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-08-19T21:15:29.510", "last_modified": "2026-04-13T15:17:13.173", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00034, "epss_percentile": 0.09991, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-13753", "description": "The WP Table Builder – Drag & Drop Table Builder plugin for WordPress is vulnerable to unauthorized modification of data due to an incorrect authorization check on the save_table() function in all versions up to, and including, 2.0.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create new wptb-table posts.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-863"], "affected_products": [], "references": [{"url": "https://plugins.trac.wordpress.org/changeset/3432381/wp-table-builder", "source": "security@wordfence.com", "tags": []}, {"url": "https://research.cleantalk.org/cve-2025-13753/", "source": "security@wordfence.com", "tags": []}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/95f49080-2263-4f6d-9372-30137efd8e10?source=cve", "source": "security@wordfence.com", "tags": []}, {"url": "https://research.cleantalk.org/cve-2025-13753/", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": []}], "published": "2026-01-09T08:15:56.833", "last_modified": "2026-04-14T16:16:29.530", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00012, "epss_percentile": 0.01829, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-0887", "description": "Clickjacking issue, information disclosure in the PDF Viewer component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-497"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2006500", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-03/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-05/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-01-13T14:16:39.240", "last_modified": "2026-04-13T15:17:17.927", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00014, "epss_percentile": 0.02694, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-1213", "description": "All versions of askbot before and including 0.12.2 allow an attacker authenticated with normal user permissions to modify the profile picture of other application users.This issue affects askbot: 0.12.2.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-639"], "affected_products": [{"vendor": "askbot", "product": "askbot", "cpe": "cpe:2.3:a:askbot:askbot:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://askbot.com/", "source": "help@fluidattacks.com", "tags": ["Product"]}, {"url": "https://fluidattacks.com/advisories/ghost", "source": "help@fluidattacks.com", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://github.com/ASKBOT/askbot-devel/commit/3da3d75f35204aa71633c7a315327ba39cb6295d", "source": "help@fluidattacks.com", "tags": ["Patch"]}], "published": "2026-01-27T14:15:55.887", "last_modified": "2026-04-14T14:58:57.673", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00015, "epss_percentile": 0.02872, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-0818", "description": "When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded in a text section of an email that was formatted and styled with HTML and CSS, then the decrypted contents were rendered in a context in which the CSS styles from the outer messages were active. If the user had additionally allowed loading of the remote content referenced by the outer email message, and the email was crafted by the sender using a combination of CSS rules and fonts and animations, then it was possible to extract the secret contents of the email. This vulnerability was fixed in Thunderbird 147.0.1 and Thunderbird 140.7.1.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-116", "CWE-200", "CWE-352"], "affected_products": [{"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1881530", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-07/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-08/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2026/02/msg00005.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2026-01-28T08:16:03.113", "last_modified": "2026-04-13T15:17:15.530", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 7e-05, "epss_percentile": 0.00509, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1005", "name": "Data from Local System", "tactic": "Collection"}, {"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-61658", "description": "Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files src/GlobalContributions/GlobalContributionsPager.Php.\n\nThis issue affects CheckUser: from * before 1.43.4, 1.44.1.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-22"], "affected_products": [{"vendor": "mediawiki", "product": "checkuser", "cpe": "cpe:2.3:a:mediawiki:checkuser:*:*:*:*:*:mediawiki:*:*"}, {"vendor": "mediawiki", "product": "checkuser", "cpe": "cpe:2.3:a:mediawiki:checkuser:1.44.0:*:*:*:*:mediawiki:*:*"}], "references": [{"url": "https://phabricator.wikimedia.org/T404805", "source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc", "tags": ["Permissions Required"]}], "published": "2026-02-03T02:16:08.303", "last_modified": "2026-04-14T14:47:54.713", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00093, "epss_percentile": 0.25979, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1083", "name": "File and Directory Discovery", "tactic": "Discovery"}], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-67476", "description": "Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Import/ImportableOldRevisionImporter.Php.\n\nThis issue affects MediaWiki: from * before 1.44.3, 1.45.1.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": [], "affected_products": [{"vendor": "mediawiki", "product": "mediawiki", "cpe": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*"}, {"vendor": "mediawiki", "product": "mediawiki", "cpe": "cpe:2.3:a:mediawiki:mediawiki:1.45.0:*:*:*:*:*:*:*"}], "references": [{"url": "https://phabricator.wikimedia.org/T405859", "source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc", "tags": ["Permissions Required"]}], "published": "2026-02-03T02:16:08.590", "last_modified": "2026-04-14T14:43:58.247", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00021, "epss_percentile": 0.05488, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2032", "description": "Malicious scripts that interrupt new tab page loading could cause desynchronization between the address bar and page content, allowing the attacker to spoof arbitrary HTML under a trusted domain. This vulnerability was fixed in Firefox for iOS 147.2.1.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-451"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:iphone_os:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2012152", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-09/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-02-16T15:18:34.620", "last_modified": "2026-04-13T15:17:19.800", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00033, "epss_percentile": 0.09484, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2802", "description": "Race condition in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.", "cvss_score": 4.2, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-362"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2011069", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2026-02-24T14:16:28.703", "last_modified": "2026-04-13T15:17:31.320", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00031, "epss_percentile": 0.08651, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.6, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-40894", "description": "A Stored HTML Injection vulnerability was discovered in the Alerted Nodes Dashboard functionality due to improper validation on an input parameter.\n\n\n\nA malicious authenticated user with the required privileges could edit a node label to inject HTML tags. If the system is configured to use the Alerted Nodes Dashboard, and alerts are reported for the affected node, then the injected HTML may render in the browser of a victim user interacting with it, enabling phishing and possibly open redirect attacks. Full XSS exploitation and direct information disclosure are prevented by the existing input validation and Content Security Policy configuration.", "cvss_score": 4.4, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [{"vendor": "nozominetworks", "product": "cmc", "cpe": "cpe:2.3:a:nozominetworks:cmc:*:*:*:*:*:*:*:*"}, {"vendor": "nozominetworks", "product": "guardian", "cpe": "cpe:2.3:a:nozominetworks:guardian:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://security.nozominetworks.com/NN-2025:16-01", "source": "prodsec@nozominetworks.com", "tags": ["Vendor Advisory"]}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-827968.html", "source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e", "tags": []}], "published": "2026-03-04T14:16:13.657", "last_modified": "2026-04-14T10:16:27.453", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00035, "epss_percentile": 0.10055, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 13.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2919", "description": "Malicious scripts could display attacker-controlled web content under spoofed domains in Focus for iOS by stalling a _self navigation to an invalid port and triggering an iframe redirect, causing the UI to display a trusted domain without user interaction. This vulnerability was fixed in Focus for iOS 148.2.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-451"], "affected_products": [], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1975842", "source": "security@mozilla.org", "tags": []}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-18/", "source": "security@mozilla.org", "tags": []}], "published": "2026-03-09T14:16:10.017", "last_modified": "2026-04-13T15:17:32.397", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0001, "epss_percentile": 0.00983, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2017-20221", "description": "Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains a cross-site request forgery vulnerability that allows authenticated attackers to execute arbitrary system commands by exploiting missing request validation. Attackers can craft malicious web pages that perform administrative actions when visited by logged-in users, enabling command execution with router privileges.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-352"], "affected_products": [{"vendor": "telesquare", "product": "sdt-cs3b1_firmware", "cpe": "cpe:2.3:o:telesquare:sdt-cs3b1_firmware:1.2.0:*:*:*:*:*:*:*"}], "references": [{"url": "https://cxsecurity.com/issue/WLB-2017120299", "source": "disclosure@vulncheck.com", "tags": ["Issue Tracking"]}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/136839", "source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"]}, {"url": "https://packetstormsecurity.com/files/145550", "source": "disclosure@vulncheck.com", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://www.exploit-db.com/exploits/43400/", "source": "disclosure@vulncheck.com", "tags": ["Exploit", "VDB Entry"]}, {"url": "https://www.vulncheck.com/advisories/telesquare-skt-lte-router-sdt-cs3b1-csrf-system-command-execution", "source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"]}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5443.php", "source": "disclosure@vulncheck.com", "tags": ["Exploit", "Third Party Advisory"]}], "published": "2026-03-16T14:17:51.913", "last_modified": "2026-04-14T17:29:56.040", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0002, "epss_percentile": 0.05175, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33238", "description": "WWBN AVideo is an open source video platform. Prior to version 26.0, the `listFiles.json.php` endpoint accepts a `path` POST parameter and passes it directly to `glob()` without restricting the path to an allowed base directory. An authenticated uploader can traverse the entire server filesystem by supplying arbitrary absolute paths, enumerating `.mp4` filenames and their full absolute filesystem paths wherever they exist on the server — including locations outside the web root, such as private or premium media directories. Version 26.0 contains a patch for the issue.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-22"], "affected_products": [{"vendor": "wwbn", "product": "avideo", "cpe": "cpe:2.3:a:wwbn:avideo:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/WWBN/AVideo/commit/870cf24a7632d4f1a5d5549b59103c18f39e3a21", "source": "security-advisories@github.com", "tags": ["Patch"]}, {"url": "https://github.com/WWBN/AVideo/issues/10403", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/WWBN/AVideo/security/advisories/GHSA-4wmm-6qxj-fpj4", "source": "security-advisories@github.com", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}], "published": "2026-03-21T00:16:26.700", "last_modified": "2026-04-13T18:16:29.743", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00047, "epss_percentile": 0.14209, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1083", "name": "File and Directory Discovery", "tactic": "Discovery"}], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34450", "description": "The Claude SDK for Python provides access to the Claude API from Python applications. From version 0.86.0 to before version 0.87.0, the local filesystem memory tool in the Anthropic Python SDK created memory files with mode 0o666, leaving them world-readable on systems with a standard umask and world-writable in environments with a permissive umask such as many Docker base images. A local attacker on a shared host could read persisted agent state, and in containerized deployments could modify memory files to influence subsequent model behavior. Both the synchronous and asynchronous memory tool implementations were affected. This issue has been patched in version 0.87.0.", "cvss_score": 4.4, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-276", "CWE-732"], "affected_products": [{"vendor": "anthropic", "product": "claude_sdk_for_python", "cpe": "cpe:2.3:a:anthropic:claude_sdk_for_python:*:*:*:*:*:python:*:*"}], "references": [{"url": "https://github.com/anthropics/anthropic-sdk-python/commit/715030ceb4d6dd8d3546e999c680e29532bf1255", "source": "security-advisories@github.com", "tags": ["Patch"]}, {"url": "https://github.com/anthropics/anthropic-sdk-python/releases/tag/v0.87.0", "source": "security-advisories@github.com", "tags": ["Release Notes"]}, {"url": "https://github.com/anthropics/anthropic-sdk-python/security/advisories/GHSA-q5f5-3gjm-7mfm", "source": "security-advisories@github.com", "tags": ["Vendor Advisory"]}], "published": "2026-03-31T22:16:19.987", "last_modified": "2026-04-13T15:10:50.597", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 8e-05, "epss_percentile": 0.00712, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 13.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-22662", "description": "prompts.chat prior to commit 1464475 contains a blind server-side request forgery vulnerability in the Wiro media generator that allows authenticated users to perform server-side fetches of user-controlled inputImageUrl parameters. Attackers can exploit this vulnerability by sending POST requests to the /api/media-generate endpoint to probe internal networks, access internal services, and exfiltrate data through the upstream Wiro service without receiving direct response bodies.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-918"], "affected_products": [{"vendor": "fka", "product": "prompts.chat", "cpe": "cpe:2.3:a:fka:prompts.chat:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/f/prompts.chat/commit/1464475df2698fb7ccd0cdbc382b0750466f891d", "source": "disclosure@vulncheck.com", "tags": ["Patch"]}, {"url": "https://github.com/f/prompts.chat/pull/1102", "source": "disclosure@vulncheck.com", "tags": ["Issue Tracking", "Mitigation", "Vendor Advisory"]}, {"url": "https://www.vulncheck.com/advisories/prompts-chat-blind-ssrf-via-media-generate", "source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"]}], "published": "2026-04-03T21:17:09.163", "last_modified": "2026-04-13T18:18:49.627", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00029, "epss_percentile": 0.08094, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1090", "name": "Proxy", "tactic": "Command and Control"}], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2016-20054", "description": "Nodcms contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious forms. Attackers can trick authenticated administrators into submitting requests to admin/user_manipulate and admin/settings/generall endpoints to create users or modify application settings without explicit consent.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79", "CWE-352"], "affected_products": [{"vendor": "nodcms", "product": "nodcms", "cpe": "cpe:2.3:a:nodcms:nodcms:1.0:*:*:*:*:*:*:*"}], "references": [{"url": "https://www.exploit-db.com/exploits/40707", "source": "disclosure@vulncheck.com", "tags": ["Exploit", "VDB Entry"]}], "published": "2026-04-04T20:16:15.940", "last_modified": "2026-04-14T16:15:22.450", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00034, "epss_percentile": 0.09712, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35181", "description": "WWBN AVideo is an open source video platform. In versions 26.0 and prior, the player skin configuration endpoint at admin/playerUpdate.json.php does not validate CSRF tokens. The plugins table is explicitly excluded from the ORM's domain-based security check via ignoreTableSecurityCheck(), removing the only other layer of defense. Combined with SameSite=None cookies, a cross-origin POST can modify the video player appearance on the entire platform.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-352"], "affected_products": [{"vendor": "wwbn", "product": "avideo", "cpe": "cpe:2.3:a:wwbn:avideo:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/WWBN/AVideo/security/advisories/GHSA-4q27-4rrq-fx95", "source": "security-advisories@github.com", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}, {"url": "https://github.com/WWBN/AVideo/security/advisories/GHSA-4q27-4rrq-fx95", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}], "published": "2026-04-06T20:16:26.393", "last_modified": "2026-04-14T19:57:50.827", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00016, "epss_percentile": 0.03356, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39469", "description": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Softaculous PageLayer pagelayer allows Retrieve Embedded Sensitive Data.This issue affects PageLayer: from n/a through <= 2.0.8.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-497"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/pagelayer/vulnerability/wordpress-pagelayer-plugin-2-0-8-sensitive-data-exposure-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:21.970", "last_modified": "2026-04-14T16:16:44.500", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00024, "epss_percentile": 0.065, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39476", "description": "Missing Authorization vulnerability in Syed Balkhi User Feedback userfeedback-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Feedback: from n/a through <= 1.10.1.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/userfeedback-lite/vulnerability/wordpress-user-feedback-plugin-1-10-1-broken-access-control-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:22.393", "last_modified": "2026-04-13T17:16:29.717", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00028, "epss_percentile": 0.07886, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39477", "description": "Missing Authorization vulnerability in Brainstorm Force CartFlows cartflows allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CartFlows: from n/a through <= 2.2.3.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/cartflows/vulnerability/wordpress-cartflows-plugin-2-2-3-broken-access-control-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:22.527", "last_modified": "2026-04-13T19:16:43.443", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00029, "epss_percentile": 0.08291, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39506", "description": "Missing Authorization vulnerability in Jordy Meow AI Engine (Pro) ai-engine-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Engine (Pro): from n/a through < 3.4.2.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/ai-engine-pro/vulnerability/wordpress-ai-engine-pro-plugin-3-4-2-broken-access-control-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:24.790", "last_modified": "2026-04-13T19:16:43.970", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00029, "epss_percentile": 0.08291, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39618", "description": "Cross-Site Request Forgery (CSRF) vulnerability in themearile NewsExo newsexo allows Cross Site Request Forgery.This issue affects NewsExo: from n/a through <= 7.1.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-352"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Theme/newsexo/vulnerability/wordpress-newsexo-theme-7-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:31.730", "last_modified": "2026-04-14T15:16:35.340", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00011, "epss_percentile": 0.01302, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39653", "description": "Missing Authorization vulnerability in Deepen Bajracharya Video Conferencing with Zoom video-conferencing-with-zoom-api allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Video Conferencing with Zoom: from n/a through <= 4.6.6.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/video-conferencing-with-zoom-api/vulnerability/wordpress-video-conferencing-with-zoom-plugin-4-6-6-broken-access-control-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:36.457", "last_modified": "2026-04-13T19:16:47.330", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00029, "epss_percentile": 0.08291, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-24511", "description": "Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.6 and versions 9.11.0.0 through 9.13.0.0, contains a generation of error message containing sensitive information vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure.", "cvss_score": 4.4, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-209"], "affected_products": [{"vendor": "dell", "product": "powerscale_onefs", "cpe": "cpe:2.3:o:dell:powerscale_onefs:*:*:*:*:*:*:*:*"}, {"vendor": "dell", "product": "powerscale_onefs", "cpe": "cpe:2.3:o:dell:powerscale_onefs:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000449337/dsa-2026-125-security-update-for-dell-powerscale-onefs-multiple-vulnerabilities", "source": "security_alert@emc.com", "tags": ["Vendor Advisory"]}], "published": "2026-04-08T13:16:40.367", "last_modified": "2026-04-13T11:38:48.477", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 6e-05, "epss_percentile": 0.00411, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1005", "name": "Data from Local System", "tactic": "Collection"}], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 13.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39415", "description": "Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Prior to 2.46.0, a vulnerability has been identified in Frappe Learning where quiz scores can be modified by students before submission. The application currently relies on client-side calculated scores, which can be altered using browser developer tools prior to sending the submission request. While this does not allow modification of other users’ data or privilege escalation, it compromises the integrity of quiz results and undermines academic reliability. This issue affects data integrity but does not expose confidential information or allow unauthorized access to other accounts. This vulnerability is fixed in 2.46.0.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-602"], "affected_products": [{"vendor": "frappe", "product": "learning", "cpe": "cpe:2.3:a:frappe:learning:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/frappe/lms/security/advisories/GHSA-9573-68xq-hwrx", "source": "security-advisories@github.com", "tags": ["Vendor Advisory"]}], "published": "2026-04-08T21:16:59.033", "last_modified": "2026-04-13T11:28:16.030", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00096, "epss_percentile": 0.2656, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40025", "description": "The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the APFS filesystem keybag parser where the wrapped_key_parser class follows attacker-controlled length fields without bounds checking, causing heap reads past the allocated buffer. An attacker can craft a malicious APFS disk image that triggers information disclosure or crashes when processed by any Sleuth Kit tool that parses APFS volumes.", "cvss_score": 4.4, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-125"], "affected_products": [{"vendor": "sleuthkit", "product": "the_sleuth_kit", "cpe": "cpe:2.3:a:sleuthkit:the_sleuth_kit:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/sleuthkit/sleuthkit/commit/8b9c9e7d493bd68624f3b1a3963edd45c3ff7611", "source": "disclosure@vulncheck.com", "tags": ["Patch"]}, {"url": "https://github.com/sleuthkit/sleuthkit/pull/3444", "source": "disclosure@vulncheck.com", "tags": ["Issue Tracking"]}, {"url": "https://mobasi.ai/sentinel", "source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"]}, {"url": "https://www.vulncheck.com/advisories/sleuth-kit-apfs-keybag-parser-out-of-bounds-read", "source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"]}], "published": "2026-04-08T22:16:22.603", "last_modified": "2026-04-13T20:28:29.893", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00012, "epss_percentile": 0.01556, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 13.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40026", "description": "The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the ISO9660 filesystem parser where the parse_susp() function trusts len_id, len_des, and len_src fields from the disk image to memcpy data into a stack buffer without verifying that the source data falls within the parsed SUSP block. An attacker can craft a malicious ISO image that causes reads past the end of the SUSP data buffer, and a zero-length SUSP entry can trigger an infinite parsing loop.", "cvss_score": 4.4, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-125"], "affected_products": [], "references": [{"url": "https://github.com/sleuthkit/sleuthkit/commit/a95b0ac21733b059a517aaefa667a17e1bcbdee1", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://github.com/sleuthkit/sleuthkit/pull/3445", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://mobasi.ai/sentinel", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/sleuth-kit-iso9660-susp-extension-reference-out-of-bounds-read", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-08T22:16:22.780", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00014, "epss_percentile": 0.0244, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 13.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5808", "description": "A vulnerability was detected in openstatusHQ openstatus up to 1b678e71a85961ae319cbb214a8eae634059330c. This impacts an unknown function of the file apps/dashboard/src/app/(dashboard)/onboarding/client.tsx of the component Onboarding Endpoint. The manipulation of the argument callbackURL results in cross site scripting. The attack may be launched remotely. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The patch is identified as 43d9b2b9ef8ae1a98f9bdc8a9f86d6a3dfaa2dfb. It is advisable to implement a patch to correct this issue. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79", "CWE-94"], "affected_products": [], "references": [{"url": "https://gist.github.com/TrebledJ/ab83abb1ca7ff6c1f39e16a37020f323", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/openstatusHQ/openstatus/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/openstatusHQ/openstatus/commit/43d9b2b9ef8ae1a98f9bdc8a9f86d6a3dfaa2dfb", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/openstatusHQ/openstatus/pull/1981", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/787321", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356245", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356245/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-08T22:16:24.867", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00039, "epss_percentile": 0.11801, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}, {"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5864", "description": "Heap buffer overflow in WebAudio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-122", "CWE-122"], "affected_products": [{"vendor": "google", "product": "chrome", "cpe": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html", "source": "chrome-cve-admin@google.com", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://issues.chromium.org/issues/490642831", "source": "chrome-cve-admin@google.com", "tags": ["Permissions Required"]}], "published": "2026-04-08T22:16:25.907", "last_modified": "2026-04-14T13:16:22.657", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00059, "epss_percentile": 0.18319, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5867", "description": "Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-122"], "affected_products": [{"vendor": "google", "product": "chrome", "cpe": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html", "source": "chrome-cve-admin@google.com", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://issues.chromium.org/issues/492668885", "source": "chrome-cve-admin@google.com", "tags": ["Permissions Required"]}], "published": "2026-04-08T22:16:26.247", "last_modified": "2026-04-14T13:16:22.857", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00029, "epss_percentile": 0.08111, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5869", "description": "Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-122"], "affected_products": [{"vendor": "google", "product": "chrome", "cpe": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html", "source": "chrome-cve-admin@google.com", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://issues.chromium.org/issues/493708165", "source": "chrome-cve-admin@google.com", "tags": ["Permissions Required"]}], "published": "2026-04-08T22:16:26.470", "last_modified": "2026-04-14T13:16:23.037", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00029, "epss_percentile": 0.08111, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5875", "description": "Policy bypass in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-639"], "affected_products": [{"vendor": "google", "product": "chrome", "cpe": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html", "source": "chrome-cve-admin@google.com", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://issues.chromium.org/issues/430198264", "source": "chrome-cve-admin@google.com", "tags": ["Permissions Required"]}], "published": "2026-04-08T22:16:27.110", "last_modified": "2026-04-13T17:55:24.720", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00025, "epss_percentile": 0.06904, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5878", "description": "Incorrect security UI in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-451"], "affected_products": [{"vendor": "google", "product": "chrome", "cpe": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html", "source": "chrome-cve-admin@google.com", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://issues.chromium.org/issues/365089001", "source": "chrome-cve-admin@google.com", "tags": ["Permissions Required"]}], "published": "2026-04-08T22:16:27.440", "last_modified": "2026-04-14T20:02:04.140", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00024, "epss_percentile": 0.06428, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5880", "description": "Insufficient policy enforcement in browser UI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-451"], "affected_products": [{"vendor": "google", "product": "chrome", "cpe": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html", "source": "chrome-cve-admin@google.com", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://issues.chromium.org/issues/424995036", "source": "chrome-cve-admin@google.com", "tags": ["Permissions Required"]}], "published": "2026-04-08T22:16:27.650", "last_modified": "2026-04-14T20:01:46.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00022, "epss_percentile": 0.05908, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5882", "description": "Incorrect security UI in Fullscreen in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-451"], "affected_products": [{"vendor": "google", "product": "chrome", "cpe": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html", "source": "chrome-cve-admin@google.com", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://issues.chromium.org/issues/480993682", "source": "chrome-cve-admin@google.com", "tags": ["Permissions Required"]}], "published": "2026-04-08T22:16:27.847", "last_modified": "2026-04-14T20:01:27.660", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00024, "epss_percentile": 0.06428, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5887", "description": "Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 147.0.7727.55 allowed a remote attacker to bypass download restrictions via a crafted HTML page. (Chromium security severity: Medium)", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-20", "CWE-20"], "affected_products": [{"vendor": "google", "product": "chrome", "cpe": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html", "source": "chrome-cve-admin@google.com", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://issues.chromium.org/issues/486079015", "source": "chrome-cve-admin@google.com", "tags": ["Issue Tracking", "Permissions Required"]}], "published": "2026-04-08T22:16:28.553", "last_modified": "2026-04-13T21:17:32.733", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00035, "epss_percentile": 0.10167, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5889", "description": "Cryptographic Flaw in PDFium in Google Chrome prior to 147.0.7727.55 allowed an attacker to read potentially sensitive information from encrypted PDFs via a brute-force attack. (Chromium security severity: Medium)", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-326"], "affected_products": [{"vendor": "google", "product": "chrome", "cpe": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html", "source": "chrome-cve-admin@google.com", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://issues.chromium.org/issues/486906037", "source": "chrome-cve-admin@google.com", "tags": ["Issue Tracking", "Permissions Required"]}], "published": "2026-04-08T22:16:28.783", "last_modified": "2026-04-14T11:45:17.880", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 6e-05, "epss_percentile": 0.00423, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5891", "description": "Insufficient policy enforcement in browser UI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-451"], "affected_products": [{"vendor": "google", "product": "chrome", "cpe": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html", "source": "chrome-cve-admin@google.com", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://issues.chromium.org/issues/487471101", "source": "chrome-cve-admin@google.com", "tags": ["Issue Tracking", "Permissions Required"]}], "published": "2026-04-08T22:16:28.990", "last_modified": "2026-04-14T11:44:52.557", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00054, "epss_percentile": 0.16774, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5894", "description": "Inappropriate implementation in PDF in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-358"], "affected_products": [{"vendor": "google", "product": "chrome", "cpe": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html", "source": "chrome-cve-admin@google.com", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://issues.chromium.org/issues/481882038", "source": "chrome-cve-admin@google.com", "tags": ["Issue Tracking", "Permissions Required"]}], "published": "2026-04-08T22:16:29.290", "last_modified": "2026-04-14T17:06:45.210", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0002, "epss_percentile": 0.05436, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5897", "description": "Incorrect security UI in Downloads in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-451"], "affected_products": [{"vendor": "google", "product": "chrome", "cpe": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html", "source": "chrome-cve-admin@google.com", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://issues.chromium.org/issues/419921726", "source": "chrome-cve-admin@google.com", "tags": ["Issue Tracking", "Permissions Required"]}], "published": "2026-04-08T22:16:29.597", "last_modified": "2026-04-13T21:17:16.333", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00026, "epss_percentile": 0.0725, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5898", "description": "Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-451"], "affected_products": [{"vendor": "google", "product": "chrome", "cpe": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html", "source": "chrome-cve-admin@google.com", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://issues.chromium.org/issues/470295118", "source": "chrome-cve-admin@google.com", "tags": ["Issue Tracking", "Permissions Required"]}], "published": "2026-04-08T22:16:29.690", "last_modified": "2026-04-13T21:17:07.427", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00026, "epss_percentile": 0.0725, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5900", "description": "Policy bypass in Downloads in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass of multi-download protections via a crafted HTML page. (Chromium security severity: Low)", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-693"], "affected_products": [{"vendor": "google", "product": "chrome", "cpe": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html", "source": "chrome-cve-admin@google.com", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://issues.chromium.org/issues/475265304", "source": "chrome-cve-admin@google.com", "tags": ["Issue Tracking", "Permissions Required"]}], "published": "2026-04-08T22:16:29.890", "last_modified": "2026-04-13T21:14:34.223", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00031, "epss_percentile": 0.08871, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5906", "description": "Incorrect security UI in Omnibox in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-451"], "affected_products": [{"vendor": "google", "product": "chrome", "cpe": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html", "source": "chrome-cve-admin@google.com", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://issues.chromium.org/issues/484082189", "source": "chrome-cve-admin@google.com", "tags": ["Permissions Required"]}], "published": "2026-04-08T22:16:30.490", "last_modified": "2026-04-14T14:51:10.977", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00024, "epss_percentile": 0.06428, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5911", "description": "Policy bypass in ServiceWorkers in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-693"], "affected_products": [{"vendor": "google", "product": "chrome", "cpe": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html", "source": "chrome-cve-admin@google.com", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://issues.chromium.org/issues/485785246", "source": "chrome-cve-admin@google.com", "tags": ["Permissions Required"]}], "published": "2026-04-08T22:16:31.010", "last_modified": "2026-04-14T14:44:36.710", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00029, "epss_percentile": 0.08002, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5918", "description": "Inappropriate implementation in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-346", "CWE-352"], "affected_products": [{"vendor": "google", "product": "chrome", "cpe": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html", "source": "chrome-cve-admin@google.com", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://issues.chromium.org/issues/490139441", "source": "chrome-cve-admin@google.com", "tags": ["Permissions Required"]}], "published": "2026-04-08T22:16:31.570", "last_modified": "2026-04-14T14:09:06.027", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00013, "epss_percentile": 0.02242, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-9484", "description": "GitLab has remediated an issue in GitLab EE affecting all versions from 16.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that under certain circumstances could have allowed an authenticated user to have access to other users' email addresses via certain GraphQL queries.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-862"], "affected_products": [{"vendor": "gitlab", "product": "gitlab", "cpe": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*"}, {"vendor": "gitlab", "product": "gitlab", "cpe": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*"}, {"vendor": "gitlab", "product": "gitlab", "cpe": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*"}], "references": [{"url": "https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/", "source": "cve@gitlab.com", "tags": ["Vendor Advisory", "Release Notes"]}, {"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/565363", "source": "cve@gitlab.com", "tags": ["Broken Link"]}, {"url": "https://hackerone.com/reports/3303810", "source": "cve@gitlab.com", "tags": ["Permissions Required"]}], "published": "2026-04-08T23:16:57.343", "last_modified": "2026-04-14T17:03:59.230", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00014, "epss_percentile": 0.02407, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-1752", "description": "GitLab has remediated an issue in GitLab EE affecting all versions from 11.3 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with developer-role permissions to modify protected environment settings due to improper authorization checks in the API.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-863"], "affected_products": [{"vendor": "gitlab", "product": "gitlab", "cpe": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*"}, {"vendor": "gitlab", "product": "gitlab", "cpe": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*"}, {"vendor": "gitlab", "product": "gitlab", "cpe": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*"}], "references": [{"url": "https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/", "source": "cve@gitlab.com", "tags": ["Vendor Advisory", "Release Notes"]}, {"url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/588413", "source": "cve@gitlab.com", "tags": ["Broken Link"]}, {"url": "https://hackerone.com/reports/3533545", "source": "cve@gitlab.com", "tags": ["Permissions Required"]}], "published": "2026-04-08T23:16:58.077", "last_modified": "2026-04-14T17:02:07.153", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00011, "epss_percentile": 0.01369, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2104", "description": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to access confidential issues assigned to other users via CSV export due to insufficient authorization checks.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-639"], "affected_products": [{"vendor": "gitlab", "product": "gitlab", "cpe": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*"}, {"vendor": "gitlab", "product": "gitlab", "cpe": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*"}, {"vendor": "gitlab", "product": "gitlab", "cpe": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*"}, {"vendor": "gitlab", "product": "gitlab", "cpe": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*"}, {"vendor": "gitlab", "product": "gitlab", "cpe": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*"}, {"vendor": "gitlab", "product": "gitlab", "cpe": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*"}], "references": [{"url": "https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/", "source": "cve@gitlab.com", "tags": ["Vendor Advisory", "Release Notes"]}, {"url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/589021", "source": "cve@gitlab.com", "tags": ["Broken Link"]}, {"url": "https://hackerone.com/reports/3541476", "source": "cve@gitlab.com", "tags": ["Permissions Required"]}], "published": "2026-04-08T23:16:58.393", "last_modified": "2026-04-14T16:57:57.377", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00014, "epss_percentile": 0.02407, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2619", "description": "GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that under certain circumstances could have allowed an authenticated user with auditor privileges to modify vulnerability flag data in private projects due to incorrect authorization.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-863"], "affected_products": [{"vendor": "gitlab", "product": "gitlab", "cpe": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*"}, {"vendor": "gitlab", "product": "gitlab", "cpe": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*"}, {"vendor": "gitlab", "product": "gitlab", "cpe": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*"}], "references": [{"url": "https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/", "source": "cve@gitlab.com", "tags": ["Vendor Advisory", "Release Notes"]}, {"url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/590430", "source": "cve@gitlab.com", "tags": ["Broken Link"]}, {"url": "https://hackerone.com/reports/3554982", "source": "cve@gitlab.com", "tags": ["Permissions Required"]}], "published": "2026-04-08T23:16:58.557", "last_modified": "2026-04-14T16:55:10.480", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00014, "epss_percentile": 0.02407, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5825", "description": "A vulnerability was detected in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /delmemberinfo.php. Performing a manipulation of the argument userid results in cross site scripting. The attack can be initiated remotely. The exploit is now public and may be used.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79", "CWE-94"], "affected_products": [], "references": [{"url": "https://code-projects.org/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/lonelyuan/vunls/issues/10", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/788334", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356272", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356272/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-09T01:16:49.150", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00011, "epss_percentile": 0.01207, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}, {"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5826", "description": "A flaw has been found in code-projects Simple IT Discussion Forum 1.0. This issue affects some unknown processing of the file /edit-category.php. Executing a manipulation of the argument Category can lead to cross site scripting. The attack can be launched remotely. The exploit has been published and may be used.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79", "CWE-94"], "affected_products": [], "references": [{"url": "https://code-projects.org/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/lonelyuan/vunls/issues/9", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/788335", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356273", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356273/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-09T01:16:50.187", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00011, "epss_percentile": 0.01207, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}, {"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-3568", "description": "The MStore API plugin for WordPress is vulnerable to  Insecure Direct Object Reference in all versions up to, and including, 4.18.3. This is due to the update_user_profile() function in controllers/flutter-user.php processing the 'meta_data' JSON parameter without any allowlist, blocklist, or validation of meta keys. The function reads raw JSON from php://input (line 1012), decodes it (line 1013), authenticates the user via cookie validation (line 1015), and then directly iterates over the user-supplied meta_data array passing arbitrary keys and values to update_user_meta() (line 1080) with no sanitization or restrictions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify arbitrary user meta fields on their own accounts, including sensitive fields like wp_user_level (to escalate to administrator-level legacy checks), plugin-specific authorization flags (e.g., _wpuf_user_active, aiowps_account_status), and billing/profile fields with unsanitized values (potentially enabling Stored XSS in admin contexts). Note that wp_capabilities cannot be directly exploited this way because it requires a serialized array value, but wp_user_level (a simple integer) and numerous plugin-specific meta keys are exploitable.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-639"], "affected_products": [], "references": [{"url": "https://plugins.trac.wordpress.org/browser/mstore-api/tags/4.18.3/controllers/flutter-user.php#L1012", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/mstore-api/tags/4.18.3/controllers/flutter-user.php#L1078", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/mstore-api/tags/4.18.3/controllers/flutter-user.php#L1080", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/mstore-api/trunk/controllers/flutter-user.php#L1012", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/mstore-api/trunk/controllers/flutter-user.php#L1078", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/mstore-api/trunk/controllers/flutter-user.php#L1080", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3494266%40mstore-api&new=3494266%40mstore-api&sfp_email=&sfph_mail=", "source": "security@wordfence.com", "tags": []}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a77bc126-4dbd-4a26-b98c-946341d4282f?source=cve", "source": "security@wordfence.com", "tags": []}], "published": "2026-04-09T04:16:59.177", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00032, "epss_percentile": 0.09232, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-3574", "description": "The Experto Dashboard for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings fields (including 'Navigation Font Size', 'Navigation Font Weight', 'Heading Font Size', 'Heading Font Weight', 'Text Font Size', and 'Text Font Weight') in all versions up to and including 1.0.4. This is due to insufficient input sanitization (no sanitize callback in register_setting()) and missing output escaping (no esc_attr() in the field_callback() printf output) on user-supplied values. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in the plugin settings page that will execute whenever a user accesses the settings page. This only affects multi-site installations and installations where unfiltered_html has been disabled.", "cvss_score": 4.4, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://plugins.trac.wordpress.org/browser/experto-custom-dashboard/tags/1.0.1/admin/class-ewc-admin.php#L312", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/experto-custom-dashboard/tags/1.0.1/admin/class-ewc-admin.php#L361", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/experto-custom-dashboard/trunk/admin/class-ewc-admin.php#L312", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/experto-custom-dashboard/trunk/admin/class-ewc-admin.php#L361", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3491768%40experto-custom-dashboard&new=3491768%40experto-custom-dashboard", "source": "security@wordfence.com", "tags": []}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a070f19e-9f65-499d-87c0-65be12d4be84?source=cve", "source": "security@wordfence.com", "tags": []}], "published": "2026-04-09T04:17:10.990", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00033, "epss_percentile": 0.09585, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 13.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5847", "description": "A vulnerability has been found in code-projects Movie Ticketing System 1.0. Impacted is an unknown function of the file /db/moviedb.sql of the component SQL Database Backup File Handler. Such manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-200", "CWE-284"], "affected_products": [], "references": [{"url": "https://code-projects.org/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/ahmadmarz10-hub/CVEsMarz/blob/main/Sensitive%20Information%20Disclosure%20in%20Movie%20Ticketing%20System%20PHP%20Exposed%20Database%20Backup.md", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/790337", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356373", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356373/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-09T05:16:06.880", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00032, "epss_percentile": 0.09005, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1005", "name": "Data from Local System", "tactic": "Collection"}], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-70811", "description": "Cross Site Request Forgery vulnerability in Phpbb phbb3 v.3.3.15 allows a local attacker to execute arbitrary code via the Admin Control Panel icon management functionality.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-352"], "affected_products": [], "references": [{"url": "https://github.com/ariefibis", "source": "cve@mitre.org", "tags": []}, {"url": "https://github.com/ariefibis/PHPBB/security/advisories/GHSA-56pv-xg3w-6822", "source": "cve@mitre.org", "tags": []}, {"url": "https://www.linkedin.com/in/mohammed-a-6a2548112/", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-09T15:16:09.163", "last_modified": "2026-04-14T17:16:27.190", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00017, "epss_percentile": 0.04032, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33005", "description": "Improper Handling of Insufficient Privileges vulnerability in Apache OpenMeetings.\n\nAny registered user can query web service with their credentials and get files/sub-folders of any folder by ID (metadata only NOT contents). Metadata includes id, type, name and some other field. Full list of fields get be checked at FileItemDTO object.\n\nThis issue affects Apache OpenMeetings: from 3.10 before 9.0.0.\n\nUsers are recommended to upgrade to version 9.0.0, which fixes the issue.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-274"], "affected_products": [], "references": [{"url": "https://lists.apache.org/thread/pttoprd628g3xr6lpp3bm1z8m3z8t4p7", "source": "security@apache.org", "tags": []}, {"url": "https://openmeetings.apache.org/openmeetings-db/apidocs/org.apache.openmeetings.db/org/apache/openmeetings/db/dto/file/FileItemDTO.html", "source": "security@apache.org", "tags": []}, {"url": "http://www.openwall.com/lists/oss-security/2026/04/09/10", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2026-04-09T16:16:26.823", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00025, "epss_percentile": 0.06812, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35041", "description": "fast-jwt provides fast JSON Web Token (JWT) implementation. From 5.0.0 to 6.2.0, a denial-of-service condition exists in fast-jwt when the allowedAud verification option is configured using a regular expression. Because the aud claim is attacker-controlled and the library evaluates it against the supplied RegExp, a crafted JWT can trigger catastrophic backtracking in the JavaScript regex engine, resulting in significant CPU consumption during verification. This vulnerability is fixed in 6.2.1.", "cvss_score": 4.2, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-1333"], "affected_products": [{"vendor": "nearform", "product": "fast-jwt", "cpe": "cpe:2.3:a:nearform:fast-jwt:*:*:*:*:*:node.js:*:*"}], "references": [{"url": "https://github.com/nearform/fast-jwt/commit/b0be0ca161593836a153d5180ca5358ad9b5de94", "source": "security-advisories@github.com", "tags": ["Patch"]}, {"url": "https://github.com/nearform/fast-jwt/pull/595", "source": "security-advisories@github.com", "tags": ["Issue Tracking", "Patch"]}, {"url": "https://github.com/nearform/fast-jwt/releases/tag/v6.2.1", "source": "security-advisories@github.com", "tags": ["Product", "Release Notes"]}, {"url": "https://github.com/nearform/fast-jwt/security/advisories/GHSA-cjw9-ghj4-fwxf", "source": "security-advisories@github.com", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}, {"url": "https://github.com/nearform/fast-jwt/security/advisories/GHSA-cjw9-ghj4-fwxf", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}], "published": "2026-04-09T16:16:27.383", "last_modified": "2026-04-14T20:15:13.637", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0003, "epss_percentile": 0.08581, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.6, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5960", "description": "A weakness has been identified in code-projects Patient Record Management System 1.0. This affects an unknown part of the file /db/hcpms.sql of the component SQL Database Backup File Handler. Executing a manipulation can lead to information disclosure. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-200", "CWE-284"], "affected_products": [], "references": [{"url": "https://code-projects.org/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/ahmadmarz10-hub/CVEsMarz/blob/main/Sensitive%20Information%20Disclosure%20in%20Patient%20Record%20Management%20System%20PHP%20Exposed%20Database%20Backup.md", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/788397", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356513", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356513/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-09T16:16:36.230", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00032, "epss_percentile": 0.09005, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1005", "name": "Data from Local System", "tactic": "Collection"}], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39985", "description": "LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. Prior to 27.0.3 and 28.0.1, the redirect parameter upon login to LORIS was not validating the value of the redirect as being within LORIS, which could be used to trick users into visiting arbitrary URLs if they are given a link with a third party redirect parameter. This vulnerability is fixed in 27.0.3 and 28.0.1.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-601"], "affected_products": [], "references": [{"url": "https://github.com/aces/Loris/commit/f57f54b42a076bf53ba86e20d4dbf37f63538f58", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/aces/Loris/releases/tag/v27.0.3", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/aces/Loris/releases/tag/v28.0.1", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/aces/Loris/security/advisories/GHSA-rch2-f5fw-cg95", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-09T18:17:02.653", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0003, "epss_percentile": 0.08356, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35617", "description": "OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Google Chat group policy enforcement that relies on mutable space display names. Attackers can rebind group policies by changing or colliding space display names to gain unauthorized access to protected resources.", "cvss_score": 4.2, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-807"], "affected_products": [], "references": [{"url": "https://github.com/openclaw/openclaw/commit/11ea1f67863d88b6cbcb229dd368a45e07094bff", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-52q4-3xjc-6778", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/openclaw-authorization-bypass-via-group-policy-rebinding-with-mutable-space-displayname", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-09T22:16:29.950", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00048, "epss_percentile": 0.14539, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.6, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35624", "description": "OpenClaw before 2026.3.22 contains a policy confusion vulnerability in room authorization that matches colliding room names instead of stable room tokens. Attackers can exploit similarly named rooms to bypass allowlist policies and gain unauthorized access to protected Nextcloud Talk rooms.", "cvss_score": 4.2, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-807"], "affected_products": [], "references": [{"url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://github.com/openclaw/openclaw/commit/a47722de7e3c9cbda8d5512747ca7e3bb8f6ee66", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-xhq5-45pm-2gjr", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/openclaw-policy-confusion-via-room-name-collision-in-nextcloud-talk", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-09T22:16:30.683", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0005, "epss_percentile": 0.15522, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.6, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35642", "description": "OpenClaw before 2026.3.25 contains an authorization bypass vulnerability where group reaction events bypass the requireMention access control mechanism. Attackers can trigger reactions in mention-gated groups to enqueue agent-visible system events that should remain restricted.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-288"], "affected_products": [], "references": [{"url": "https://github.com/openclaw/openclaw/commit/f8c98630785288cc1f1d0893503ef3b653a3cede", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-mw7w-g3mg-xqm7", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-group-reactions-via-requiremention-bypass", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-09T22:16:33.697", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00025, "epss_percentile": 0.06814, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-1924", "description": "The Aruba HiSpeed Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.4. This is due to missing nonce verification on the `ahsc_ajax_reset_options()` function. This makes it possible for unauthenticated attackers to reset all plugin settings to their default values via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-352"], "affected_products": [], "references": [{"url": "https://plugins.trac.wordpress.org/browser/aruba-hispeed-cache/tags/3.0.4/aruba-hispeed-cache.php#L631", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/aruba-hispeed-cache/tags/3.0.4/aruba-hispeed-cache.php#L632", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Faruba-hispeed-cache/tags/3.0.4&new_path=%2Faruba-hispeed-cache/tags/3.0.5", "source": "security@wordfence.com", "tags": []}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d2230151-fde2-43d6-8bff-0d2ffd559ab3?source=cve", "source": "security@wordfence.com", "tags": []}], "published": "2026-04-10T02:16:02.607", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00017, "epss_percentile": 0.03842, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4057", "description": "The Download Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `makeMediaPublic()` and `makeMediaPrivate()` functions in all versions up to, and including, 3.3.51. This is due to the functions only checking for `edit_posts` capability without verifying post ownership via `current_user_can('edit_post', $id)`, and the destructive operations executing before the admin-level check in `mediaAccessControl()`. This makes it possible for authenticated attackers, with Contributor-level access and above, to strip all protection metadata (password, access restrictions, private flag) from any media file they do not own, making admin-protected files publicly accessible via their direct URL.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.3.51/src/MediaLibrary/MediaAccessControl.php#L237", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.3.51/src/MediaLibrary/MediaAccessControl.php#L257", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/MediaLibrary/MediaAccessControl.php#L237", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/MediaLibrary/MediaAccessControl.php#L257", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/changeset/3492316/download-manager/trunk/src/MediaLibrary/MediaAccessControl.php", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fdownload-manager/tags/3.3.51&new_path=%2Fdownload-manager/tags/3.3.52", "source": "security@wordfence.com", "tags": []}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a6b02846-61be-4571-921d-53df5493f856?source=cve", "source": "security@wordfence.com", "tags": []}], "published": "2026-04-10T02:16:03.240", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00031, "epss_percentile": 0.0893, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4977", "description": "The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress is vulnerable to Improper Access Control in all versions up to, and including, 1.2.58 This is due to insufficient field-level permission validation in the upload_file_remove() AJAX handler where the $htmlvar parameter is not validated against a whitelist of allowed fields or checked against the field's for_admin_use property. This makes it possible for authenticated attackers, with subscriber-level access and above, to clear or reset any restricted usermeta column for their own user record, including fields marked as \"For admin use only\", bypassing intended field-level access restrictions.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://plugins.trac.wordpress.org/browser/userswp/tags/1.2.54/includes/class-forms.php#L2251", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/userswp/tags/1.2.54/includes/class-forms.php#L2274", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/userswp/tags/1.2.54/includes/class-meta.php#L165", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/userswp/trunk/includes/class-forms.php#L2251", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/userswp/trunk/includes/class-forms.php#L2274", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/userswp/trunk/includes/class-meta.php#L165", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fuserswp/tags/1.2.58&new_path=%2Fuserswp/tags/1.2.59", "source": "security@wordfence.com", "tags": []}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/efee685c-e2cd-471b-aea9-607124df6006?source=cve", "source": "security@wordfence.com", "tags": []}], "published": "2026-04-10T02:16:03.877", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00031, "epss_percentile": 0.0868, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6000", "description": "A vulnerability was found in code-projects Online Library Management System 1.0. Affected is an unknown function of the file /sql/library.sql of the component SQL Database Backup File Handler. Performing a manipulation results in information disclosure. The attack may be initiated remotely. The exploit has been made public and could be used.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-200", "CWE-284"], "affected_products": [], "references": [{"url": "https://code-projects.org/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/ahmadmarz10-hub/CVEsMarz/blob/main/Sensitive%20Information%20Disclosure%20in%20Online%20Library%20Management%20System%20PHP%20Exposed%20Database%20Backup.md", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/793895", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356554", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356554/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-10T03:16:04.270", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00032, "epss_percentile": 0.09005, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1005", "name": "Data from Local System", "tactic": "Collection"}], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6032", "description": "A vulnerability was found in code-projects Simple Laundry System 1.0. This impacts an unknown function of the file /checkcheckout.php. Performing a manipulation of the argument serviceId results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made public and could be used.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79", "CWE-94"], "affected_products": [], "references": [{"url": "https://code-projects.org/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/GeekShuo/None/issues/1", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/795487", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356608", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356608/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-10T08:16:26.473", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00033, "epss_percentile": 0.09343, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}, {"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6034", "description": "A flaw has been found in code-projects Vehicle Showroom Management System 1.0. Impacted is an unknown function of the file /BranchManagement/ProfitAndLossReport.php. Executing a manipulation of the argument BRANCH_ID can lead to cross site scripting. The attack may be launched remotely. The exploit has been published and may be used.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79", "CWE-94"], "affected_products": [], "references": [{"url": "https://code-projects.org/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/TAnNbR/CVE/issues/1", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/796199", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356615", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356615/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-10T08:16:26.900", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00033, "epss_percentile": 0.09343, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}, {"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6035", "description": "A vulnerability has been found in code-projects Vehicle Showroom Management System 1.0. The affected element is an unknown function of the file /BranchManagement/ServiceAndSalesReport.php. The manipulation of the argument BRANCH_ID leads to cross site scripting. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79", "CWE-94"], "affected_products": [], "references": [{"url": "https://code-projects.org/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/TAnNbR/CVE/issues/2", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/796200", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356616", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356616/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-10T08:16:27.110", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00033, "epss_percentile": 0.09343, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}, {"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35596", "description": "Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the hasAccessToLabel function contains a SQL operator precedence bug that allows any authenticated user to read any label that has at least one task association, regardless of project access. Label titles, descriptions, colors, and creator information are exposed. This vulnerability is fixed in 2.3.0.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-863"], "affected_products": [], "references": [{"url": "https://github.com/go-vikunja/vikunja/commit/fc216c38afaa51dd56dde7a97343d2148ecf24c1", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/go-vikunja/vikunja/pull/2578", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/go-vikunja/vikunja/releases/tag/v2.3.0", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/go-vikunja/vikunja/security/advisories/GHSA-hj5c-mhh2-g7jq", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-10T17:17:03.067", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00026, "epss_percentile": 0.07339, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35598", "description": "Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the CalDAV GetResource and GetResourcesByList methods fetch tasks by UID from the database without verifying that the authenticated user has access to the task's project. Any authenticated CalDAV user who knows (or guesses) a task UID can read the full task data from any project on the instance. This vulnerability is fixed in 2.3.0.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://github.com/go-vikunja/vikunja/commit/879462d717351fe5d276ddec5246bdec31b41661", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/go-vikunja/vikunja/pull/2579", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/go-vikunja/vikunja/releases/tag/v2.3.0", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/go-vikunja/vikunja/security/advisories/GHSA-48ch-p4gq-x46x", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/go-vikunja/vikunja/security/advisories/GHSA-48ch-p4gq-x46x", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": []}], "published": "2026-04-10T17:17:03.370", "last_modified": "2026-04-14T15:16:29.640", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00026, "epss_percentile": 0.07339, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35619", "description": "OpenClaw before 2026.3.24 contains an authorization bypass vulnerability in the HTTP /v1/models endpoint that fails to enforce operator read scope requirements. Attackers with only operator.approvals scope can enumerate gateway model metadata through the HTTP compatibility route, bypassing the stricter WebSocket RPC authorization checks.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-863"], "affected_products": [{"vendor": "openclaw", "product": "openclaw", "cpe": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*"}], "references": [{"url": "https://github.com/openclaw/openclaw/commit/06de515b6c42816b62ec752e1c221cab67b38501", "source": "disclosure@vulncheck.com", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-68f8-9mhj-h2mp", "source": "disclosure@vulncheck.com", "tags": ["Mitigation", "Vendor Advisory"]}, {"url": "https://www.vulncheck.com/advisories/openclaw-authorization-bypass-via-http-v1-models-endpoint", "source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"]}], "published": "2026-04-10T17:17:04.140", "last_modified": "2026-04-13T20:27:19.573", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00028, "epss_percentile": 0.07746, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35651", "description": "OpenClaw versions 2026.2.13 through 2026.3.24 contain an ANSI escape sequence injection vulnerability in approval prompts that allows attackers to spoof terminal output. Untrusted tool metadata can carry ANSI control sequences into approval prompts and permission logs, enabling attackers to manipulate displayed information through malicious tool titles.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-150"], "affected_products": [{"vendor": "openclaw", "product": "openclaw", "cpe": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*"}], "references": [{"url": "https://github.com/openclaw/openclaw/commit/464e2c10a5edceb380d815adb6ff56e1a4c50f60", "source": "disclosure@vulncheck.com", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-4hmj-39m8-jwc7", "source": "disclosure@vulncheck.com", "tags": ["Vendor Advisory"]}, {"url": "https://www.vulncheck.com/advisories/openclaw-ansi-escape-sequence-injection-in-approval-prompt", "source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"]}], "published": "2026-04-10T17:17:05.803", "last_modified": "2026-04-13T21:05:33.843", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00028, "epss_percentile": 0.07965, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35662", "description": "OpenClaw before 2026.3.22 fails to enforce controlScope restrictions on the send action, allowing leaf subagents to message controlled child sessions beyond their authorized scope. Attackers can exploit this by using the send action to communicate with child sessions without proper scope validation, bypassing intended access control restrictions.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-862"], "affected_products": [{"vendor": "openclaw", "product": "openclaw", "cpe": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*"}], "references": [{"url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87", "source": "disclosure@vulncheck.com", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/commit/7679eb375294941b02214c234aff3948796969d0", "source": "disclosure@vulncheck.com", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-x2cm-hg9c-mf5w", "source": "disclosure@vulncheck.com", "tags": ["Vendor Advisory"]}, {"url": "https://www.vulncheck.com/advisories/openclaw-missing-controlscope-enforcement-in-send-action", "source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"]}], "published": "2026-04-10T17:17:07.867", "last_modified": "2026-04-13T20:32:22.277", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00028, "epss_percentile": 0.07804, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40103", "description": "Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, Vikunja's scoped API token enforcement for custom project background routes is method-confused. A token with only projects.background can successfully delete a project background, while a token with only projects.background_delete is rejected. This is a scoped-token authorization bypass. This vulnerability is fixed in 2.3.0.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-836"], "affected_products": [], "references": [{"url": "https://github.com/go-vikunja/vikunja/commit/6a0f39b252a81fa4b19dc56dc889183acc9225ae", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/go-vikunja/vikunja/pull/2584", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/go-vikunja/vikunja/releases/tag/v2.3.0", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/go-vikunja/vikunja/security/advisories/GHSA-v479-vf79-mg83", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-10T17:17:13.143", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00026, "epss_percentile": 0.07341, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33118", "description": "Microsoft Edge (Chromium-based) Spoofing Vulnerability", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-451"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33118", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-10T22:16:21.123", "last_modified": "2026-04-14T18:17:34.180", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00064, "epss_percentile": 0.1971, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-3371", "description": "The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.9.7. This is due to missing authorization checks in the `save_course_content_order()` private method, which is called unconditionally by the `tutor_update_course_content_order` AJAX handler. While the handler's `content_parent` branch includes a `can_user_manage()` check, the `save_course_content_order()` call processes attacker-supplied `tutor_topics_lessons_sorting` JSON without any ownership or capability verification. This makes it possible for authenticated attackers with Subscriber-level access or above to detach lessons from topics, reorder course content, and reassign lessons between topics in any course, including admin-owned courses, by sending a crafted AJAX request with manipulated topic and lesson IDs.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-639"], "affected_products": [], "references": [{"url": "https://plugins.trac.wordpress.org/browser/tutor/trunk/classes/Course.php#L1687", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/tutor/trunk/classes/Course.php#L1755", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/browser/tutor/trunk/classes/Course.php#L252", "source": "security@wordfence.com", "tags": []}, {"url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Ftutor/tags/3.9.7&new_path=%2Ftutor/tags/3.9.8", "source": "security@wordfence.com", "tags": []}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f9cf0430-8577-449a-aefe-d7bf606fe2de?source=cve", "source": "security@wordfence.com", "tags": []}], "published": "2026-04-11T02:16:01.963", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00028, "epss_percentile": 0.07944, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6109", "description": "A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The impacted element is the function evaluateCode of the file metagpt/environment/minecraft/mineflayer/index.js of the component Mineflayer HTTP API. Executing a manipulation can lead to cross-site request forgery. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-352", "CWE-862"], "affected_products": [], "references": [{"url": "https://github.com/FoundationAgents/MetaGPT/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/FoundationAgents/MetaGPT/issues/1932", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/791759", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356969", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356969/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-12T02:16:00.790", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 5e-05, "epss_percentile": 0.00253, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}, {"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2019-25708", "description": "Heatmiser Wifi Thermostat 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials by tricking authenticated users into submitting malicious requests. Attackers can craft HTML forms targeting the networkSetup.htm endpoint with parameters usnm, usps, and cfps to modify the admin username and password without user consent.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-352"], "affected_products": [], "references": [{"url": "https://www.exploit-db.com/exploits/46100", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/heatmiser-wifi-thermostat-cross-site-request-forgery", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-12T13:16:33.793", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00014, "epss_percentile": 0.02686, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6150", "description": "A vulnerability has been found in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /checkupdatestatus.php. The manipulation of the argument serviceId leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79", "CWE-94"], "affected_products": [], "references": [{"url": "https://code-projects.org/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/zheng-lv/CVE-/issues/1", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/796309", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357030", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357030/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-13T03:16:02.683", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00033, "epss_percentile": 0.09343, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}, {"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6159", "description": "A vulnerability has been found in code-projects Simple ChatBox up to 1.0. Affected by this vulnerability is an unknown functionality of the file /chatbox/insert.php of the component Endpoint. Such manipulation of the argument msg leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79", "CWE-94"], "affected_products": [], "references": [{"url": "https://code-projects.org/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/ahmadmarz10-hub/CVEsMarz/blob/main/Stored%20Cross-Site%20Scripting%20(XSS)%20in%20Simple%20Chatbox%20PHP%20msg%20Parameter.md", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/796666", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357039", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357039/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-13T05:16:05.207", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00033, "epss_percentile": 0.09343, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}, {"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6231", "description": "The bson_validate function may return early on specific inputs and incorrectly report success. This behavior could result in skipping validation for BSON data, allowing malformed or invalid UTF-8 sequences to bypass validation and be processed incorrectly. The issue may affect applications that rely on these functions to validate untrusted BSON data before further processing. This issue affects MongoDB C Driver versions prior to 1.30.5, MongoDB C Driver version 2.0.0 and MongoDB C Driver version 2.0.1", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-20"], "affected_products": [], "references": [{"url": "https://jira.mongodb.org/browse/CDRIVER-6017", "source": "cna@mongodb.com", "tags": []}], "published": "2026-04-13T16:16:36.570", "last_modified": "2026-04-13T16:16:36.570", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00042, "epss_percentile": 0.12753, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40041", "description": "Pachno 1.0.6 contains a cross-site request forgery vulnerability that allows attackers to perform arbitrary actions in authenticated user context by exploiting missing CSRF protections on state-changing endpoints. Attackers can craft malicious requests targeting login, registration, file upload, milestone editing, and administrative functions to force logout, create accounts, modify roles, inject comments, or upload files when authenticated users visit attacker-controlled websites.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-352"], "affected_products": [], "references": [{"url": "https://www.vulncheck.com/advisories/pachno-cross-site-request-forgery-via-state-changing-endpoints", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5983.php", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-13T19:16:51.787", "last_modified": "2026-04-13T19:16:51.787", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00014, "epss_percentile": 0.02686, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33534", "description": "EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below have an authenticated Server-Side Request Forgery (SSRF) vulnerability that allows bypassing the internal-host validation logic by using alternative IPv4 representations such as octal notation (e.g., 0177.0.0.1 instead of 127.0.0.1). This is caused by HostCheck::isNotInternalHost() function relying on PHP's filter_var(..., FILTER_VALIDATE_IP), which does not recognize alternative IP formats, causing the validation to fall through to a DNS lookup that returns no records and incorrectly treats the host as safe, however the cURL subsequently normalizes the address and connects to the loopback destination. Through the confirmed /api/v1/Attachment/fromImageUrl endpoint, an authenticated user can force the server to make requests to loopback-only services and store the fetched response as an attachment. This vulnerability is distinct from CVE-2023-46736 (which involved redirect-based SSRF) and may allow access to internal resources reachable from the application runtime. This issue has been fixed in version 9.3.4.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-918"], "affected_products": [], "references": [{"url": "https://github.com/espocrm/espocrm/releases/tag/9.3.4", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/espocrm/espocrm/security/advisories/GHSA-h7gx-8gwv-7g73", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/espocrm/espocrm/security/advisories/GHSA-h7gx-8gwv-7g73", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": []}], "published": "2026-04-13T20:16:33.970", "last_modified": "2026-04-14T17:16:50.630", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00025, "epss_percentile": 0.06878, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1090", "name": "Proxy", "tactic": "Command and Control"}], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6218", "description": "A vulnerability was found in aandrew-me ytDownloader up to 3.20.2. Affected by this issue is the function createTextNode of the component Error Details Panel. The manipulation results in cross site scripting. The attack may be performed from remote. The vendor was contacted early about this disclosure.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79", "CWE-94"], "affected_products": [], "references": [{"url": "https://github.com/ngocnn97/security-advisories/blob/main/YtDownloader_XSS_To_RCE_PoC.mp4", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/785842", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357139", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357139/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-13T21:16:32.213", "last_modified": "2026-04-13T21:16:32.213", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00031, "epss_percentile": 0.08611, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}, {"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-24318", "description": "Due to an Insecure session management vulnerability in SAP Business Objects Business Intelligence Platform, an unauthenticated attacker could obtain valid session tokens and reuse them to gain unauthorized access to a victim�s session. If the application continues to accept previously issued tokens after authentication, the attacker could assume the victim�s authenticated context. This could allow the attacker to access or modify information within the victim�s session scope, impacting confidentiality and integrity, while availability remains unaffected.", "cvss_score": 4.2, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-539"], "affected_products": [], "references": [{"url": "https://me.sap.com/notes/3702191", "source": "cna@sap.com", "tags": []}, {"url": "https://url.sap/sapsecuritypatchday", "source": "cna@sap.com", "tags": []}], "published": "2026-04-14T00:16:04.913", "last_modified": "2026-04-14T00:16:04.913", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00034, "epss_percentile": 0.09772, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.6, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27672", "description": "The Material Master application does not enforce authorization checks for authenticated users when executing reports, resulting in the disclosure of sensitive information. This vulnerability has a low impact on confidentiality and does not affect integrity and availability of the system.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://me.sap.com/notes/3703276", "source": "cna@sap.com", "tags": []}, {"url": "https://url.sap/sapsecuritypatchday", "source": "cna@sap.com", "tags": []}], "published": "2026-04-14T00:16:05.297", "last_modified": "2026-04-14T00:16:05.297", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00025, "epss_percentile": 0.06878, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27676", "description": "Due to missing authorization checks in the SAP S/4HANA OData Service (Manage Technical Object Structures), an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability results in a low impact on integrity, while confidentiality and availability are not impacted.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://me.sap.com/notes/3711682", "source": "cna@sap.com", "tags": []}, {"url": "https://url.sap/sapsecuritypatchday", "source": "cna@sap.com", "tags": []}], "published": "2026-04-14T00:16:05.987", "last_modified": "2026-04-14T00:16:05.987", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00026, "epss_percentile": 0.07258, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34225", "description": "Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Versions 0.7.2 and below contain a Blind Server Side Request Forgery in the functionality that allows editing an image via a prompt. The affected function performs a GET request to a user-provided URL with no restriction on the domain, allowing the local address space to be accessed. Since the SSRF is blind (the response cannot be read), the primary impact is port scanning of the local network, as whether a port is open can be determined based on whether the GET request succeeds or fails. These response differentials can be automated to iterate through the entire port range and identify open ports. If the service running on an open port can be inferred, an attacker may be able to interact with it in a meaningful way, provided the service offers state-changing GET request endpoints. This issue was unresolved at the time of publication.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-918"], "affected_products": [], "references": [{"url": "https://github.com/open-webui/open-webui/security/advisories/GHSA-jgx9-jr5x-mvpv", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/open-webui/open-webui/security/advisories/GHSA-jgx9-jr5x-mvpv", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": []}], "published": "2026-04-14T02:16:04.097", "last_modified": "2026-04-14T17:16:50.980", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00025, "epss_percentile": 0.06878, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1090", "name": "Proxy", "tactic": "Command and Control"}], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4479", "description": "The WholeSale Products Dynamic Pricing Management WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.", "cvss_score": 4.4, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://plugins.trac.wordpress.org/browser/wholesale-products-dynamic-pricing-management-woocommerce/trunk/class-main.php#L114", "source": "security@wordfence.com", "tags": []}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6b0382e2-e029-4e19-981c-6dc570e182f0?source=cve", "source": "security@wordfence.com", "tags": []}], "published": "2026-04-14T04:17:18.717", "last_modified": "2026-04-14T04:17:18.717", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00022, "epss_percentile": 0.05809, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 13.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33929", "description": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache PDFBox Examples.\n\nThis issue affects the \nExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.36, from 3.0.0 through 3.0.7.\n\n\nUsers are recommended to update to version 2.0.37 or 3.0.8 once \navailable. Until then, they should apply the fix provided in GitHub PR \n427.\n\nThe ExtractEmbeddedFiles example contained a path traversal vulnerability (CWE-22) mentioned in CVE-2026-23907. However the change in the releases 2.0.36 and 3.0.7 is flawed because it doesn't consider the file path separator. Because of that, a user having writing rights on /home/ABC could be victim to a malicious PDF resulting in a write attempt to any path starting with /home/ABC, e.g. \"/home/ABCDEF\".\n\nUsers who have copied this example into their production code should apply the mentioned change. The example \nhas been changed accordingly and is available in the project repository.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-22"], "affected_products": [], "references": [{"url": "https://github.com/apache/pdfbox/pull/427/changes", "source": "security@apache.org", "tags": []}, {"url": "https://lists.apache.org/thread/j8l07tgzy9dm8d8n0f3c45h7zg7t3ld6", "source": "security@apache.org", "tags": []}, {"url": "https://lists.apache.org/thread/op3lyx1ngzy4qycn06l6hljyf28ff0zs", "source": "security@apache.org", "tags": []}], "published": "2026-04-14T09:16:36.297", "last_modified": "2026-04-14T20:16:47.240", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00019, "epss_percentile": 0.04896, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1083", "name": "File and Directory Discovery", "tactic": "Discovery"}], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4109", "description": "The Eventin – Events Calendar, Event Booking, Ticket & Registration (AI Powered) plugin for WordPress is vulnerable to unauthorized access of data due to a improper capability check on the get_item_permissions_check() function in all versions up to, and including, 4.1.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read arbitrary order data including customer PII (name, email, phone) by iterating order IDs.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://plugins.trac.wordpress.org/changeset/3501510/", "source": "security@wordfence.com", "tags": []}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/87f82d5d-d89a-440d-8c23-ace5160a0739?source=cve", "source": "security@wordfence.com", "tags": []}], "published": "2026-04-14T09:16:36.460", "last_modified": "2026-04-14T09:16:36.460", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00024, "epss_percentile": 0.06614, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-59809", "description": "A server-side request forgery (ssrf) vulnerability [CWE-918] vulnerability in Fortinet FortiSOAR PaaS 7.6.4, FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.4, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated attacker to discover services running on local ports via crafted requests.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-918"], "affected_products": [], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-103", "source": "psirt@fortinet.com", "tags": []}], "published": "2026-04-14T16:16:31.103", "last_modified": "2026-04-14T16:16:31.103", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1090", "name": "Proxy", "tactic": "Command and Control"}], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-22576", "description": "A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.4, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated remote attacker to retrieve passwords for multiple installed connectors via server address modification in connector configuration.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-257"], "affected_products": [], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-104", "source": "psirt@fortinet.com", "tags": []}], "published": "2026-04-14T16:16:36.937", "last_modified": "2026-04-14T16:16:36.937", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27906", "description": "Improper input validation in Windows Hello allows an authorized attacker to bypass a security feature locally.", "cvss_score": 4.4, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-20"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27906", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:16:56.797", "last_modified": "2026-04-14T18:16:56.797", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 13.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32202", "description": "Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-693"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32202", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:27.360", "last_modified": "2026-04-14T18:17:27.360", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32220", "description": "Improper access control in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally.", "cvss_score": 4.4, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-284"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32220", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:29.873", "last_modified": "2026-04-14T18:17:29.873", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 13.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33829", "description": "Exposure of sensitive information to an unauthorized actor in Windows Snipping Tool allows an unauthorized attacker to perform spoofing over a network.", "cvss_score": 4.3, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-200"], "affected_products": [], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33829", "source": "secure@microsoft.com", "tags": []}], "published": "2026-04-14T18:17:35.857", "last_modified": "2026-04-14T18:17:35.857", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1005", "name": "Data from Local System", "tactic": "Collection"}], "ats_score": 13, "ats_level": "INFO", "ats_breakdown": {"severity": 12.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-0239", "description": "When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6.", "cvss_score": 4.0, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-295"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1929156", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-01/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-02/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-04/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-05/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00004.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-01-07T16:15:38.563", "last_modified": "2026-04-13T15:16:32.543", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0003, "epss_percentile": 0.08528, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1557", "name": "Adversary-in-the-Middle", "tactic": "Credential Access"}], "ats_score": 12, "ats_level": "INFO", "ats_breakdown": {"severity": 12.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-0240", "description": "Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6.", "cvss_score": 4.0, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-416"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}, {"vendor": "mozilla", "product": "thunderbird", "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1929623", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-01/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-02/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-04/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-05/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00004.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2025-01-07T16:15:38.663", "last_modified": "2026-04-13T15:16:32.730", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00048, "epss_percentile": 0.14687, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 12, "ats_level": "INFO", "ats_breakdown": {"severity": 12.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-1939", "description": "Android apps can load web pages using the Custom Tabs feature. This feature supports a transition animation that could have been used to trick a user into granting sensitive permissions by hiding what the user was actually clicking. This vulnerability was fixed in Firefox 136.", "cvss_score": 3.9, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "cvss_severity": "LOW", "cwes": ["CWE-359"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1928334", "source": "security@mozilla.org", "tags": ["Issue Tracking"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-14/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://taptrap.click", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"]}], "published": "2025-03-04T14:15:38.837", "last_modified": "2026-04-13T15:16:53.420", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00131, "epss_percentile": 0.326, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 12, "ats_level": "INFO", "ats_breakdown": {"severity": 11.7, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-10859", "description": "Cookie storage for non-HTML temporary documents was being shared incorrectly with normal browsing content, allowing information from private tabs to escape Incognito mode even after the user closed all tabs. This vulnerability was fixed in Firefox for iOS 143.1.", "cvss_score": 4.0, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-359"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:iphone_os:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1684624", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-79/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-09-30T13:15:48.550", "last_modified": "2026-04-13T15:16:37.753", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00016, "epss_percentile": 0.03485, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 12, "ats_level": "INFO", "ats_breakdown": {"severity": 12.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27795", "description": "LangChain is a framework for building LLM-powered applications. Prior to version 1.1.8, a redirect-based Server-Side Request Forgery (SSRF) bypass exists in `RecursiveUrlLoader` in `@langchain/community`. The loader validates the initial URL but allows the underlying fetch to follow redirects automatically, which permits a transition from a safe public URL to an internal or metadata endpoint without revalidation. This is a bypass of the SSRF protections introduced in 1.1.14 (CVE-2026-26019). Users should upgrade to `@langchain/community` 1.1.18, which validates every redirect hop by disabling automatic redirects and re-validating `Location` targets before following them. In this version, automatic redirects are disabled (`redirect: \"manual\"`), each 3xx `Location` is resolved and validated with `validateSafeUrl()` before the next request, and a maximum redirect limit prevents infinite loops.", "cvss_score": 4.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-918"], "affected_products": [{"vendor": "langchain", "product": "langchain_community", "cpe": "cpe:2.3:a:langchain:langchain_community:*:*:*:*:*:node.js:*:*"}], "references": [{"url": "https://github.com/langchain-ai/langchainjs/commit/2812d2b2b9fd9343c4850e2ab906b8cf440975ee", "source": "security-advisories@github.com", "tags": ["Patch"]}, {"url": "https://github.com/langchain-ai/langchainjs/commit/d5e3db0d01ab321ec70a875805b2f74aefdadf9d", "source": "security-advisories@github.com", "tags": ["Patch"]}, {"url": "https://github.com/langchain-ai/langchainjs/pull/9990", "source": "security-advisories@github.com", "tags": ["Issue Tracking"]}, {"url": "https://github.com/langchain-ai/langchainjs/releases/tag/%40langchain%2Fcommunity%401.1.14", "source": "security-advisories@github.com", "tags": ["Release Notes"]}, {"url": "https://github.com/langchain-ai/langchainjs/releases/tag/%40langchain%2Fcommunity%401.1.18", "source": "security-advisories@github.com", "tags": ["Release Notes"]}, {"url": "https://github.com/langchain-ai/langchainjs/security/advisories/GHSA-gf3v-fwqg-4vh7", "source": "security-advisories@github.com", "tags": ["Not Applicable"]}, {"url": "https://github.com/langchain-ai/langchainjs/security/advisories/GHSA-mphv-75cg-56wg", "source": "security-advisories@github.com", "tags": ["Vendor Advisory"]}], "published": "2026-02-25T18:23:41.153", "last_modified": "2026-04-13T14:15:35.920", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00042, "epss_percentile": 0.12479, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1090", "name": "Proxy", "tactic": "Command and Control"}], "ats_score": 12, "ats_level": "INFO", "ats_breakdown": {"severity": 12.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-31804", "description": "Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.0, the /pms_image_proxy endpoint accepts a user-supplied img parameter and forwards it to Plex Media Server's /photo/:/ transcode transcoder without authentication and without restricting the scheme or host. The endpoint is intentionally excluded from all authentication checks in webstart.py, any value of img beginning with http is passed directly to Plex, this causes the Plex Media Server process, which typically runs on the same host or internal network as Tautulli, with access to RFC-1918 address space, to issue an outbound HTTP request to any attacker-specified URL. This issue has been patched in version 2.17.0.", "cvss_score": 4.0, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-918"], "affected_products": [{"vendor": "tautulli", "product": "tautulli", "cpe": "cpe:2.3:a:tautulli:tautulli:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/Tautulli/Tautulli/releases/tag/v2.17.0", "source": "security-advisories@github.com", "tags": ["Release Notes"]}, {"url": "https://github.com/Tautulli/Tautulli/security/advisories/GHSA-qj2f-4c4p-wv97", "source": "security-advisories@github.com", "tags": ["Vendor Advisory", "Exploit"]}], "published": "2026-03-30T20:16:21.517", "last_modified": "2026-04-14T01:43:40.347", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00051, "epss_percentile": 0.15711, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1090", "name": "Proxy", "tactic": "Command and Control"}], "ats_score": 12, "ats_level": "INFO", "ats_breakdown": {"severity": 12.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39566", "description": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Designinvento DirectoryPress directorypress allows Retrieve Embedded Sensitive Data.This issue affects DirectoryPress: from n/a through <= 3.6.26.", "cvss_score": 4.0, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-497"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/directorypress/vulnerability/wordpress-directorypress-plugin-3-6-26-sensitive-data-exposure-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:27.943", "last_modified": "2026-04-14T18:17:38.297", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00024, "epss_percentile": 0.065, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 12, "ats_level": "INFO", "ats_breakdown": {"severity": 12.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39572", "description": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in magepeopleteam Bus Ticket Booking with Seat Reservation bus-ticket-booking-with-seat-reservation allows Retrieve Embedded Sensitive Data.This issue affects Bus Ticket Booking with Seat Reservation: from n/a through < 5.6.5.", "cvss_score": 4.0, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-497"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/bus-ticket-booking-with-seat-reservation/vulnerability/wordpress-bus-ticket-booking-with-seat-reservation-plugin-5-6-5-sensitive-data-exposure-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:28.497", "last_modified": "2026-04-14T18:17:38.687", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00024, "epss_percentile": 0.065, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 12, "ats_level": "INFO", "ats_breakdown": {"severity": 12.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35601", "description": "Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the CalDAV output generator builds iCalendar VTODO entries via raw string concatenation without applying RFC 5545 TEXT value escaping. User-controlled task titles containing CRLF characters break the iCalendar property boundary, allowing injection of arbitrary iCalendar properties such as ATTACH, VALARM, or ORGANIZER. This vulnerability is fixed in 2.3.0.", "cvss_score": 4.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-93"], "affected_products": [], "references": [{"url": "https://github.com/go-vikunja/vikunja/pull/2580", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/go-vikunja/vikunja/releases/tag/v2.3.0", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/go-vikunja/vikunja/security/advisories/GHSA-2g7h-7rqr-9p4r", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/go-vikunja/vikunja/security/advisories/GHSA-2g7h-7rqr-9p4r", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": []}], "published": "2026-04-10T17:17:03.837", "last_modified": "2026-04-13T16:16:29.227", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00028, "epss_percentile": 0.07909, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 12, "ats_level": "INFO", "ats_breakdown": {"severity": 12.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40385", "description": "In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or information leaks. This only affects 32bit systems.", "cvss_score": 4.0, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-190"], "affected_products": [{"vendor": "libexif_project", "product": "libexif", "cpe": "cpe:2.3:a:libexif_project:libexif:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/libexif/libexif/commit/93003b93e50b3d259bd2227d8775b73a53c35d58", "source": "cve@mitre.org", "tags": ["Patch"]}], "published": "2026-04-12T19:16:20.480", "last_modified": "2026-04-14T20:15:39.990", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00013, "epss_percentile": 0.01922, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 12, "ats_level": "INFO", "ats_breakdown": {"severity": 12.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40386", "description": "In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used by attackers to crash or leak information out of libexif-using programs.", "cvss_score": 4.0, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-191"], "affected_products": [{"vendor": "libexif_project", "product": "libexif", "cpe": "cpe:2.3:a:libexif_project:libexif:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/libexif/libexif/commit/dc6eac6e9655d14d0779d99e82d0f5f442d2f34b", "source": "cve@mitre.org", "tags": ["Patch"]}], "published": "2026-04-12T19:16:20.640", "last_modified": "2026-04-14T20:43:44.283", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00013, "epss_percentile": 0.01922, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 12, "ats_level": "INFO", "ats_breakdown": {"severity": 12.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40394", "description": "Varnish Cache 9 before 9.0.1 and Varnish Enterprise before 6.0.16r11 allows a \"workspace overflow\" denial of service (daemon panic) for certain amounts of prefetched data. The setup of an HTTP/2 session starts with a speculative HTTP/1 transport, and upon upgrading to h2 the HTTP/1 request is repurposed as stream zero. During the upgrade, a buffer allocation is made to reserve space to send frames to the client. This allocation would split the original workspace, and depending on the amount of prefetched data, the next fetch could perform a pipelining operation that would run out of workspace.", "cvss_score": 4.0, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-670"], "affected_products": [], "references": [{"url": "https://docs.varnish-software.com/security/VEV00002/", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-12T20:16:17.857", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00039, "epss_percentile": 0.11505, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 12, "ats_level": "INFO", "ats_breakdown": {"severity": 12.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40395", "description": "Varnish Enterprise before 6.0.16r12 allows a \"workspace overflow\" denial of service (daemon panic) for shared VCL. The headerplus.write_req0() function from vmod_headerplus updates the underlying req0, which is normally the original read-only request from which req is derived (readable and writable from VCL). This is useful in the active VCL, after amending req, to prepare a refined req0 before switching to a different VCL with the return (vcl(<label>)) action. This is for example how the Varnish Controller operates shared VCL deployments. If the amended req contained too many header fields for req0, this would have resulted in a workspace overflow that would in turn trigger a panic and crash the Varnish Enterprise server. This could be used as a Denial of Service attack vector by malicious clients.", "cvss_score": 4.0, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-770"], "affected_products": [], "references": [{"url": "https://docs.varnish-software.com/security/VEV00003/", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-12T20:16:18.893", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00039, "epss_percentile": 0.11505, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 12, "ats_level": "INFO", "ats_breakdown": {"severity": 12.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40396", "description": "Varnish Cache 9 before 9.0.1 allows a \"workspace overflow\" denial of service (daemon panic) after timeout_linger. A malicious client could send an HTTP/1 request, wait long enough until the session releases its worker thread (timeout_linger) and resume traffic before the session is closed (timeout_idle) sending more than one request at once to trigger a pipelining operation between requests. This vulnerability affecting Varnish Cache 9.0.0 emerged from a port of the Varnish Enterprise non-blocking architecture for HTTP/2. New code was needed to adapt to a more recent workspace API that formalizes the pipelining operation. In addition to the workspace change on the Varnish Cache side, other differences created merge conflicts, like partial support for trailers in Varnish Enterprise. The conflict resolution missed one code path configuring pipelining to perform a complete workspace rollback, losing the guarantee that prefetched data would fit inside workspace_client during the transition from one request to the next. This can result in a workspace overflow, triggering a panic and crashing the Varnish server.", "cvss_score": 4.0, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-670"], "affected_products": [], "references": [{"url": "https://github.com/varnish/varnish/issues/15", "source": "cve@mitre.org", "tags": []}, {"url": "https://github.com/varnish/varnish/releases/tag/varnish-9.0.1", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-12T20:16:19.057", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00012, "epss_percentile": 0.0163, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 12, "ats_level": "INFO", "ats_breakdown": {"severity": 12.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34860", "description": "Access control vulnerability in the memo module.\nImpact: Successful exploitation of this vulnerability will affect availability and confidentiality.", "cvss_score": 4.1, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:L", "cvss_severity": "MEDIUM", "cwes": ["CWE-284"], "affected_products": [], "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2026/4/", "source": "psirt@huawei.com", "tags": []}, {"url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/4/", "source": "psirt@huawei.com", "tags": []}], "published": "2026-04-13T04:16:12.650", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 6e-05, "epss_percentile": 0.00392, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 12, "ats_level": "INFO", "ats_breakdown": {"severity": 12.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34858", "description": "UAF vulnerability in the communication module.\nImpact: Successful exploitation of this vulnerability may affect availability.", "cvss_score": 4.1, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "cvss_severity": "MEDIUM", "cwes": ["CWE-362"], "affected_products": [], "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2026/4/", "source": "psirt@huawei.com", "tags": []}, {"url": "https://consumer.huawei.com/en/support/bulletinvision/2026/4/", "source": "psirt@huawei.com", "tags": []}, {"url": "https://consumer.huawei.com/en/support/bulletinwearables/2026/4/", "source": "psirt@huawei.com", "tags": []}], "published": "2026-04-13T05:16:03.663", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 5e-05, "epss_percentile": 0.0022, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}], "ats_score": 12, "ats_level": "INFO", "ats_breakdown": {"severity": 12.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33555", "description": "An issue was discovered in HAProxy before 3.3.6. The HTTP/3 parser does not check that the received body length matches a previously announced content-length when the stream is closed via a frame with an empty payload. This can cause desynchronization issues with the backend server and could be used for request smuggling. The earliest affected version is 2.6.", "cvss_score": 4.0, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-130"], "affected_products": [], "references": [{"url": "https://github.com/haproxy/haproxy/commit/05a295441c621089ffa4318daf0dbca2dd756a84", "source": "cve@mitre.org", "tags": []}, {"url": "https://www.haproxy.com/documentation/haproxy-aloha/changelog/", "source": "cve@mitre.org", "tags": []}, {"url": "https://www.haproxy.org", "source": "cve@mitre.org", "tags": []}, {"url": "https://www.mail-archive.com/haproxy@formilux.org/msg46752.html", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-13T17:16:28.237", "last_modified": "2026-04-13T17:16:28.237", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 9e-05, "epss_percentile": 0.00797, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 12, "ats_level": "INFO", "ats_breakdown": {"severity": 12.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27683", "description": "SAP BusinessObjects Business Intelligence application allows an authenticated attacker to inject malicious JavaScript payloads through crafted URLs. When a victim accesses the URL, the script executes in the user�s browser, potentially exposing restricted information. This results in a low impact on confidentiality with no impact on integrity and availability.", "cvss_score": 4.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://me.sap.com/notes/3698216", "source": "cna@sap.com", "tags": []}, {"url": "https://url.sap/sapsecuritypatchday", "source": "cna@sap.com", "tags": []}], "published": "2026-04-14T00:16:06.717", "last_modified": "2026-04-14T00:16:06.717", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00029, "epss_percentile": 0.08061, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 12, "ats_level": "INFO", "ats_breakdown": {"severity": 12.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-22574", "description": "A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.4, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated remote attacker to retrieve Service account password via server address modification in LDAP configuration.", "cvss_score": 4.1, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N", "cvss_severity": "MEDIUM", "cwes": ["CWE-257"], "affected_products": [], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-105", "source": "psirt@fortinet.com", "tags": []}], "published": "2026-04-14T16:16:36.760", "last_modified": "2026-04-14T16:16:36.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 12, "ats_level": "INFO", "ats_breakdown": {"severity": 12.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2020-24588", "description": "The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets.", "cvss_score": 3.5, "cvss_vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "cvss_severity": "LOW", "cwes": ["CWE-327"], "affected_products": [{"vendor": "ieee", "product": "ieee_802.11", "cpe": "cpe:2.3:a:ieee:ieee_802.11:*:*:*:*:*:*:*:*"}, {"vendor": "linux", "product": "mac80211", "cpe": "cpe:2.3:a:linux:mac80211:-:*:*:*:*:*:*:*"}, {"vendor": "microsoft", "product": "windows_10", "cpe": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*"}, {"vendor": "microsoft", "product": "windows_10", "cpe": "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*"}, {"vendor": "microsoft", "product": "windows_10", "cpe": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*"}, {"vendor": "microsoft", "product": "windows_10", "cpe": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*"}, {"vendor": "microsoft", "product": "windows_10", "cpe": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"}, {"vendor": "microsoft", "product": "windows_10", "cpe": "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*"}, {"vendor": "microsoft", "product": "windows_10", "cpe": "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*"}, {"vendor": "microsoft", "product": "windows_7", "cpe": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*"}, {"vendor": "microsoft", "product": "windows_8.1", "cpe": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*"}, {"vendor": "microsoft", "product": "windows_rt_8.1", "cpe": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*"}, {"vendor": "microsoft", "product": "windows_server_2008", "cpe": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*"}, {"vendor": "microsoft", "product": "windows_server_2008", "cpe": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*"}, {"vendor": "microsoft", "product": "windows_server_2012", "cpe": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*"}, {"vendor": "microsoft", "product": "windows_server_2012", "cpe": "cpe:2.3:o:microsoft:windows_server_2012:-:r2:*:*:*:*:*:*"}, {"vendor": "microsoft", "product": "windows_server_2016", "cpe": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*"}, {"vendor": "microsoft", "product": "windows_server_2016", "cpe": "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*"}, {"vendor": "microsoft", "product": "windows_server_2019", "cpe": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*"}, {"vendor": "debian", "product": "debian_linux", "cpe": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_w1748-1_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w1748-1_firmware:-:*:*:*:*:*:m12:*"}, {"vendor": "siemens", "product": "scalance_w1750d_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w1750d_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_w1788-1_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w1788-1_firmware:-:*:*:*:*:*:m12:*"}, {"vendor": "siemens", "product": "scalance_w1788-2_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w1788-2_firmware:-:*:*:*:*:*:eec_m12:*"}, {"vendor": "siemens", "product": "scalance_w1788-2_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w1788-2_firmware:-:*:*:*:*:*:m12:*"}, {"vendor": "siemens", "product": "scalance_w1788-2ia_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w1788-2ia_firmware:-:*:*:*:*:*:m12:*"}, {"vendor": "siemens", "product": "scalance_w721-1_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w721-1_firmware:-:*:*:*:*:*:rj45:*"}, {"vendor": "siemens", "product": "scalance_w722-1_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w722-1_firmware:-:*:*:*:*:*:rj45:*"}, {"vendor": "siemens", "product": "scalance_w734-1_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w734-1_firmware:-:*:*:*:*:*:rj45:*"}, {"vendor": "siemens", "product": "scalance_w738-1_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w738-1_firmware:-:*:*:*:*:*:m12:*"}, {"vendor": "siemens", "product": "scalance_w748-1_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w748-1_firmware:-:*:*:*:*:*:m12:*"}, {"vendor": "siemens", "product": "scalance_w748-1_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w748-1_firmware:-:*:*:*:*:*:rj45:*"}, {"vendor": "siemens", "product": "scalance_w761-1_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w761-1_firmware:-:*:*:*:*:*:rj45:*"}, {"vendor": "siemens", "product": "scalance_w774-1_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w774-1_firmware:-:*:*:*:*:*:m12_eec:*"}, {"vendor": "siemens", "product": "scalance_w774-1_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w774-1_firmware:-:*:*:*:*:*:rj45:*"}, {"vendor": "siemens", "product": "scalance_w778-1_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w778-1_firmware:-:*:*:*:*:*:m12:*"}, {"vendor": "siemens", "product": "scalance_w778-1_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w778-1_firmware:-:*:*:*:*:*:m12_eec:*"}, {"vendor": "siemens", "product": "scalance_w786-1_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w786-1_firmware:-:*:*:*:*:*:rj45:*"}, {"vendor": "siemens", "product": "scalance_w786-2_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w786-2_firmware:-:*:*:*:*:*:rj45:*"}, {"vendor": "siemens", "product": "scalance_w786-2_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w786-2_firmware:-:*:*:*:*:*:sfp:*"}, {"vendor": "siemens", "product": "scalance_w786-2ia_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w786-2ia_firmware:-:*:*:*:*:*:rj45:*"}, {"vendor": "siemens", "product": "scalance_w788-1_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w788-1_firmware:-:*:*:*:*:*:m12:*"}, {"vendor": "siemens", "product": "scalance_w788-1_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w788-1_firmware:-:*:*:*:*:*:rj45:*"}, {"vendor": "siemens", "product": "scalance_w788-2_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w788-2_firmware:-:*:*:*:*:*:m12:*"}, {"vendor": "siemens", "product": "scalance_w788-2_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w788-2_firmware:-:*:*:*:*:*:m12_eec:*"}, {"vendor": "siemens", "product": "scalance_w788-2_firmware", "cpe": "cpe:2.3:o:siemens:scalance_w788-2_firmware:-:*:*:*:*:*:rj45:*"}, {"vendor": "siemens", "product": "scalance_wam763-1_firmware", "cpe": "cpe:2.3:o:siemens:scalance_wam763-1_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_wam766-1_firmware", "cpe": "cpe:2.3:o:siemens:scalance_wam766-1_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_wam766-1_firmware", "cpe": "cpe:2.3:o:siemens:scalance_wam766-1_firmware:-:*:*:*:*:*:eec:*"}, {"vendor": "siemens", "product": "scalance_wam766-1_6ghz_firmware", "cpe": "cpe:2.3:o:siemens:scalance_wam766-1_6ghz_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_wam766-1_6ghz_firmware", "cpe": "cpe:2.3:o:siemens:scalance_wam766-1_6ghz_firmware:-:*:*:*:*:*:eec:*"}, {"vendor": "siemens", "product": "scalance_wum763-1_firmware", "cpe": "cpe:2.3:o:siemens:scalance_wum763-1_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_wum766-1_firmware", "cpe": "cpe:2.3:o:siemens:scalance_wum766-1_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "siemens", "product": "scalance_wum766-1_6ghz_firmware", "cpe": "cpe:2.3:o:siemens:scalance_wum766-1_6ghz_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "c-100_firmware", "cpe": "cpe:2.3:o:arista:c-100_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "c-110_firmware", "cpe": "cpe:2.3:o:arista:c-110_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "c-120_firmware", "cpe": "cpe:2.3:o:arista:c-120_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "c-130_firmware", "cpe": "cpe:2.3:o:arista:c-130_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "c-200_firmware", "cpe": "cpe:2.3:o:arista:c-200_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "c-230_firmware", "cpe": "cpe:2.3:o:arista:c-230_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "c-235_firmware", "cpe": "cpe:2.3:o:arista:c-235_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "c-250_firmware", "cpe": "cpe:2.3:o:arista:c-250_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "c-260_firmware", "cpe": "cpe:2.3:o:arista:c-260_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "c-65_firmware", "cpe": "cpe:2.3:o:arista:c-65_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "c-75_firmware", "cpe": "cpe:2.3:o:arista:c-75_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "o-105_firmware", "cpe": "cpe:2.3:o:arista:o-105_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "o-90_firmware", "cpe": "cpe:2.3:o:arista:o-90_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "w-118_firmware", "cpe": "cpe:2.3:o:arista:w-118_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "arista", "product": "w-68_firmware", "cpe": "cpe:2.3:o:arista:w-68_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "1100_firmware", "cpe": "cpe:2.3:o:cisco:1100_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "1100-4p_firmware", "cpe": "cpe:2.3:o:cisco:1100-4p_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "1100-8p_firmware", "cpe": "cpe:2.3:o:cisco:1100-8p_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "1101-4p_firmware", "cpe": "cpe:2.3:o:cisco:1101-4p_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "1109-2p_firmware", "cpe": "cpe:2.3:o:cisco:1109-2p_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "1109-4p_firmware", "cpe": "cpe:2.3:o:cisco:1109-4p_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_1532_firmware", "cpe": "cpe:2.3:o:cisco:aironet_1532_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_1542d_firmware", "cpe": "cpe:2.3:o:cisco:aironet_1542d_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_1542i_firmware", "cpe": "cpe:2.3:o:cisco:aironet_1542i_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_1800_firmware", "cpe": "cpe:2.3:o:cisco:aironet_1800_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_1800i_firmware", "cpe": "cpe:2.3:o:cisco:aironet_1800i_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_1810_firmware", "cpe": "cpe:2.3:o:cisco:aironet_1810_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_1810w_firmware", "cpe": "cpe:2.3:o:cisco:aironet_1810w_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_1815_firmware", "cpe": "cpe:2.3:o:cisco:aironet_1815_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_1815i_firmware", "cpe": "cpe:2.3:o:cisco:aironet_1815i_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_1832_firmware", "cpe": "cpe:2.3:o:cisco:aironet_1832_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_1842_firmware", "cpe": "cpe:2.3:o:cisco:aironet_1842_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_1852_firmware", "cpe": "cpe:2.3:o:cisco:aironet_1852_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_ap803_firmware", "cpe": "cpe:2.3:o:cisco:aironet_ap803_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "aironet_iw3702_firmware", "cpe": "cpe:2.3:o:cisco:aironet_iw3702_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_9105_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_9105_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_9105axi_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_9105axi_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_9105axw_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_9105axw_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_9115_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_9115_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_9115_ap_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_9115_ap_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_9115axe_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_9115axe_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_9115axi_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_9115axi_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_9117_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_9117_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_9117_ap_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_9117_ap_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_9117axi_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_9117axi_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_9120_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_9120_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_9120_ap_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_9120_ap_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_9120axe_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_9120axe_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_9120axi_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_9120axi_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_9120axp_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_9120axp_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_9124_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_9124_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_9124axd_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_9124axd_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_9124axi_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_9124axi_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_9130_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_9130_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_9130_ap_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_9130_ap_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_9130axe_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_9130axe_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "catalyst_9130axi_firmware", "cpe": "cpe:2.3:o:cisco:catalyst_9130axi_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "ip_phone_6861_firmware", "cpe": "cpe:2.3:o:cisco:ip_phone_6861_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "ip_phone_8821_firmware", "cpe": "cpe:2.3:o:cisco:ip_phone_8821_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "ip_phone_8832_firmware", "cpe": "cpe:2.3:o:cisco:ip_phone_8832_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "ip_phone_8861_firmware", "cpe": "cpe:2.3:o:cisco:ip_phone_8861_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "ip_phone_8865_firmware", "cpe": "cpe:2.3:o:cisco:ip_phone_8865_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "ir829-2lte-ea-ak9_firmware", "cpe": "cpe:2.3:o:cisco:ir829-2lte-ea-ak9_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "ir829-2lte-ea-bk9_firmware", "cpe": "cpe:2.3:o:cisco:ir829-2lte-ea-bk9_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "ir829-2lte-ea-ek9_firmware", "cpe": "cpe:2.3:o:cisco:ir829-2lte-ea-ek9_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "ir829gw-lte-ga-ck9_firmware", "cpe": "cpe:2.3:o:cisco:ir829gw-lte-ga-ck9_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "ir829gw-lte-ga-ek9_firmware", "cpe": "cpe:2.3:o:cisco:ir829gw-lte-ga-ek9_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "ir829gw-lte-ga-sk9_firmware", "cpe": "cpe:2.3:o:cisco:ir829gw-lte-ga-sk9_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "ir829gw-lte-ga-zk9_firmware", "cpe": "cpe:2.3:o:cisco:ir829gw-lte-ga-zk9_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "ir829gw-lte-na-ak9_firmware", "cpe": "cpe:2.3:o:cisco:ir829gw-lte-na-ak9_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "ir829gw-lte-vz-ak9_firmware", "cpe": "cpe:2.3:o:cisco:ir829gw-lte-vz-ak9_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_gr10_firmware", "cpe": "cpe:2.3:o:cisco:meraki_gr10_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_gr60_firmware", "cpe": "cpe:2.3:o:cisco:meraki_gr60_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr12_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr12_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr20_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr20_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr26_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr26_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr30h_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr30h_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr32_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr32_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr33_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr33_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr34_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr34_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr36_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr36_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr42_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr42_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr42e_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr42e_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr44_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr44_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr45_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr45_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr46_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr46_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr46e_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr46e_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr52_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr52_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr53_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr53_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr53e_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr53e_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr55_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr55_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr56_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr56_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr62_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr62_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr66_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr66_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr70_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr70_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr72_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr72_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr74_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr74_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr76_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr76_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr84_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr84_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mr86_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mr86_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mx64w_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mx64w_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mx65w_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mx65w_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mx67cw_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mx67cw_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mx67w_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mx67w_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mx68cw_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mx68cw_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_mx68w_firmware", "cpe": "cpe:2.3:o:cisco:meraki_mx68w_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_z3_firmware", "cpe": "cpe:2.3:o:cisco:meraki_z3_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "meraki_z3c_firmware", "cpe": "cpe:2.3:o:cisco:meraki_z3c_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "webex_board_55_firmware", "cpe": "cpe:2.3:o:cisco:webex_board_55_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "webex_board_55s_firmware", "cpe": "cpe:2.3:o:cisco:webex_board_55s_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "webex_board_70_firmware", "cpe": "cpe:2.3:o:cisco:webex_board_70_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "webex_board_70s_firmware", "cpe": "cpe:2.3:o:cisco:webex_board_70s_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "webex_board_85s_firmware", "cpe": "cpe:2.3:o:cisco:webex_board_85s_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "webex_dx70_firmware", "cpe": "cpe:2.3:o:cisco:webex_dx70_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "webex_dx80_firmware", "cpe": "cpe:2.3:o:cisco:webex_dx80_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "webex_room_55_firmware", "cpe": "cpe:2.3:o:cisco:webex_room_55_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "webex_room_55_dual_firmware", "cpe": "cpe:2.3:o:cisco:webex_room_55_dual_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "webex_room_70_firmware", "cpe": "cpe:2.3:o:cisco:webex_room_70_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "webex_room_70_dual_firmware", "cpe": "cpe:2.3:o:cisco:webex_room_70_dual_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "webex_room_70_dual_g2_firmware", "cpe": "cpe:2.3:o:cisco:webex_room_70_dual_g2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "webex_room_70_single_firmware", "cpe": "cpe:2.3:o:cisco:webex_room_70_single_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "webex_room_70_single_g2_firmware", "cpe": "cpe:2.3:o:cisco:webex_room_70_single_g2_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "webex_room_kit_firmware", "cpe": "cpe:2.3:o:cisco:webex_room_kit_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "cisco", "product": "webex_room_kit_mini_firmware", "cpe": "cpe:2.3:o:cisco:webex_room_kit_mini_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "intel", "product": "ac_8260_firmware", "cpe": "cpe:2.3:o:intel:ac_8260_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "intel", "product": "ac_8265_firmware", "cpe": "cpe:2.3:o:intel:ac_8265_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "intel", "product": "ac_9260_firmware", "cpe": "cpe:2.3:o:intel:ac_9260_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "intel", "product": "ac_9560_firmware", "cpe": "cpe:2.3:o:intel:ac_9560_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "intel", "product": "killer_ac_1550_firmware", "cpe": "cpe:2.3:o:intel:killer_ac_1550_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "intel", "product": "killer_wi-fi_6_ax1650_firmware", "cpe": "cpe:2.3:o:intel:killer_wi-fi_6_ax1650_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "intel", "product": "killer_wi-fi_6e_ax1675_firmware", "cpe": "cpe:2.3:o:intel:killer_wi-fi_6e_ax1675_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "intel", "product": "proset_ac_3165_firmware", "cpe": "cpe:2.3:o:intel:proset_ac_3165_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "intel", "product": "proset_ac_3168_firmware", "cpe": "cpe:2.3:o:intel:proset_ac_3168_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "intel", "product": "proset_ac_8260_firmware", "cpe": "cpe:2.3:o:intel:proset_ac_8260_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "intel", "product": "proset_ac_8265_firmware", "cpe": "cpe:2.3:o:intel:proset_ac_8265_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "intel", "product": "proset_ac_9260_firmware", "cpe": "cpe:2.3:o:intel:proset_ac_9260_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "intel", "product": "proset_ac_9461_firmware", "cpe": "cpe:2.3:o:intel:proset_ac_9461_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "intel", "product": "proset_ac_9462_firmware", "cpe": "cpe:2.3:o:intel:proset_ac_9462_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "intel", "product": "proset_ac_9560_firmware", "cpe": "cpe:2.3:o:intel:proset_ac_9560_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "intel", "product": "proset_wi-fi_6_ax200_firmware", "cpe": "cpe:2.3:o:intel:proset_wi-fi_6_ax200_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "intel", "product": "proset_wi-fi_6_ax201_firmware", "cpe": "cpe:2.3:o:intel:proset_wi-fi_6_ax201_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "intel", "product": "proset_wi-fi_6e_ax210_firmware", "cpe": "cpe:2.3:o:intel:proset_wi-fi_6e_ax210_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "intel", "product": "proset_wireless_7265_\\(rev_d\\)_firmware", "cpe": "cpe:2.3:o:intel:proset_wireless_7265_\\(rev_d\\)_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "intel", "product": "wi-fi_6_ax200_firmware", "cpe": "cpe:2.3:o:intel:wi-fi_6_ax200_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "intel", "product": "wi-fi_6_ax201_firmware", "cpe": "cpe:2.3:o:intel:wi-fi_6_ax201_firmware:-:*:*:*:*:*:*:*"}, {"vendor": "linux", "product": "linux_kernel", "cpe": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"}, {"vendor": "linux", "product": "linux_kernel", "cpe": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"}, {"vendor": "linux", "product": "linux_kernel", "cpe": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"}, {"vendor": "linux", "product": "linux_kernel", "cpe": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"}, {"vendor": "linux", "product": "linux_kernel", "cpe": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"}, {"vendor": "linux", "product": "linux_kernel", "cpe": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"}, {"vendor": "linux", "product": "linux_kernel", "cpe": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"}], "references": [{"url": "http://www.openwall.com/lists/oss-security/2021/05/11/12", "source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf", "source": "cve@mitre.org", "tags": ["Third Party Advisory"]}, {"url": "https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md", "source": "cve@mitre.org", "tags": ["Third Party Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html", "source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html", "source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html", "source": "cve@mitre.org", "tags": []}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu", "source": "cve@mitre.org", "tags": ["Third Party Advisory"]}, {"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63", "source": "cve@mitre.org", "tags": ["Third Party Advisory"]}, {"url": "https://www.fragattacks.com", "source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html", "source": "cve@mitre.org", "tags": ["Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2021/05/11/12", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://www.fragattacks.com", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-019200.html", "source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e", "tags": []}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-913875.html", "source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e", "tags": []}], "published": "2021-05-11T20:15:08.613", "last_modified": "2026-04-14T09:16:20.567", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00311, "epss_percentile": 0.54337, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1557", "name": "Adversary-in-the-Middle", "tactic": "Credential Access"}], "ats_score": 11, "ats_level": "INFO", "ats_breakdown": {"severity": 10.5, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-3470", "description": "A vulnerability exists in the SonicWall Email Security appliance due to improper input sanitization that may lead to data corruption, allowing a remote authenticated attacker as admin user could exploit this issue by providing crafted input that corrupts application database.", "cvss_score": 3.8, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L", "cvss_severity": "LOW", "cwes": ["CWE-20"], "affected_products": [{"vendor": "sonicwall", "product": "email_security", "cpe": "cpe:2.3:a:sonicwall:email_security:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0002", "source": "PSIRT@sonicwall.com", "tags": ["Vendor Advisory"]}], "published": "2026-03-31T21:16:33.363", "last_modified": "2026-04-13T15:26:04.477", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00153, "epss_percentile": 0.35936, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 11, "ats_level": "INFO", "ats_breakdown": {"severity": 11.4, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35537", "description": "An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsafe deserialization in the redis/memcache session handler may lead to arbitrary file write operations by unauthenticated attackers via crafted session data.", "cvss_score": 3.7, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "LOW", "cwes": ["CWE-502"], "affected_products": [{"vendor": "roundcube", "product": "webmail", "cpe": "cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*"}, {"vendor": "roundcube", "product": "webmail", "cpe": "cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/roundcube/roundcubemail/commit/618c5428edc69fb088e7ac6c89e506dd39df3", "source": "cve@mitre.org", "tags": ["Patch"]}, {"url": "https://github.com/roundcube/roundcubemail/commit/6d586cfa4d8a31f7957f7a445aaedd52592a0e74", "source": "cve@mitre.org", "tags": ["Patch"]}, {"url": "https://github.com/roundcube/roundcubemail/commit/a4ead994d2f0ea92e4a1603196a197e0d5df1620", "source": "cve@mitre.org", "tags": ["Patch"]}, {"url": "https://github.com/roundcube/roundcubemail/releases/tag/1.5.14", "source": "cve@mitre.org", "tags": ["Release Notes"]}, {"url": "https://github.com/roundcube/roundcubemail/releases/tag/1.6.14", "source": "cve@mitre.org", "tags": ["Release Notes"]}, {"url": "https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5", "source": "cve@mitre.org", "tags": ["Release Notes"]}, {"url": "https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14", "source": "cve@mitre.org", "tags": ["Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2026/04/11/6", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mailing List"]}], "published": "2026-04-03T04:17:10.313", "last_modified": "2026-04-13T17:54:32.260", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00044, "epss_percentile": 0.13272, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 11, "ats_level": "INFO", "ats_breakdown": {"severity": 11.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35448", "description": "WWBN AVideo is an open source video platform. In versions 26.0 and prior, the BlockonomicsYPT plugin's check.php endpoint returns payment order data for any Bitcoin address without requiring authentication. The endpoint was designed as an AJAX polling helper for the authenticated invoice.php page, but it performs no access control checks of its own. Since Bitcoin addresses are publicly visible on the blockchain, an attacker can query payment records for any address used on the platform.", "cvss_score": 3.7, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "LOW", "cwes": ["CWE-862"], "affected_products": [{"vendor": "wwbn", "product": "avideo", "cpe": "cpe:2.3:a:wwbn:avideo:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/WWBN/AVideo/security/advisories/GHSA-3v7m-qg4x-58h9", "source": "security-advisories@github.com", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}, {"url": "https://github.com/WWBN/AVideo/security/advisories/GHSA-3v7m-qg4x-58h9", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}], "published": "2026-04-06T22:16:23.157", "last_modified": "2026-04-14T19:57:27.693", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0004, "epss_percentile": 0.12081, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 11, "ats_level": "INFO", "ats_breakdown": {"severity": 11.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-21388", "description": "Mattermost Plugins versions <=2.3.1 fail to limit the request body size on the {{/lifecycle}} webhook endpoint which allows an authenticated attacker to cause memory exhaustion and denial of service via sending an oversized JSON payload. Mattermost Advisory ID: MMSA-2026-00610", "cvss_score": 3.7, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "cvss_severity": "LOW", "cwes": ["CWE-770"], "affected_products": [], "references": [{"url": "https://mattermost.com/security-updates", "source": "responsibledisclosure@mattermost.com", "tags": []}], "published": "2026-04-09T11:16:20.897", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00039, "epss_percentile": 0.11505, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 11, "ats_level": "INFO", "ats_breakdown": {"severity": 11.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-24661", "description": "Mattermost Plugins versions <=2.1.3.0 fail to limit the request body size on the {{/changes}} webhook endpoint which allows an authenticated attacker to cause memory exhaustion and denial of service via sending an oversized JSON payload. Mattermost Advisory ID: MMSA-2026-00611", "cvss_score": 3.7, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "cvss_severity": "LOW", "cwes": ["CWE-770"], "affected_products": [], "references": [{"url": "https://mattermost.com/security-updates", "source": "responsibledisclosure@mattermost.com", "tags": []}], "published": "2026-04-09T11:16:21.047", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00039, "epss_percentile": 0.11505, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 11, "ats_level": "INFO", "ats_breakdown": {"severity": 11.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35648", "description": "OpenClaw before 2026.3.22 contains a policy bypass vulnerability where queued node actions are not revalidated against current command policy when delivered. Attackers can exploit stale allowlists or declarations that survive policy tightening to execute unauthorized commands.", "cvss_score": 3.7, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "LOW", "cwes": ["CWE-367"], "affected_products": [{"vendor": "openclaw", "product": "openclaw", "cpe": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*"}], "references": [{"url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87", "source": "disclosure@vulncheck.com", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/commit/ec2c6d83b9f5f91d6d9094842e0f19b88e63e3e2", "source": "disclosure@vulncheck.com", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-wj55-88gf-x564", "source": "disclosure@vulncheck.com", "tags": ["Vendor Advisory"]}, {"url": "https://www.vulncheck.com/advisories/openclaw-policy-bypass-via-unvalidated-queued-node-actions", "source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"]}], "published": "2026-04-10T17:17:05.253", "last_modified": "2026-04-13T20:46:20.157", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00027, "epss_percentile": 0.0764, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 11, "ats_level": "INFO", "ats_breakdown": {"severity": 11.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40097", "description": "Step CA is an online certificate authority for secure, automated certificate management for DevOps. From 0.24.0 to before 0.30.0-rc3, an attacker can trigger an index out-of-bounds panic in Step CA by sending a crafted attestation key (AK) certificate with an empty Extended Key Usage (EKU) extension during TPM device attestation. When processing a device-attest-01 ACME challenge using TPM attestation, Step CA validates that the AK certificate contains the tcg-kp-AIKCertificate Extended Key Usage OID. During this validation, the EKU extension value is decoded from its ASN.1 representation and the first element is checked. A crafted certificate could include an EKU extension that decodes to an empty sequence, causing the code to panic when accessing the first element of the empty slice. This vulnerability is only reachable when a device-attest-01 ACME challenge with TPM attestation is configured. Deployments not using TPM device attestation are not affected. This vulnerability is fixed in 0.30.0-rc3.", "cvss_score": 3.7, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "cvss_severity": "LOW", "cwes": ["CWE-129"], "affected_products": [], "references": [{"url": "https://github.com/smallstep/certificates/commit/ffd31ac0a87e03b0224cb8363094bfe602242888", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/smallstep/certificates/pull/2569", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/smallstep/certificates/releases/tag/v0.30.0", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/smallstep/certificates/security/advisories/GHSA-9qq8-cgcv-qmc9", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-10T17:17:12.823", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0003, "epss_percentile": 0.08509, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 11, "ats_level": "INFO", "ats_breakdown": {"severity": 11.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40184", "description": "TREK is a collaborative travel planner. Prior to 2.7.2, TREK served uploaded photos without requiring authentication. This vulnerability is fixed in 2.7.2.", "cvss_score": 3.7, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "LOW", "cwes": ["CWE-306"], "affected_products": [], "references": [{"url": "https://github.com/mauriceboe/TREK/commit/16277a3811a00c2983f7486fee83c112986cb179", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/mauriceboe/TREK/releases/tag/v2.7.2", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/mauriceboe/TREK/security/advisories/GHSA-wxx3-84fc-mrx2", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-10T20:16:23.417", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0005, "epss_percentile": 0.15394, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 11, "ats_level": "INFO", "ats_breakdown": {"severity": 11.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40194", "description": "phpseclib is a PHP secure communications library. Prior to 3.0.51, 2.0.53, and 1.0.28, phpseclib\\Net\\SSH2::get_binary_packet() uses PHP's != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on equal-length binary strings in PHP uses memcmp(), which short-circuits on the first differing byte. This is a real variable-time comparison (CWE-208), proven by scaling benchmarks. This vulnerability is fixed in 3.0.51, 2.0.53, and 1.0.28.", "cvss_score": 3.7, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "LOW", "cwes": ["CWE-208"], "affected_products": [], "references": [{"url": "https://github.com/phpseclib/phpseclib/commit/ffe48b6b1b1af6963327f0a5330e3aa004a194ac", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/phpseclib/phpseclib/releases/tag/1.0.28", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/phpseclib/phpseclib/releases/tag/2.0.53", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/phpseclib/phpseclib/releases/tag/3.0.51", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/phpseclib/phpseclib/security/advisories/GHSA-r854-jrxh-36qx", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/phpseclib/phpseclib/security/advisories/GHSA-r854-jrxh-36qx", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": []}], "published": "2026-04-10T21:16:27.583", "last_modified": "2026-04-13T16:16:32.630", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0001, "epss_percentile": 0.00992, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 11, "ats_level": "INFO", "ats_breakdown": {"severity": 11.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-40745", "description": "A vulnerability has been identified in Siemens Software Center (All versions < V3.5.8.2), Simcenter 3D (All versions < V2506.6000), Simcenter Femap (All versions < V2506.0002), Simcenter STAR-CCM+ (All versions < V2602), Solid Edge SE2025 (All versions < V225.0 Update 13), Solid Edge SE2026 (All versions < V226.0 Update 04), Tecnomatix Plant Simulation (All versions < V2504.0008). Affected applications do not properly validate client certificates to connect to Analytics Service endpoint. This could allow an unauthenticated remote attacker to perform man in the middle attacks.", "cvss_score": 3.7, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "LOW", "cwes": ["CWE-295"], "affected_products": [], "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-981622.html", "source": "productcert@siemens.com", "tags": []}], "published": "2026-04-14T09:16:34.683", "last_modified": "2026-04-14T09:16:34.683", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00017, "epss_percentile": 0.04095, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1557", "name": "Adversary-in-the-Middle", "tactic": "Credential Access"}], "ats_score": 11, "ats_level": "INFO", "ats_breakdown": {"severity": 11.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-0245", "description": "Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed. This vulnerability was fixed in Firefox 134.", "cvss_score": 3.3, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "cvss_severity": "LOW", "cwes": [], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1895342", "source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-01/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-01-07T16:15:39.167", "last_modified": "2026-04-13T15:16:34.837", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 9e-05, "epss_percentile": 0.00902, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 10, "ats_level": "INFO", "ats_breakdown": {"severity": 9.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-13015", "description": "Spoofing issue in Firefox. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, and Firefox ESR 115.30.", "cvss_score": 3.4, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "cvss_severity": "LOW", "cwes": ["CWE-290"], "affected_products": [{"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"}, {"vendor": "mozilla", "product": "firefox", "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1994164", "source": "security@mozilla.org", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-87/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-88/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-89/", "source": "security@mozilla.org", "tags": ["Vendor Advisory"]}], "published": "2025-11-11T16:15:38.573", "last_modified": "2026-04-13T15:16:42.470", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00029, "epss_percentile": 0.08119, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 10, "ats_level": "INFO", "ats_breakdown": {"severity": 10.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33404", "description": "Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6.5, client hostnames and IP addresses from the FTL database are rendered into the DOM without escaping in network.js (Network page) and charts.js/index.js (Dashboard chart tooltips). While upstream validation in dnsmasq and FTL blocks HTML characters via normal DHCP/DNS paths, the web UI performs no output escaping — an inconsistency with other fields in the same file that are properly escaped. This vulnerability is fixed in 6.5.", "cvss_score": 3.4, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "cvss_severity": "LOW", "cwes": ["CWE-79"], "affected_products": [{"vendor": "pi-hole", "product": "web_interface", "cpe": "cpe:2.3:a:pi-hole:web_interface:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/pi-hole/web/security/advisories/GHSA-px6w-85wp-ww9v", "source": "security-advisories@github.com", "tags": ["Third Party Advisory"]}], "published": "2026-04-06T15:17:10.473", "last_modified": "2026-04-14T19:16:29.567", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00022, "epss_percentile": 0.05826, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 10, "ats_level": "INFO", "ats_breakdown": {"severity": 10.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5806", "description": "A security vulnerability has been detected in code-projects Easy Blog Site 1.0. This affects an unknown function of the file /posts/update.php. The manipulation of the argument postTitle leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.", "cvss_score": 3.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "cvss_severity": "LOW", "cwes": ["CWE-79", "CWE-94"], "affected_products": [], "references": [{"url": "https://code-projects.org/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/ahmadmarz10-hub/CVEsMarz/blob/main/Stored%20Cross-Site%20Scripting%20(XSS)%20in%20Easy%20Blog%20Site%20PHP%20postTitle%20Parameter.md", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/787045", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356244", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356244/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-08T22:16:24.683", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00031, "epss_percentile": 0.08867, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}, {"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 10, "ats_level": "INFO", "ats_breakdown": {"severity": 10.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5810", "description": "A flaw has been found in SourceCodester Sales and Inventory System 1.0. Affected is an unknown function of the file /delete.php of the component GET Parameter Handler. This manipulation of the argument ID causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been published and may be used.", "cvss_score": 3.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "cvss_severity": "LOW", "cwes": ["CWE-79", "CWE-94"], "affected_products": [], "references": [{"url": "https://github.com/meifukun/Web-Security-PoCs/blob/main/Inventory-System/XSS-Delete-id.md", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/787670", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356246", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356246/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.sourcecodester.com/", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-08T22:16:25.067", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00031, "epss_percentile": 0.08867, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}, {"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 10, "ats_level": "INFO", "ats_breakdown": {"severity": 10.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40077", "description": "Beszel is a server monitoring platform. Prior to 0.18.7, some API endpoints in the Beszel hub accept a user-supplied system ID and proceed without further checks that the user should have access to that system. As a result, any authenticated user can access these routes for any system if they know the system's ID. System IDs are random 15 character alphanumeric strings, and are not exposed to all users. However, it is theoretically possible for an authenticated user to enumerate a valid system ID via web API. To use the containers endpoints, the user would also need to enumerate a container ID, which is 12 digit hexadecimal string. This vulnerability is fixed in 0.18.7.", "cvss_score": 3.5, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N", "cvss_severity": "LOW", "cwes": ["CWE-184"], "affected_products": [], "references": [{"url": "https://github.com/henrygd/beszel/releases/tag/v0.18.7", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/henrygd/beszel/security/advisories/GHSA-5f5r-95pg-xrpm", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-09T20:16:27.230", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00048, "epss_percentile": 0.14654, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 10, "ats_level": "INFO", "ats_breakdown": {"severity": 10.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33551", "description": "An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials can create EC2 credentials. By using a restricted application credential to call the EC2 credential creation API, an authenticated user with only a reader role may obtain an EC2/S3 credential that carries the full set of the parent user's S3 permissions, effectively bypassing the role restrictions imposed on the application credential. Only deployments that use restricted application credentials in combination with the EC2/S3 compatibility API (swift3 / s3api) are affected.", "cvss_score": 3.5, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N", "cvss_severity": "LOW", "cwes": ["CWE-863"], "affected_products": [], "references": [{"url": "https://bugs.launchpad.net/keystone/+bug/2142138", "source": "cve@mitre.org", "tags": []}, {"url": "https://security.openstack.org/ossa/OSSA-2026-005.html", "source": "cve@mitre.org", "tags": []}, {"url": "http://www.openwall.com/lists/oss-security/2026/04/07/12", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}, {"url": "https://bugs.launchpad.net/keystone/+bug/2142138", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": []}], "published": "2026-04-10T03:16:02.723", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0002, "epss_percentile": 0.05422, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 10, "ats_level": "INFO", "ats_breakdown": {"severity": 10.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6042", "description": "A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local position. To fix this issue, it is recommended to deploy a patch.", "cvss_score": 3.3, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "cvss_severity": "LOW", "cwes": ["CWE-404", "CWE-407"], "affected_products": [], "references": [{"url": "https://vuldb.com/submit/796352", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356620", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356620/cti", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.openwall.com/lists/oss-security/2026/04/02/10", "source": "cna@vuldb.com", "tags": []}, {"url": "https://www.openwall.com/lists/oss-security/2026/04/03/2", "source": "cna@vuldb.com", "tags": []}, {"url": "http://www.openwall.com/lists/oss-security/2026/04/09/19", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2026-04-10T09:16:25.450", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00013, "epss_percentile": 0.02047, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 10, "ats_level": "INFO", "ats_breakdown": {"severity": 9.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6106", "description": "A vulnerability was detected in 1Panel-dev MaxKB up to 2.2.1. This vulnerability affects the function StaticHeadersMiddleware of the file apps/common/middleware/static_headers_middleware.py of the component Public Chat Interface. The manipulation of the argument Name results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used. Upgrading to version 2.8.0 is able to resolve this issue. The patch is identified as 026a2d623e2aa5efa67c4834651e79d5d7cab1da. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.", "cvss_score": 3.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "cvss_severity": "LOW", "cwes": ["CWE-79", "CWE-94"], "affected_products": [], "references": [{"url": "https://github.com/1Panel-dev/MaxKB/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/1Panel-dev/MaxKB/commit/026a2d623e2aa5efa67c4834651e79d5d7cab1da", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/1Panel-dev/MaxKB/pull/4919", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/1Panel-dev/MaxKB/releases/tag/v2.8.0", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/AnalogyC0de/public_exp/issues/23", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/781810", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356965", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356965/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-11T23:16:05.823", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00033, "epss_percentile": 0.09303, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}, {"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 10, "ats_level": "INFO", "ats_breakdown": {"severity": 10.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6107", "description": "A flaw has been found in 1Panel-dev MaxKB up to 2.6.1. This issue affects some unknown processing of the file apps/common/middleware/chat_headers_middleware.py of the component ChatHeadersMiddleware. This manipulation of the argument Name causes cross site scripting. Remote exploitation of the attack is possible. Upgrading to version 2.8.0 is capable of addressing this issue. Patch name: 026a2d623e2aa5efa67c4834651e79d5d7cab1da. Upgrading the affected component is advised. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.", "cvss_score": 3.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "cvss_severity": "LOW", "cwes": ["CWE-79", "CWE-94"], "affected_products": [], "references": [{"url": "https://github.com/1Panel-dev/MaxKB/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/1Panel-dev/MaxKB/commit/026a2d623e2aa5efa67c4834651e79d5d7cab1da", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/1Panel-dev/MaxKB/pull/4919", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/1Panel-dev/MaxKB/releases/tag/v2.8.0", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/AnalogyC0de/public_exp/issues/24", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/782263", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356966", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356966/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-12T01:16:16.583", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00033, "epss_percentile": 0.09303, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}, {"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 10, "ats_level": "INFO", "ats_breakdown": {"severity": 10.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6162", "description": "A vulnerability has been found in PHPGurukul Company Visitor Management System 2.0. This impacts an unknown function of the file /bwdates-reports-details.php. The manipulation of the argument fromdate leads to cross site scripting. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.", "cvss_score": 3.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "cvss_severity": "LOW", "cwes": ["CWE-79", "CWE-94"], "affected_products": [], "references": [{"url": "https://github.com/f1rstb100d/CVE/issues/44", "source": "cna@vuldb.com", "tags": []}, {"url": "https://phpgurukul.com/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/797171", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357048", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357048/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-13T05:16:05.837", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00031, "epss_percentile": 0.08675, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}, {"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 10, "ats_level": "INFO", "ats_breakdown": {"severity": 10.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-21012", "description": "External control of file name in AODManager prior to SMR Apr-2026 Release 1 allows privileged local attacker to create file with system privilege.", "cvss_score": 3.3, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "LOW", "cwes": [], "affected_products": [{"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:-:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-apr-2022-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-apr-2023-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-apr-2024-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-apr-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-aug-2022-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-aug-2023-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-aug-2024-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-aug-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-dec-2021-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-dec-2022-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-dec-2023-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-dec-2024-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-dec-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-feb-2022-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-feb-2023-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-feb-2024-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-feb-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-feb-2026-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-jan-2022-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-jan-2023-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-jan-2024-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-jan-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-jan-2026-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-jul-2022-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-jul-2023-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-jul-2024-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-jul-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-jun-2022-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-jun-2023-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-jun-2024-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-jun-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-mar-2022-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-mar-2023-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-mar-2024-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-mar-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-mar-2026-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-may-2022-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-may-2023-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-may-2024-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-may-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-nov-2021-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-nov-2022-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-nov-2023-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-nov-2024-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-nov-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-oct-2022-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-oct-2023-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-oct-2024-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-oct-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-sep-2022-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-sep-2023-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-sep-2024-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:14.0:smr-sep-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:-:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-apr-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-aug-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-dec-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-feb-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-feb-2026-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-jan-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-jan-2026-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-jul-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-jun-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-mar-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-mar-2026-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-may-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-nov-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-oct-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-sep-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:16.0:-:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:16.0:smr-aug-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:16.0:smr-dec-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:16.0:smr-feb-2026-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:16.0:smr-jan-2026-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:16.0:smr-mar-2026-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:16.0:smr-nov-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:16.0:smr-oct-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:16.0:smr-sep-2025-r1:*:*:*:*:*:*"}], "references": [{"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=04", "source": "mobile.security@samsung.com", "tags": ["Vendor Advisory"]}], "published": "2026-04-13T06:16:05.887", "last_modified": "2026-04-13T18:16:23.360", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00014, "epss_percentile": 0.02307, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 10, "ats_level": "INFO", "ats_breakdown": {"severity": 9.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-15632", "description": "A vulnerability has been found in 1Panel-dev MaxKB up to 2.4.2. Impacted is an unknown function of the file ui/src/chat.ts of the component MdPreview. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.5.0 is recommended to address this issue. The name of the patch is 7230daa5ec3e6574b6ede83dd48a4fbc0e70b8d8. It is advisable to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.", "cvss_score": 3.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "cvss_severity": "LOW", "cwes": ["CWE-79", "CWE-94"], "affected_products": [], "references": [{"url": "https://github.com/1Panel-dev/MaxKB/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/1Panel-dev/MaxKB/commit/7230daa5ec3e6574b6ede83dd48a4fbc0e70b8d8", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/1Panel-dev/MaxKB/pull/4578", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/1Panel-dev/MaxKB/releases/tag/v2.5.0", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/AnalogyC0de/public_exp/issues/28", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/782265", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356967", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356967/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-13T10:16:10.160", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00033, "epss_percentile": 0.09303, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}, {"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 10, "ats_level": "INFO", "ats_breakdown": {"severity": 10.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6192", "description": "A vulnerability was identified in uclouvain openjpeg up to 2.5.4. This impacts the function opj_pi_initialise_encode in the library src/lib/openjp2/pi.c. The manipulation leads to integer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. The identifier of the patch is 839936aa33eb8899bbbd80fda02796bb65068951. It is suggested to install a patch to address this issue.", "cvss_score": 3.3, "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "cvss_severity": "LOW", "cwes": ["CWE-189", "CWE-190"], "affected_products": [], "references": [{"url": "https://github.com/uclouvain/openjpeg/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/uclouvain/openjpeg/commit/839936aa33eb8899bbbd80fda02796bb65068951", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/uclouvain/openjpeg/issues/1619", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/uclouvain/openjpeg/pull/1628", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/797385", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357114", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357114/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-13T17:16:32.333", "last_modified": "2026-04-13T17:16:32.333", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00013, "epss_percentile": 0.02047, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 10, "ats_level": "INFO", "ats_breakdown": {"severity": 9.9, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33659", "description": "EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below, the POST /api/v1/Attachment/fromImageUrl endpoint is vulnerable to Server-Side Request Forgery (SSRF) via a DNS rebinding (TOCTOU) condition. Host validation uses dns_get_record() but the actual HTTP request resolves hostnames through curl's internal resolver (gethostbyname()), allowing the two lookups to return different IP addresses for the same hostname. A secondary issue exists where an empty DNS result (due to DNS failure, IPv6-only domains, or non-existent hostnames) causes the validation to implicitly allow the host without further checks. An authenticated attacker with default attachment creation access can exploit this gap to bypass internal IP restrictions and scan internal network ports, confirm the existence of internal hosts, and interact with internal HTTP-based services, though data extraction from binary protocol services and remote code execution are not possible through this endpoint. This issue has been fixed in version 9.3.4.", "cvss_score": 3.5, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N", "cvss_severity": "LOW", "cwes": ["CWE-367", "CWE-918"], "affected_products": [], "references": [{"url": "https://github.com/espocrm/espocrm/commit/dca03cc3458e487362c26c746378a2d4de9990b1", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/espocrm/espocrm/releases/tag/9.3.4", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/espocrm/espocrm/security/advisories/GHSA-6m4j-fwrx-crh7", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/espocrm/espocrm/security/advisories/GHSA-6m4j-fwrx-crh7", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": []}], "published": "2026-04-13T21:16:24.760", "last_modified": "2026-04-14T15:16:28.450", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00039, "epss_percentile": 0.11692, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1090", "name": "Proxy", "tactic": "Command and Control"}], "ats_score": 10, "ats_level": "INFO", "ats_breakdown": {"severity": 10.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6216", "description": "A security vulnerability has been detected in DbGate up to 7.1.4. This affects an unknown function of the file packages/web/src/icons/FontIcon.svelte of the component SVG Icon String Handler. Such manipulation of the argument applicationIcon leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 7.1.5 mitigates this issue. It is advisable to upgrade the affected component.", "cvss_score": 3.5, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "cvss_severity": "LOW", "cwes": ["CWE-79", "CWE-94"], "affected_products": [], "references": [{"url": "https://github.com/dbgate/dbgate/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/dbgate/dbgate/releases/tag/v7.1.5", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/785841", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357135", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357135/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-13T21:16:32.003", "last_modified": "2026-04-13T21:16:32.003", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00031, "epss_percentile": 0.08675, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}, {"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 10, "ats_level": "INFO", "ats_breakdown": {"severity": 10.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-11731", "description": "A flaw was found in the exsltFuncResultComp() function of libxslt, which handles EXSLT <func:result> elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regular XML element node, resulting in a type confusion. This can cause unexpected memory reads and potential crashes. While difficult to exploit, the flaw could lead to application instability or denial of service.", "cvss_score": 3.1, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "cvss_severity": "LOW", "cwes": ["CWE-843"], "affected_products": [], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-11731", "source": "secalert@redhat.com", "tags": []}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403688", "source": "secalert@redhat.com", "tags": []}, {"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/151", "source": "secalert@redhat.com", "tags": []}, {"url": "https://gitlab.gnome.org/GNOME/libxslt/-/merge_requests/78", "source": "secalert@redhat.com", "tags": []}], "published": "2025-10-14T06:15:34.483", "last_modified": "2026-04-13T18:16:26.837", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00076, "epss_percentile": 0.22771, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 9, "ats_level": "INFO", "ats_breakdown": {"severity": 9.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-0968", "description": "A flaw was found in libssh in which a malicious SFTP (SSH File Transfer Protocol) server can exploit this by sending a malformed 'longname' field within an `SSH_FXP_NAME` message during a file listing operation. This missing null check can lead to reading beyond allocated memory on the heap. This can cause unexpected behavior or lead to a denial of service (DoS) due to application crashes.", "cvss_score": 3.1, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "cvss_severity": "LOW", "cwes": ["CWE-476"], "affected_products": [{"vendor": "libssh", "product": "libssh", "cpe": "cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*"}, {"vendor": "redhat", "product": "enterprise_linux", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*"}, {"vendor": "redhat", "product": "enterprise_linux", "cpe": "cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*"}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-0968", "source": "secalert@redhat.com", "tags": ["Third Party Advisory"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436982", "source": "secalert@redhat.com", "tags": ["Third Party Advisory"]}, {"url": "https://www.libssh.org/2026/02/10/libssh-0-12-0-and-0-11-4-security-releases/", "source": "secalert@redhat.com", "tags": ["Release Notes"]}], "published": "2026-03-26T21:17:01.150", "last_modified": "2026-04-13T20:15:09.527", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00039, "epss_percentile": 0.11754, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 9, "ats_level": "INFO", "ats_breakdown": {"severity": 9.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32696", "description": "NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In NanoMQ version 0.24.6, after enabling auth.http_auth (HTTP authentication), when a client connects to the broker using MQTT CONNECT without providing username/password, and the configuration params uses the placeholders %u / %P (e.g., username=\"%u\", password=\"%P\"), the HTTP request construction phase enters auth_http.c:set_data(). This results in calling strlen() on a NULL pointer, causing a SIGSEGV crash. This crash can be triggered remotely, resulting in a denial of service. This issue has been patched in version 0.24.7.", "cvss_score": 3.1, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "cvss_severity": "LOW", "cwes": ["CWE-476"], "affected_products": [{"vendor": "emqx", "product": "nanomq", "cpe": "cpe:2.3:a:emqx:nanomq:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/nanomq/NanoNNG/commit/c20aa27e5290bb480a5315099952480d35f37a8b", "source": "security-advisories@github.com", "tags": ["Patch"]}, {"url": "https://github.com/nanomq/NanoNNG/pull/1394", "source": "security-advisories@github.com", "tags": ["Issue Tracking", "Patch"]}, {"url": "https://github.com/nanomq/nanomq/releases/tag/0.24.7", "source": "security-advisories@github.com", "tags": ["Product", "Release Notes"]}, {"url": "https://github.com/nanomq/nanomq/security/advisories/GHSA-77f4-wvq8-mp3p", "source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"]}], "published": "2026-03-30T21:17:09.603", "last_modified": "2026-04-13T14:07:31.690", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0002, "epss_percentile": 0.0514, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 9, "ats_level": "INFO", "ats_breakdown": {"severity": 9.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-0396", "description": "An attacker might be able to inject HTML content into the internal web dashboard by sending crafted DNS queries to a DNSdist instance where domain-based dynamic rules have been enabled via either DynBlockRulesGroup:setSuffixMatchRule or DynBlockRulesGroup:setSuffixMatchRuleFFI.", "cvss_score": 3.1, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "cvss_severity": "LOW", "cwes": ["CWE-80"], "affected_products": [{"vendor": "powerdns", "product": "dnsdist", "cpe": "cpe:2.3:a:powerdns:dnsdist:*:*:*:*:*:*:*:*"}, {"vendor": "powerdns", "product": "dnsdist", "cpe": "cpe:2.3:a:powerdns:dnsdist:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html", "source": "security@open-xchange.com", "tags": ["Vendor Advisory"]}], "published": "2026-03-31T12:16:27.190", "last_modified": "2026-04-13T12:46:34.270", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 4e-05, "epss_percentile": 0.00154, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 9, "ats_level": "INFO", "ats_breakdown": {"severity": 9.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-0397", "description": "When the internal webserver is enabled (default is disabled), an attacker might be able to trick an administrator logged to the dashboard into visiting a malicious website and extract information about the running configuration from the dashboard. The root cause of the issue is a misconfiguration of the Cross-Origin Resource Sharing (CORS) policy.", "cvss_score": 3.1, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "cvss_severity": "LOW", "cwes": ["CWE-942"], "affected_products": [{"vendor": "powerdns", "product": "dnsdist", "cpe": "cpe:2.3:a:powerdns:dnsdist:*:*:*:*:*:*:*:*"}, {"vendor": "powerdns", "product": "dnsdist", "cpe": "cpe:2.3:a:powerdns:dnsdist:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html", "source": "security@open-xchange.com", "tags": ["Vendor Advisory"]}], "published": "2026-03-31T12:16:27.340", "last_modified": "2026-04-14T16:27:53.770", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00011, "epss_percentile": 0.01237, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 9, "ats_level": "INFO", "ats_breakdown": {"severity": 9.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40109", "description": "Flux notification-controller is the event forwarder and notification dispatcher for the GitOps Toolkit controllers. Prior to 1.8.3, the gcr Receiver type in Flux notification-controller does not validate the email claim of Google OIDC tokens used for Pub/Sub push authentication. This allows any valid Google-issued token, to authenticate against the Receiver webhook endpoint, triggering unauthorized Flux reconciliations. Exploitation requires the attacker to know the Receiver's webhook URL. The webhook path is generated as /hook/sha256sum(token+name+namespace), where the token is a random string stored in a Kubernetes Secret. There is no API or endpoint that enumerates webhook URLs. An attacker cannot discover the path without either having access to the cluster and permissions to read the Receiver's .status.webhookPath in the target namespace, or obtaining the URL through other means (e.g. leaked secrets or access to Pub/Sub config). Upon successful authentication, the controller triggers a reconciliation for all resources listed in the Receiver's .spec.resources. However, the practical impact is limited: Flux reconciliation is idempotent, so if the desired state in the configured sources (Git, OCI, Helm) has not changed, the reconciliation results in a no-op with no effect on cluster state. Additionally, Flux controllers deduplicate reconciliation requests, sending many requests in a short period results in only a single reconciliation being processed. This vulnerability is fixed in 1.8.3.", "cvss_score": 3.1, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "LOW", "cwes": ["CWE-287", "CWE-345"], "affected_products": [], "references": [{"url": "https://github.com/fluxcd/notification-controller/pull/1279", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/fluxcd/notification-controller/releases/tag/v1.8.3", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/fluxcd/notification-controller/security/advisories/GHSA-h9cx-xjg6-5v2w", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-09T21:16:12.277", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00012, "epss_percentile": 0.01579, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1078", "name": "Valid Accounts", "tactic": "Initial Access"}], "ats_score": 9, "ats_level": "INFO", "ats_breakdown": {"severity": 9.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40228", "description": "In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a \"logger -p emerg\" command is executed, if ForwardToWall=yes is set.", "cvss_score": 2.9, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "LOW", "cwes": ["CWE-669"], "affected_products": [], "references": [{"url": "https://www.openwall.com/lists/oss-security/2026/04/08/1", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-10T16:16:33.753", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00012, "epss_percentile": 0.01851, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 9, "ats_level": "INFO", "ats_breakdown": {"severity": 8.7, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40354", "description": "Flatpak xdg-desktop-portal before 1.20.4 and 1.21.x before 1.21.1 allows any Flatpak app to trash any file in the host context via a symlink attack on g_file_trash.", "cvss_score": 2.9, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "cvss_severity": "LOW", "cwes": ["CWE-61"], "affected_products": [], "references": [{"url": "https://github.com/flatpak/xdg-desktop-portal/releases/tag/1.20.4", "source": "cve@mitre.org", "tags": []}, {"url": "https://github.com/flatpak/xdg-desktop-portal/releases/tag/1.21.1", "source": "cve@mitre.org", "tags": []}, {"url": "https://github.com/flatpak/xdg-desktop-portal/security/advisories/GHSA-rqr9-jwwf-wxgj", "source": "cve@mitre.org", "tags": []}, {"url": "https://www.openwall.com/lists/oss-security/2026/04/10/14", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-11T01:16:16.270", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00014, "epss_percentile": 0.02526, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 9, "ats_level": "INFO", "ats_breakdown": {"severity": 8.7, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39419", "description": "MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, an authenticated user can bypass sandbox result validation and spoof tool execution results by exploiting Python frame introspection to read the wrapper's UUID from its bytecode constants, then writing a forged result directly to file descriptor 1 (bypassing stdout redirection). By calling sys.exit(0), the attacker terminates the wrapper before it prints the legitimate output, causing the MaxKB service to parse and trust the spoofed response as the genuine tool result. This issue has been fixed in version 2.8.0.", "cvss_score": 3.1, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "LOW", "cwes": ["CWE-74", "CWE-290", "CWE-693"], "affected_products": [], "references": [{"url": "https://github.com/1Panel-dev/MaxKB/commit/38c4cfecd065293ede0437f6fa76cf0116591d25", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/1Panel-dev/MaxKB/releases/tag/v2.8.0", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-f3c8-p474-xwfv", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-14T02:16:05.143", "last_modified": "2026-04-14T02:16:05.143", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00047, "epss_percentile": 0.14278, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 9, "ats_level": "INFO", "ats_breakdown": {"severity": 9.3, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-26964", "description": "Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Versions 1.634.6\n and below allow non-admin users to obtain Slack OAuth client secrets, which should only be accessible to workspace administrators. The GET /api/w/{workspace}/workspaces/get_settings endpoint returns the slack_oauth_client_secret to any authenticated workspace member, regardless of their admin status. It is expected behavior for non-admin users see a redacted version of workspace settings, as some of them are necessary for the frontend to behave correctly even for non-admins. However, the Slack configuration should not be visible to non-admins. This is a legacy issue where the setting was stored as a plain value instead of using $variable indirection, and it was never added to the redaction logic. This issue has been fixed in version 1.635.0.", "cvss_score": 2.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "LOW", "cwes": ["CWE-200"], "affected_products": [{"vendor": "windmill", "product": "windmill", "cpe": "cpe:2.3:a:windmill:windmill:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/windmill-labs/windmill/commit/43218c62852490d0efafa8f94385bfe0e8f2ad82", "source": "security-advisories@github.com", "tags": ["Patch"]}, {"url": "https://github.com/windmill-labs/windmill/releases/tag/v1.635.0", "source": "security-advisories@github.com", "tags": ["Product", "Release Notes"]}, {"url": "https://github.com/windmill-labs/windmill/security/advisories/GHSA-f27g-j463-q85w", "source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"]}], "published": "2026-02-20T00:16:16.330", "last_modified": "2026-04-14T00:50:19.050", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00059, "epss_percentile": 0.18482, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1005", "name": "Data from Local System", "tactic": "Collection"}], "ats_score": 8, "ats_level": "INFO", "ats_breakdown": {"severity": 8.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-3469", "description": "A denial-of-service (DoS) vulnerability exists due to improper input validation in the SonicWall Email Security appliance, allowing a remote authenticated attacker as admin user to cause the application to become unresponsive.", "cvss_score": 2.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "cvss_severity": "LOW", "cwes": ["CWE-20"], "affected_products": [{"vendor": "sonicwall", "product": "email_security", "cpe": "cpe:2.3:a:sonicwall:email_security:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0002", "source": "PSIRT@sonicwall.com", "tags": ["Vendor Advisory"]}], "published": "2026-03-31T21:16:33.163", "last_modified": "2026-04-13T16:49:49.573", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00153, "epss_percentile": 0.35936, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 8, "ats_level": "INFO", "ats_breakdown": {"severity": 8.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4292", "description": "An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30.\nAdmin changelist forms using `ModelAdmin.list_editable` incorrectly allowed new\r\ninstances to be created via forged `POST` data.\nEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\nDjango would like to thank Cantina for reporting this issue.", "cvss_score": 2.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "LOW", "cwes": ["CWE-862"], "affected_products": [{"vendor": "djangoproject", "product": "django", "cpe": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*"}, {"vendor": "djangoproject", "product": "django", "cpe": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*"}, {"vendor": "djangoproject", "product": "django", "cpe": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://docs.djangoproject.com/en/dev/releases/security/", "source": "6a34fbeb-21d4-45e7-8e0a-62b95bc12c92", "tags": ["Patch", "Vendor Advisory"]}, {"url": "https://groups.google.com/g/django-announce", "source": "6a34fbeb-21d4-45e7-8e0a-62b95bc12c92", "tags": ["Release Notes"]}, {"url": "https://www.djangoproject.com/weblog/2026/apr/07/security-releases/", "source": "6a34fbeb-21d4-45e7-8e0a-62b95bc12c92", "tags": ["Patch", "Vendor Advisory"]}], "published": "2026-04-07T15:17:46.650", "last_modified": "2026-04-13T17:34:48.397", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00013, "epss_percentile": 0.01931, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 8, "ats_level": "INFO", "ats_breakdown": {"severity": 8.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39510", "description": "Authorization Bypass Through User-Controlled Key vulnerability in WP Chill Image Photo Gallery Final Tiles Grid final-tiles-grid-gallery-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Photo Gallery Final Tiles Grid: from n/a through <= 3.6.11.", "cvss_score": 2.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "LOW", "cwes": ["CWE-639"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/final-tiles-grid-gallery-lite/vulnerability/wordpress-image-photo-gallery-final-tiles-grid-plugin-3-6-11-insecure-direct-object-references-idor-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:25.210", "last_modified": "2026-04-13T17:16:30.267", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00032, "epss_percentile": 0.09059, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 8, "ats_level": "INFO", "ats_breakdown": {"severity": 8.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4916", "description": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with custom role permissions to demote or remove higher-privileged group members due to improper authorization checks on member management operations.", "cvss_score": 2.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", "cvss_severity": "LOW", "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/", "source": "cve@gitlab.com", "tags": []}, {"url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/565414", "source": "cve@gitlab.com", "tags": []}, {"url": "https://hackerone.com/reports/3301240", "source": "cve@gitlab.com", "tags": []}], "published": "2026-04-08T23:17:00.053", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00012, "epss_percentile": 0.01833, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 8, "ats_level": "INFO", "ats_breakdown": {"severity": 8.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34849", "description": "UAF vulnerability in the screen management module.\nImpact: Successful exploitation of this vulnerability may affect availability.", "cvss_score": 2.5, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "cvss_severity": "LOW", "cwes": ["CWE-362"], "affected_products": [{"vendor": "huawei", "product": "harmonyos", "cpe": "cpe:2.3:o:huawei:harmonyos:5.1.0:*:*:*:*:*:*:*"}, {"vendor": "huawei", "product": "harmonyos", "cpe": "cpe:2.3:o:huawei:harmonyos:6.0.0:*:*:*:*:*:*:*"}], "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2026/4/", "source": "psirt@huawei.com", "tags": ["Vendor Advisory"]}], "published": "2026-04-13T05:16:03.057", "last_modified": "2026-04-14T16:34:28.660", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 6e-05, "epss_percentile": 0.00326, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}], "ats_score": 8, "ats_level": "INFO", "ats_breakdown": {"severity": 7.5, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-36872", "description": "Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_book.php.", "cvss_score": 2.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "LOW", "cwes": ["CWE-89"], "affected_products": [{"vendor": "razormist", "product": "basic_library_system", "cpe": "cpe:2.3:a:razormist:basic_library_system:1.0:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/Thirtypenny77/bug_report/blob/main/sourcecodester/basic-library-system/SQL-1.md", "source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"]}], "published": "2026-04-13T13:16:41.437", "last_modified": "2026-04-14T17:42:25.443", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00021, "epss_percentile": 0.05688, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 8, "ats_level": "INFO", "ats_breakdown": {"severity": 8.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-36873", "description": "Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_admin.php.", "cvss_score": 2.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "LOW", "cwes": ["CWE-89"], "affected_products": [{"vendor": "razormist", "product": "basic_library_system", "cpe": "cpe:2.3:a:razormist:basic_library_system:1.0:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/Thirtypenny77/bug_report/blob/main/sourcecodester/basic-library-system/SQL-2.md", "source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"]}], "published": "2026-04-13T13:16:41.553", "last_modified": "2026-04-14T17:42:59.120", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00021, "epss_percentile": 0.05688, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 8, "ats_level": "INFO", "ats_breakdown": {"severity": 8.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-36874", "description": "Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_student.php.", "cvss_score": 2.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "LOW", "cwes": ["CWE-89"], "affected_products": [{"vendor": "razormist", "product": "basic_library_system", "cpe": "cpe:2.3:a:razormist:basic_library_system:1.0:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/Thirtypenny77/bug_report/blob/main/sourcecodester/basic-library-system/SQL-3.md", "source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"]}], "published": "2026-04-13T13:16:41.673", "last_modified": "2026-04-14T17:43:06.063", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0002, "epss_percentile": 0.0535, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 8, "ats_level": "INFO", "ats_breakdown": {"severity": 8.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-36919", "description": "Sourcecodester Online Reviewer System v1.0 is vulnerale to SQL Injection in the file /system/system/admins/assessments/examproper/exam-update.php.", "cvss_score": 2.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "LOW", "cwes": ["CWE-89"], "affected_products": [{"vendor": "janobe", "product": "online_reviewer_system", "cpe": "cpe:2.3:a:janobe:online_reviewer_system:1.0:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/hubdk01/bug_report/blob/main/Sourcecodester/online-reviewer-system/SQL-2.md", "source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"]}], "published": "2026-04-13T13:16:41.783", "last_modified": "2026-04-14T11:52:16.307", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0002, "epss_percentile": 0.05333, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 8, "ats_level": "INFO", "ats_breakdown": {"severity": 8.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-36920", "description": "Sourcecodester Online Reviewer System v1.0 is vulnerable to SQL Injection in the file /system/system/admins/assessments/examproper/questions-view.php.", "cvss_score": 2.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "LOW", "cwes": ["CWE-89"], "affected_products": [{"vendor": "janobe", "product": "online_reviewer_system", "cpe": "cpe:2.3:a:janobe:online_reviewer_system:1.0:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/hubdk01/bug_report/blob/main/Sourcecodester/online-reviewer-system/SQL-1.md", "source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"]}], "published": "2026-04-13T13:16:41.897", "last_modified": "2026-04-14T11:51:37.507", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0002, "epss_percentile": 0.05333, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 8, "ats_level": "INFO", "ats_breakdown": {"severity": 8.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-36922", "description": "Sourcecodester Cab Management System v1.0 is vulnerable to SQL injection in the file /cms/admin/categories/view_category.php.", "cvss_score": 2.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "LOW", "cwes": ["CWE-89"], "affected_products": [{"vendor": "oretnom23", "product": "cab_management_system", "cpe": "cpe:2.3:a:oretnom23:cab_management_system:1.0:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/hubdk01/bug_report/blob/main/Sourcecodester/cab-management-system/SQL-1.md", "source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"]}], "published": "2026-04-13T13:16:42.000", "last_modified": "2026-04-14T17:43:16.407", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00021, "epss_percentile": 0.05688, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 8, "ats_level": "INFO", "ats_breakdown": {"severity": 8.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-36923", "description": "Sourcecodester Cab Management System 1.0 is vulnerable to SQL Injection in the file /cms/admin/bookings/view_booking.php.", "cvss_score": 2.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "LOW", "cwes": ["CWE-89"], "affected_products": [{"vendor": "oretnom23", "product": "cab_management_system", "cpe": "cpe:2.3:a:oretnom23:cab_management_system:1.0:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/hubdk01/bug_report/blob/main/Sourcecodester/cab-management-system/SQL-2.md", "source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"]}], "published": "2026-04-13T13:16:42.107", "last_modified": "2026-04-14T17:43:23.620", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00021, "epss_percentile": 0.05688, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 8, "ats_level": "INFO", "ats_breakdown": {"severity": 8.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-36946", "description": "Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/inquiries/view_details.php.", "cvss_score": 2.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "LOW", "cwes": ["CWE-89"], "affected_products": [{"vendor": "oretnom23", "product": "computer_and_mobile_repair_shop_management_system", "cpe": "cpe:2.3:a:oretnom23:computer_and_mobile_repair_shop_management_system:1.0:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/huliangjia/bug_report/blob/main/Sourcecodester/computer-and-mobile-repair-shop-management-system/SQL-4.md", "source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"]}], "published": "2026-04-13T14:16:13.883", "last_modified": "2026-04-14T17:43:45.070", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0002, "epss_percentile": 0.0535, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 8, "ats_level": "INFO", "ats_breakdown": {"severity": 8.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-36947", "description": "Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL Injection in the file /rsms/admin/services/view_service.php.", "cvss_score": 2.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "LOW", "cwes": ["CWE-89"], "affected_products": [{"vendor": "oretnom23", "product": "computer_and_mobile_repair_shop_management_system", "cpe": "cpe:2.3:a:oretnom23:computer_and_mobile_repair_shop_management_system:1.0:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/huliangjia/bug_report/blob/main/Sourcecodester/computer-and-mobile-repair-shop-management-system/SQL-5.md", "source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"]}], "published": "2026-04-13T14:16:14.007", "last_modified": "2026-04-14T17:43:58.490", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00021, "epss_percentile": 0.05688, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 8, "ats_level": "INFO", "ats_breakdown": {"severity": 8.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-36941", "description": "Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL Injection in the file /orms/admin/rooms/manage_room.php.", "cvss_score": 2.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "LOW", "cwes": ["CWE-89"], "affected_products": [], "references": [{"url": "https://github.com/huliangjia/bug_report/blob/main/Sourcecodester/online-resort-management-system/SQL-5.md", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-13T15:17:34.170", "last_modified": "2026-04-13T21:16:28.060", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00021, "epss_percentile": 0.05688, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 8, "ats_level": "INFO", "ats_breakdown": {"severity": 8.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-36942", "description": "Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in the file /orms/admin/activities/manage_activity.php.", "cvss_score": 2.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "LOW", "cwes": [], "affected_products": [], "references": [{"url": "https://github.com/huliangjia/bug_report/blob/main/Sourcecodester/online-resort-management-system/SQL-4.md", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-13T15:17:34.290", "last_modified": "2026-04-13T21:16:28.220", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0002, "epss_percentile": 0.0535, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 8, "ats_level": "INFO", "ats_breakdown": {"severity": 8.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-36943", "description": "Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/repairs/manage_repair.php.", "cvss_score": 2.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "LOW", "cwes": ["CWE-89"], "affected_products": [], "references": [{"url": "https://github.com/huliangjia/bug_report/blob/main/Sourcecodester/computer-and-mobile-repair-shop-management-system/SQL-2.md", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-13T15:17:34.410", "last_modified": "2026-04-13T21:16:28.377", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00021, "epss_percentile": 0.05688, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 8, "ats_level": "INFO", "ats_breakdown": {"severity": 8.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-36944", "description": "Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerale to SQL injection in the file/rsms/admin/repairs/view_details.php.", "cvss_score": 2.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "LOW", "cwes": ["CWE-89"], "affected_products": [], "references": [{"url": "https://github.com/huliangjia/bug_report/blob/main/Sourcecodester/computer-and-mobile-repair-shop-management-system/SQL-1.md", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-13T15:17:34.537", "last_modified": "2026-04-13T21:16:28.530", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00021, "epss_percentile": 0.05688, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 8, "ats_level": "INFO", "ats_breakdown": {"severity": 8.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-36945", "description": "Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/clients/manage_client.php", "cvss_score": 2.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "LOW", "cwes": ["CWE-89"], "affected_products": [], "references": [{"url": "https://github.com/huliangjia/bug_report/blob/main/Sourcecodester/computer-and-mobile-repair-shop-management-system/SQL-3.md", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-13T15:17:34.660", "last_modified": "2026-04-13T21:16:28.690", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00021, "epss_percentile": 0.05688, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 8, "ats_level": "INFO", "ats_breakdown": {"severity": 8.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-36937", "description": "Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in /orms/admin/reservations/view_details.php.", "cvss_score": 2.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "LOW", "cwes": ["CWE-89"], "affected_products": [], "references": [{"url": "https://github.com/huliangjia/bug_report/blob/main/Sourcecodester/online-resort-management-system/SQL-1.md", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-13T16:16:29.927", "last_modified": "2026-04-13T21:16:27.743", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00021, "epss_percentile": 0.05688, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 8, "ats_level": "INFO", "ats_breakdown": {"severity": 8.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-36938", "description": "Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in /orms/admin/rooms/view_room.php.", "cvss_score": 2.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "LOW", "cwes": ["CWE-89"], "affected_products": [], "references": [{"url": "https://github.com/huliangjia/bug_report/blob/main/Sourcecodester/online-resort-management-system/SQL-3.md", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-13T16:16:30.033", "last_modified": "2026-04-13T21:16:27.897", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00021, "epss_percentile": 0.05688, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 8, "ats_level": "INFO", "ats_breakdown": {"severity": 8.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-36950", "description": "Sourcecodester Online Thesis Archiving System v1.0 is vulnerable to SQL injection in /otas/projects_per_department.php.", "cvss_score": 2.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "LOW", "cwes": ["CWE-89"], "affected_products": [], "references": [{"url": "https://github.com/huliangjia/bug_report/blob/main/Sourcecodester/online-thesis-archiving-system/SQL-2.md", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-13T17:16:29.110", "last_modified": "2026-04-14T16:16:40.210", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00014, "epss_percentile": 0.02372, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 8, "ats_level": "INFO", "ats_breakdown": {"severity": 8.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-36952", "description": "Sourcecodester Online Thesis Archiving System v1.0 is vulnerable to SQL injection in the file /otas/admin/curriculum/manage_curriculum.php.", "cvss_score": 2.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "LOW", "cwes": ["CWE-89"], "affected_products": [], "references": [{"url": "https://github.com/huliangjia/bug_report/blob/main/Sourcecodester/online-thesis-archiving-system/SQL-5.md", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-13T17:16:29.230", "last_modified": "2026-04-14T16:16:40.380", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00014, "epss_percentile": 0.02372, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 8, "ats_level": "INFO", "ats_breakdown": {"severity": 8.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-37589", "description": "SourceCodester Storage Unit Rental Management System v1.0 is vulnerable to SQL Injection in the file /storage/admin/maintenance/manage_storage_unit.php.", "cvss_score": 2.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "LOW", "cwes": ["CWE-89"], "affected_products": [], "references": [{"url": "https://github.com/shininadd/cve_report/blob/main/sourcecodester/storage-unit-rental-management-system/SQL-3.md", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-14T15:16:32.677", "last_modified": "2026-04-14T16:16:40.577", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 8, "ats_level": "INFO", "ats_breakdown": {"severity": 8.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-37590", "description": "SourceCodester Storage Unit Rental Management System v1.0 is vulnerable to SQL Injection in the file /storage/admin/rents/manage_rent.php.", "cvss_score": 2.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "LOW", "cwes": ["CWE-89"], "affected_products": [], "references": [{"url": "https://github.com/shininadd/cve_report/blob/main/sourcecodester/storage-unit-rental-management-system/SQL-1.md", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-14T15:16:32.800", "last_modified": "2026-04-14T16:16:40.747", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 8, "ats_level": "INFO", "ats_breakdown": {"severity": 8.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-37591", "description": "Sourcecodester Storage Unit Rental Management System v1.0 is vulnerable to SQL injection in the file /storage/admin/tenants/view_details.php.", "cvss_score": 2.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "LOW", "cwes": ["CWE-89"], "affected_products": [], "references": [{"url": "https://github.com/shininadd/cve_report/blob/main/sourcecodester/storage-unit-rental-management-system/SQL-2.md", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-14T15:16:32.920", "last_modified": "2026-04-14T16:16:40.917", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 8, "ats_level": "INFO", "ats_breakdown": {"severity": 8.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-37592", "description": "Sourcecodester Storage Unit Rental Management System v1.0 is vulnerable to SQL in the file /storage/admin/maintenance/manage_pricing.php.", "cvss_score": 2.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "LOW", "cwes": ["CWE-89"], "affected_products": [], "references": [{"url": "https://github.com/shininadd/cve_report/blob/main/sourcecodester/storage-unit-rental-management-system/SQL-4.md", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-14T15:16:33.037", "last_modified": "2026-04-14T16:16:41.130", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 8, "ats_level": "INFO", "ats_breakdown": {"severity": 8.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-37593", "description": "SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/view_att.php.", "cvss_score": 2.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "LOW", "cwes": ["CWE-89"], "affected_products": [], "references": [{"url": "https://github.com/shininadd/cve_report/blob/main/sourcecodester/online-employees-work-home-attendance-system/SQL-1.md", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-14T15:16:33.153", "last_modified": "2026-04-14T16:16:41.333", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 8, "ats_level": "INFO", "ats_breakdown": {"severity": 8.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-37594", "description": "SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/view_employee.php.", "cvss_score": 2.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "LOW", "cwes": ["CWE-89"], "affected_products": [], "references": [{"url": "https://github.com/shininadd/cve_report/blob/main/sourcecodester/online-employees-work-home-attendance-system/SQL-2.md", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-14T15:16:33.273", "last_modified": "2026-04-14T16:16:41.550", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 8, "ats_level": "INFO", "ats_breakdown": {"severity": 8.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-37595", "description": "SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/manage_employee.php.", "cvss_score": 2.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "LOW", "cwes": ["CWE-89"], "affected_products": [], "references": [{"url": "https://github.com/shininadd/cve_report/blob/main/sourcecodester/online-employees-work-home-attendance-system/SQL-4.md", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-14T15:16:33.393", "last_modified": "2026-04-14T16:16:41.733", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 8, "ats_level": "INFO", "ats_breakdown": {"severity": 8.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-37596", "description": "SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/manage_department.php.", "cvss_score": 2.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "LOW", "cwes": ["CWE-89"], "affected_products": [], "references": [{"url": "https://github.com/shininadd/cve_report/blob/main/sourcecodester/online-employees-work-home-attendance-system/SQL-3.md", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-14T15:16:33.513", "last_modified": "2026-04-14T16:16:41.900", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 8, "ats_level": "INFO", "ats_breakdown": {"severity": 8.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-37597", "description": "SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/attendance_list.php.", "cvss_score": 2.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "LOW", "cwes": ["CWE-89"], "affected_products": [], "references": [{"url": "https://github.com/shininadd/cve_report/blob/main/sourcecodester/online-employees-work-home-attendance-system/SQL-5.md", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-14T15:16:33.637", "last_modified": "2026-04-14T16:16:42.063", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 8, "ats_level": "INFO", "ats_breakdown": {"severity": 8.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-37598", "description": "SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to arbitrary code execution (RCE) via /scheduler/classes/SystemSettings.php?f=update_settings.", "cvss_score": 2.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "LOW", "cwes": ["CWE-89"], "affected_products": [], "references": [{"url": "https://github.com/shininadd/cve_report/blob/main/sourcecodester/patient-appointment-scheduler-system/RCE-1.md", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-14T15:16:33.750", "last_modified": "2026-04-14T16:16:42.237", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 8, "ats_level": "INFO", "ats_breakdown": {"severity": 8.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-37600", "description": "SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/appointments/view_details.php.", "cvss_score": 2.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "LOW", "cwes": ["CWE-89"], "affected_products": [], "references": [{"url": "https://github.com/shininadd/cve_report/blob/main/sourcecodester/patient-appointment-scheduler-system/SQL-1.md", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-14T15:16:33.863", "last_modified": "2026-04-14T16:16:42.400", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 8, "ats_level": "INFO", "ats_breakdown": {"severity": 8.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-37601", "description": "SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/appointments/manage_appointment.php.", "cvss_score": 2.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "LOW", "cwes": ["CWE-89"], "affected_products": [], "references": [{"url": "https://github.com/shininadd/cve_report/blob/main/sourcecodester/patient-appointment-scheduler-system/SQL-2.md", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-14T15:16:33.987", "last_modified": "2026-04-14T16:16:42.573", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 8, "ats_level": "INFO", "ats_breakdown": {"severity": 8.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-37602", "description": "SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/user/manage_user.php.", "cvss_score": 2.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "LOW", "cwes": ["CWE-89"], "affected_products": [], "references": [{"url": "https://github.com/shininadd/cve_report/blob/main/sourcecodester/patient-appointment-scheduler-system/SQL-3.md", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-14T15:16:34.110", "last_modified": "2026-04-14T16:16:42.770", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 8, "ats_level": "INFO", "ats_breakdown": {"severity": 8.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27316", "description": "A insufficiently protected credentials vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4 all versions, FortiSandbox PaaS 5.0.1 through 5.0.5 may allow an authenticathed administrator to read LDAP server credentials via client-side inspection.", "cvss_score": 2.7, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "LOW", "cwes": ["CWE-522"], "affected_products": [], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-113", "source": "psirt@fortinet.com", "tags": []}], "published": "2026-04-14T16:16:37.863", "last_modified": "2026-04-14T16:16:37.863", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 8, "ats_level": "INFO", "ats_breakdown": {"severity": 8.1, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-40571", "description": "A vulnerability has been identified in Mendix OIDC SSO (Mendix 10.12 compatible) (All versions < V4.0.1), Mendix OIDC SSO (Mendix 9 compatible) (All versions < V3.3.1), Mendix OIDC SSO V4.2 (Mendix 10 compatible) (All versions < V4.2.1), Mendix OIDC SSO V4.3 (Mendix 10 compatible) (All versions). The Mendix OIDC SSO module grants read and write access to all tokens exclusively to the Administrator role and could result in privilege misuse by an adversary modifying the module during Mendix development.", "cvss_score": 2.2, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "LOW", "cwes": ["CWE-266"], "affected_products": [], "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-726617.html", "source": "productcert@siemens.com", "tags": []}], "published": "2025-05-13T10:15:26.373", "last_modified": "2026-04-14T09:16:34.517", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00145, "epss_percentile": 0.34896, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 7, "ats_level": "INFO", "ats_breakdown": {"severity": 6.6, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5834", "description": "A vulnerability was detected in code-projects Online Shoe Store 1.0. Affected is an unknown function of the file /admin/admin_running.php. Performing a manipulation of the argument product_name results in cross site scripting. It is possible to initiate the attack remotely. The exploit is now public and may be used.", "cvss_score": 2.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", "cvss_severity": "LOW", "cwes": ["CWE-79", "CWE-94"], "affected_products": [], "references": [{"url": "https://code-projects.org/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/lonelyuan/vunls/issues/5", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/788339", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356290", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356290/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-09T04:17:20.980", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0003, "epss_percentile": 0.0845, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}, {"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 7, "ats_level": "INFO", "ats_breakdown": {"severity": 7.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5835", "description": "A flaw has been found in code-projects Online Shoe Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/admin_football.php. Executing a manipulation of the argument product_name can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been published and may be used.", "cvss_score": 2.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", "cvss_severity": "LOW", "cwes": ["CWE-79", "CWE-94"], "affected_products": [], "references": [{"url": "https://code-projects.org/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/lonelyuan/vunls/issues/4", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/788340", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356291", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356291/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-09T04:17:23.160", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0003, "epss_percentile": 0.0845, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}, {"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 7, "ats_level": "INFO", "ats_breakdown": {"severity": 7.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5836", "description": "A vulnerability has been found in code-projects Online Shoe Store 1.0. Affected by this issue is some unknown functionality of the file /admin/admin_product.php. The manipulation of the argument product_name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.", "cvss_score": 2.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", "cvss_severity": "LOW", "cwes": ["CWE-79", "CWE-94"], "affected_products": [], "references": [{"url": "https://code-projects.org/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/lonelyuan/vunls/issues/3", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/788341", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356292", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356292/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-09T04:17:23.400", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0003, "epss_percentile": 0.0845, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}, {"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 7, "ats_level": "INFO", "ats_breakdown": {"severity": 7.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6003", "description": "A security vulnerability has been detected in code-projects Simple IT Discussion Forum 1.0. This issue affects some unknown processing of the file /admin/user.php. Such manipulation of the argument fname leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.", "cvss_score": 2.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", "cvss_severity": "LOW", "cwes": ["CWE-79", "CWE-94"], "affected_products": [], "references": [{"url": "https://code-projects.org/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/zulu225588/zulu-loudong/issues/2", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/794332", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356559", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/356559/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-10T03:16:04.497", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0003, "epss_percentile": 0.0845, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}, {"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 7, "ats_level": "INFO", "ats_breakdown": {"severity": 7.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34851", "description": "Race condition vulnerability in the event notification module.\nImpact: Successful exploitation of this vulnerability may affect availability.", "cvss_score": 2.2, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L", "cvss_severity": "LOW", "cwes": ["CWE-362"], "affected_products": [], "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2026/4/", "source": "psirt@huawei.com", "tags": []}, {"url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/4/", "source": "psirt@huawei.com", "tags": []}], "published": "2026-04-13T04:16:11.513", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 6e-05, "epss_percentile": 0.00319, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}], "ats_score": 7, "ats_level": "INFO", "ats_breakdown": {"severity": 6.6, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-21006", "description": "Improper access control in Samsung DeX prior to SMR Apr-2026 Release 1 allows physical attackers to access to hidden notification contents.", "cvss_score": 2.4, "cvss_vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "cvss_severity": "LOW", "cwes": [], "affected_products": [{"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:-:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-apr-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-aug-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-dec-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-feb-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-feb-2026-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-jan-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-jan-2026-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-jul-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-jun-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-mar-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-mar-2026-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-may-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-nov-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-oct-2025-r1:*:*:*:*:*:*"}, {"vendor": "samsung", "product": "android", "cpe": "cpe:2.3:o:samsung:android:15.0:smr-sep-2025-r1:*:*:*:*:*:*"}], "references": [{"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=04", "source": "mobile.security@samsung.com", "tags": ["Vendor Advisory"]}], "published": "2026-04-13T06:16:05.003", "last_modified": "2026-04-13T18:38:14.630", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0002, "epss_percentile": 0.05337, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 7, "ats_level": "INFO", "ats_breakdown": {"severity": 7.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6184", "description": "A weakness has been identified in code-projects Simple Content Management System 1.0. This affects an unknown part of the file /web/admin/welcome.php. Executing a manipulation of the argument News Title can lead to cross site scripting. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.", "cvss_score": 2.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", "cvss_severity": "LOW", "cwes": ["CWE-79", "CWE-94"], "affected_products": [], "references": [{"url": "https://code-projects.org/", "source": "cna@vuldb.com", "tags": []}, {"url": "https://github.com/Xmyronn/simple-cms-stored-xss-news-title", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/submit/797265", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357107", "source": "cna@vuldb.com", "tags": []}, {"url": "https://vuldb.com/vuln/357107/cti", "source": "cna@vuldb.com", "tags": []}], "published": "2026-04-13T16:16:35.257", "last_modified": "2026-04-13T16:16:35.257", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0003, "epss_percentile": 0.0845, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}, {"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 7, "ats_level": "INFO", "ats_breakdown": {"severity": 7.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-21741", "description": "An URL Redirection to Untrusted Site ('Open Redirect') vulnerability [CWE-601] vulnerability in Fortinet FortiNAC-F 7.6.0 through 7.6.5, FortiNAC-F 7.4 all versions, FortiNAC-F 7.2 all versions may allow a remote privileged attacker with system administrator role to redirect users to an arbitrary website via crafted CSV file.", "cvss_score": 2.4, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", "cvss_severity": "LOW", "cwes": ["CWE-601"], "affected_products": [], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-118", "source": "psirt@fortinet.com", "tags": []}], "published": "2026-04-14T16:16:35.777", "last_modified": "2026-04-14T16:16:35.777", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 7, "ats_level": "INFO", "ats_breakdown": {"severity": 7.2, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27949", "description": "Plane is an an open-source project management tool. Prior to 1.3.0, a vulnerability was identified in Plane's authentication flow where a user's email address is included as a query parameter in the URL during error handling (e.g., when an invalid magic code is submitted). Transmitting personally identifiable information (PII) via GET request query strings is classified as an insecure design practice. The affected code path is located in the authentication utility module (packages/utils/src/auth.ts). This vulnerability is fixed in 1.3.0.", "cvss_score": 2.0, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N", "cvss_severity": "LOW", "cwes": ["CWE-200", "CWE-598"], "affected_products": [{"vendor": "plane", "product": "plane", "cpe": "cpe:2.3:a:plane:plane:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/makeplane/plane/security/advisories/GHSA-8rvg-7w43-p2w2", "source": "security-advisories@github.com", "tags": ["Vendor Advisory"]}], "published": "2026-04-07T21:17:15.400", "last_modified": "2026-04-14T18:44:46.493", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00033, "epss_percentile": 0.09525, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1005", "name": "Data from Local System", "tactic": "Collection"}], "ats_score": 6, "ats_level": "INFO", "ats_breakdown": {"severity": 6.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34850", "description": "Race condition vulnerability in the notification service.\nImpact: Successful exploitation of this vulnerability may affect availability.", "cvss_score": 1.9, "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L", "cvss_severity": "LOW", "cwes": ["CWE-362"], "affected_products": [], "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2026/4/", "source": "psirt@huawei.com", "tags": []}, {"url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/4/", "source": "psirt@huawei.com", "tags": []}], "published": "2026-04-13T04:16:07.767", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 5e-05, "epss_percentile": 0.00262, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}], "ats_score": 6, "ats_level": "INFO", "ats_breakdown": {"severity": 5.7, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-27675", "description": "SAP Landscape Transformation contains a vulnerability in an RFC-exposed function module that could allow a high privileged adversary to inject arbitrary ABAP code and operating system commands. Due to this, some information could be modified, but the attacker does not have control over kind or degree. This leads to a low impact on integrity, while confidentiality and availability are not impacted.", "cvss_score": 2.0, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N", "cvss_severity": "LOW", "cwes": ["CWE-94"], "affected_products": [], "references": [{"url": "https://me.sap.com/notes/3723097", "source": "cna@sap.com", "tags": []}, {"url": "https://url.sap/sapsecuritypatchday", "source": "cna@sap.com", "tags": []}], "published": "2026-04-14T00:16:05.823", "last_modified": "2026-04-14T00:16:05.823", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00028, "epss_percentile": 0.07801, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 6, "ats_level": "INFO", "ats_breakdown": {"severity": 6.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39987", "description": "marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSocket endpoints (e.g., /ws) that correctly call validate_auth() for authentication, the /terminal/ws endpoint only checks the running mode and platform support before accepting connections, completely skipping authentication verification. This vulnerability is fixed in 0.23.0.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-306"], "affected_products": [], "references": [{"url": "https://github.com/marimo-team/marimo/commit/c24d4806398f30be6b12acd6c60d1d7c68cfd12a", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/marimo-team/marimo/pull/9098", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/marimo-team/marimo/security/advisories/GHSA-2679-6mx9-h9xc", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-09T18:17:02.807", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.02704, "epss_percentile": 0.85894, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 1, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.7, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32236", "description": "Backstage is an open framework for building developer portals. Prior to 0.27.1, a Server-Side Request Forgery (SSRF) vulnerability exists in @backstage/plugin-auth-backend when auth.experimentalClientIdMetadataDocuments.enabled is set to true. The CIMD\nmetadata fetch validates the initial client_id hostname against private IP ranges but does not apply the same validation after HTTP redirects. The practical impact is limited. The attacker cannot read the response body from the internal request, cannot control request headers or method, and the feature must be explicitly enabled via an experimental flag that is off by default. Deployments that restrict allowedClientIdPatterns to specific trusted domains are not affected. Patched in @backstage/plugin-auth-backend version 0.27.1.", "cvss_score": 0.0, "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N", "cvss_severity": "NONE", "cwes": ["CWE-918"], "affected_products": [{"vendor": "linuxfoundation", "product": "backstage", "cpe": "cpe:2.3:a:linuxfoundation:backstage:*:*:*:*:*:*:*:*"}], "references": [{"url": "https://github.com/backstage/backstage/commit/17038abf2dfdb4abc08a59b1c95af39851de0e07", "source": "security-advisories@github.com", "tags": ["Patch"]}, {"url": "https://github.com/backstage/backstage/security/advisories/GHSA-qp4c-xg64-7c6x", "source": "security-advisories@github.com", "tags": ["Vendor Advisory"]}], "published": "2026-03-12T19:16:18.867", "last_modified": "2026-04-13T14:23:13.453", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00048, "epss_percentile": 0.14604, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1090", "name": "Proxy", "tactic": "Command and Control"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-23333", "description": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": [], "affected_products": [], "references": [], "published": "2026-03-25T11:16:30.780", "last_modified": "2026-04-13T14:16:09.077", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-1612", "description": "AL-KO Robolinho Update Software has hard-coded AWS Access and Secret keys that allow anyone to access AL-KO's AWS bucket. Using the keys directly might give the attacker greater access than the app itself. Key grants AT LEAST read access to some of the objects in bucket.\n\nThe vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only versions 8.0.21.0610 and 8.0.22.0524 were tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-798"], "affected_products": [], "references": [{"url": "https://cert.pl/en/posts/2026/03/CVE-2026-1612", "source": "cvd@cert.pl", "tags": []}], "published": "2026-03-30T11:16:04.557", "last_modified": "2026-04-13T08:16:22.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00054, "epss_percentile": 0.16769, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1078.001", "name": "Default Accounts", "tactic": "Initial Access"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-23471", "description": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": [], "affected_products": [], "references": [], "published": "2026-04-03T16:16:34.773", "last_modified": "2026-04-13T14:16:09.590", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35578", "description": "Rejected reason: This CVE is a duplicate of another CVE.** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2026-39940.  Reason: This candidate is a reservation duplicate of CVE-2026-39940.  Notes: All CVE users should reference CVE-2026-39940 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": [], "affected_products": [], "references": [], "published": "2026-04-07T17:16:33.133", "last_modified": "2026-04-13T17:16:28.780", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39602", "description": "Missing Authorization vulnerability in Rustaurius Order Tracking order-tracking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Tracking: from n/a through <= 3.4.3.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/order-tracking/vulnerability/wordpress-order-tracking-plugin-3-4-3-broken-access-control-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:29.340", "last_modified": "2026-04-13T20:16:36.800", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00022, "epss_percentile": 0.05956, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39689", "description": "Missing Authorization vulnerability in eshipper eShipper Commerce eshipper-commerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects eShipper Commerce: from n/a through <= 2.16.12.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/eshipper-commerce/vulnerability/wordpress-eshipper-commerce-plugin-2-16-12-broken-access-control-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": []}], "published": "2026-04-08T09:16:40.937", "last_modified": "2026-04-13T20:16:41.450", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00022, "epss_percentile": 0.05956, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5883", "description": "Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-416"], "affected_products": [], "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html", "source": "chrome-cve-admin@google.com", "tags": []}, {"url": "https://issues.chromium.org/issues/482958590", "source": "chrome-cve-admin@google.com", "tags": []}], "published": "2026-04-08T22:16:27.940", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0005, "epss_percentile": 0.15219, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5890", "description": "Race in WebCodecs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-362"], "affected_products": [], "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html", "source": "chrome-cve-admin@google.com", "tags": []}, {"url": "https://issues.chromium.org/issues/487259772", "source": "chrome-cve-admin@google.com", "tags": []}], "published": "2026-04-08T22:16:28.873", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00038, "epss_percentile": 0.11386, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-3199", "description": "A vulnerability in the task management component of Sonatype Nexus Repository versions 3.22.1 through 3.90.2 allows an authenticated attacker with task creation permissions to execute arbitrary code, bypassing the nexus.scripts.allowCreation security control.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-502"], "affected_products": [], "references": [{"url": "https://help.sonatype.com/en/sonatype-nexus-repository-3-91-0-release-notes.html", "source": "103e4ec9-0a87-450b-af77-479448ddef11", "tags": []}, {"url": "https://support.sonatype.com/hc/en-us/articles/50615414548499", "source": "103e4ec9-0a87-450b-af77-479448ddef11", "tags": []}], "published": "2026-04-08T23:16:59.160", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00081, "epss_percentile": 0.23907, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-3438", "description": "A reflected cross-site scripting vulnerability exists in Sonatype Nexus Repository versions 3.0.0 through 3.90.2 that allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted URL. Exploitation requires user interaction.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://help.sonatype.com/en/sonatype-nexus-repository-3-91-0-release-notes.html", "source": "103e4ec9-0a87-450b-af77-479448ddef11", "tags": []}, {"url": "https://support.sonatype.com/hc/en-us/articles/50609137161363", "source": "103e4ec9-0a87-450b-af77-479448ddef11", "tags": []}], "published": "2026-04-08T23:16:59.410", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00303, "epss_percentile": 0.53575, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34184", "description": "Hydrosystem Control System does not enforce authorization for some directories. This allows an unauthorized attacker to read all files in these directories and even execute some of them. Critically the attacker could run PHP scripts directly on the connected database.This issue was fixed in Hydrosystem Control System version 9.8.5", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://cert.pl/posts/2026/04/CVE-2026-4901/", "source": "cvd@cert.pl", "tags": []}, {"url": "https://www.hydrosystem.poznan.pl/", "source": "cvd@cert.pl", "tags": []}], "published": "2026-04-09T10:16:22.110", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00041, "epss_percentile": 0.12288, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34185", "description": "Hydrosystem Control System is vulnerable to SQL Injection across most scripts and input parameters. Because no protections are in place, an authenticated attacker can inject arbitrary SQL commands, potentially gaining full control over the database.This issue was fixed in Hydrosystem Control System version 9.8.5", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-89"], "affected_products": [], "references": [{"url": "https://cert.pl/posts/2026/04/CVE-2026-4901/", "source": "cvd@cert.pl", "tags": []}, {"url": "https://www.hydrosystem.poznan.pl/", "source": "cvd@cert.pl", "tags": []}], "published": "2026-04-09T10:16:22.260", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0003, "epss_percentile": 0.08432, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4901", "description": "Hydrosystem Control System saves sensitive information into a log file. Critically, user credentials are logged allowing the attacker to obtain further authorized access into the system. Combined with vulnerability CVE-2026-34184, these sensitive information could be accessed by an unauthorized user.This issue was fixed in Hydrosystem Control System version 9.8.5", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-532"], "affected_products": [], "references": [{"url": "https://cert.pl/posts/2026/04/CVE-2026-4901/", "source": "cvd@cert.pl", "tags": []}, {"url": "https://www.hydrosystem.poznan.pl/", "source": "cvd@cert.pl", "tags": []}], "published": "2026-04-09T10:16:22.543", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00039, "epss_percentile": 0.11461, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1005", "name": "Data from Local System", "tactic": "Collection"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4112", "description": "Improper neutralization of special elements used in an SQL command (“SQL Injection”) in SonicWall SMA1000 series appliances allows a remote authenticated attacker with read-only administrator privileges to escalate privileges to primary administrator.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-89"], "affected_products": [], "references": [{"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0003", "source": "PSIRT@sonicwall.com", "tags": []}], "published": "2026-04-09T15:16:13.517", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00055, "epss_percentile": 0.17052, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4114", "description": "Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN admin to bypass AMC TOTP authentication.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-176"], "affected_products": [], "references": [{"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0003", "source": "PSIRT@sonicwall.com", "tags": []}], "published": "2026-04-09T15:16:13.817", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00033, "epss_percentile": 0.09447, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-14551", "description": "In Ubuntu, Subiquity version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, Subiquity could include certain user credentials, such as the user's plaintext Wi-Fi password, in the attached logs.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-1258"], "affected_products": [], "references": [{"url": "https://github.com/canonical/subiquity/pull/2357", "source": "security@ubuntu.com", "tags": []}, {"url": "https://github.com/canonical/subiquity/pull/2358", "source": "security@ubuntu.com", "tags": []}], "published": "2026-04-09T16:16:23.890", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00042, "epss_percentile": 0.12712, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-15480", "description": "In Ubuntu, ubuntu-desktop-provision version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, ubuntu-desktop-provision could include the user's password hash in the attached logs.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-1258"], "affected_products": [], "references": [{"url": "https://github.com/canonical/ubuntu-desktop-provision/pull/1399", "source": "security@ubuntu.com", "tags": []}, {"url": "https://github.com/canonical/ubuntu-desktop-provision/pull/1400", "source": "security@ubuntu.com", "tags": []}], "published": "2026-04-09T16:16:25.250", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00042, "epss_percentile": 0.12712, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35204", "description": "Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, a specially crafted Helm plugin, when installed or updated, will cause Helm to write the contents of the plugin to an arbitrary filesystem location. To prevent this, validate that the plugin.yaml of the Helm plugin does not include a version: field containing POSIX dot-dot path separators ie. \"/../\". This vulnerability is fixed in 4.1.4.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-22"], "affected_products": [], "references": [{"url": "https://github.com/helm/helm/commit/36c8539e99bc42d7aef9b87d136254662d04f027", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/helm/helm/releases/tag/v4.1.4", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/helm/helm/security/advisories/GHSA-vmx8-mqv2-9gmg", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-09T16:16:27.550", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00013, "epss_percentile": 0.02104, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1083", "name": "File and Directory Discovery", "tactic": "Discovery"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35205", "description": "Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, Helm will install plugins missing provenance (.prov file) when signature verification is required. This vulnerability is fixed in 4.1.4.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-636"], "affected_products": [], "references": [{"url": "https://github.com/helm/helm/commit/05fa37973dc9e42b76e1d2883494c87174b6074f", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/helm/helm/releases/tag/v4.1.4", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/helm/helm/security/advisories/GHSA-q5jf-9vfq-h4h7", "source": "security-advisories@github.com", "tags": []}, {"url": "https://helm.sh/docs/topics/provenance/#the-provenance-file", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-09T16:16:27.720", "last_modified": "2026-04-13T15:02:47.353", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00014, "epss_percentile": 0.02442, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39957", "description": "Lychee is a free, open-source photo-management tool. Prior to 7.5.4, a SQL operator-precedence bug in SharingController::listAll() causes the orWhereNotNull('user_group_id') clause to escape the ownership filter applied by the when() block. Any authenticated non-admin user with upload permission who owns at least one album can retrieve all user-group-based sharing permissions across the entire instance, including private albums owned by other users. This vulnerability is fixed in 7.5.4.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-863"], "affected_products": [], "references": [{"url": "https://github.com/LycheeOrg/Lychee/commit/76a3f0513eca6458bf7f8c337c1ad65e59b22bcb", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/LycheeOrg/Lychee/pull/4264", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/LycheeOrg/Lychee/security/advisories/GHSA-4v4c-g2jv-4g25", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-09T17:16:30.110", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0003, "epss_percentile": 0.08375, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39962", "description": "MISP is an open source threat intelligence and sharing platform. Prior to 2.5.36, improper neutralization of special elements in an LDAP query in ApacheAuthenticate.php allows LDAP injection via an unsanitized username value when ApacheAuthenticate.apacheEnv is configured to use a user-controlled server variable instead of REMOTE_USER (such as in certain proxy setups). An attacker able to control that value can manipulate the LDAP search filter and potentially bypass authentication constraints or cause unauthorized LDAP queries. This vulnerability is fixed in 2.5.36.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-90"], "affected_products": [], "references": [{"url": "https://github.com/MISP/MISP/commit/380ee4136a7d9ce2fe63fce06d517839f30aba10", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/MISP/MISP/commit/d7d671ea8f5822e91207dcad2003c35c30092a32", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/MISP/MISP/releases/tag/v2.5.36", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/MISP/MISP/security/advisories/GHSA-mc53-48w8-9g63", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-09T17:16:30.600", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00135, "epss_percentile": 0.33193, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39972", "description": "Mercure is a protocol for pushing data updates to web browsers and other HTTP clients in a battery-efficient way. Prior to 0.22.0, a cache key collision vulnerability in TopicSelectorStore allows an attacker to poison the match result cache, potentially causing private updates to be delivered to unauthorized subscribers or blocking delivery to authorized ones. The cache key was constructed by concatenating the topic selector and topic with an underscore separator. Because both topic selectors and topics can contain underscores, two distinct pairs can produce the same key. An attacker who can subscribe to the hub or publish updates with crafted topic names can exploit this to bypass authorization checks on private updates. This vulnerability is fixed in 0.22.0.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-1289"], "affected_products": [], "references": [{"url": "https://github.com/dunglas/mercure/commit/4964a69be904fd61e35b5f1e691271663b6fdd64", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/dunglas/mercure/security/advisories/GHSA-hwr4-mq23-wcv5", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-09T17:16:30.770", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00084, "epss_percentile": 0.2443, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40072", "description": "web3.py allows you to interact with the Ethereum blockchain using Python. From 6.0.0b3 to before 7.15.0 and 8.0.0b2, web3.py implements CCIP Read / OffchainLookup (EIP-3668) by performing HTTP requests to URLs supplied by smart contracts in offchain_lookup_payload[\"urls\"]. The implementation uses these contract-supplied URLs directly (after {sender} / {data} template substitution) without any destination validation. CCIP Read is enabled by default (global_ccip_read_enabled = True on all providers), meaning any application using web3.py's .call() method is exposed without explicit opt-in. This results in Server-Side Request Forgery (SSRF) when web3.py is used in backend services, indexers, APIs, or any environment that performs eth_call / .call() against untrusted or user-supplied contract addresses. A malicious contract can force the web3.py process to issue HTTP requests to arbitrary destinations, including internal network services and cloud metadata endpoints. This vulnerability is fixed in 7.15.0 and 8.0.0b2.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-918"], "affected_products": [], "references": [{"url": "https://github.com/ethereum/web3.py/commit/b1c57bb0a124359c9902daaefab4d8af7c3c4c1e", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/ethereum/web3.py/security/advisories/GHSA-5hr4-253g-cpx2", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-09T18:17:03.510", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00041, "epss_percentile": 0.12288, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1090", "name": "Proxy", "tactic": "Command and Control"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-28205", "description": "OpenPLC_V3 is vulnerable to an Initialization of a Resource with an Insecure Default vulnerability which could allow an attacker to gain access to the system by bypassing authentication via an API.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-1188"], "affected_products": [], "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-10", "source": "ics-cert@hq.dhs.gov", "tags": []}], "published": "2026-04-09T19:16:23.370", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00073, "epss_percentile": 0.22038, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34941", "description": "Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime contains a vulnerability where when transcoding a UTF-16 string to the latin1+utf16 component-model encoding it would incorrectly validate the byte length of the input string when performing a bounds check. Specifically the number of code units were checked instead of the byte length, which is twice the size of the code units. This vulnerability can cause the host to read beyond the end of a WebAssembly's linear memory in an attempt to transcode nonexistent bytes. In Wasmtime's default configuration this will read unmapped memory on a guard page, terminating the process with a segfault. Wasmtime can be configured, however, without guard pages which would mean that host memory beyond the end of linear memory may be read and interpreted as UTF-16. A host segfault is a denial-of-service vulnerability in Wasmtime, and possibly being able to read beyond the end of linear memory is additionally a vulnerability. Note that reading beyond the end of linear memory requires nonstandard configuration of Wasmtime, specifically with guard pages disabled. This vulnerability is fixed in 24.0.7, 36.0.7, 42.0.2, and 43.0.1.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-125"], "affected_products": [], "references": [{"url": "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-hx6p-xpx3-jvvv", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-09T19:16:23.693", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00014, "epss_percentile": 0.0253, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34942", "description": "Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime's implementation of transcoding strings into the Component Model's utf16 or latin1+utf16 encodings improperly verified the alignment of reallocated strings. This meant that unaligned pointers could be passed to the host for transcoding which would trigger a host panic. This panic is possible to trigger from malicious guests which transfer very specific strings across components with specific addresses. Host panics are considered a DoS vector in Wasmtime as the panic conditions are controlled by the guest in this situation. This vulnerability is fixed in 24.0.7, 36.0.7, 42.0.2, and 43.0.1.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-129"], "affected_products": [], "references": [{"url": "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-jxhv-7h78-9775", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-09T19:16:23.857", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00014, "epss_percentile": 0.0253, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34943", "description": "Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime contains a possible panic which can happen when a flags-typed component model value is lifted with the Val type. If bits are set outside of the set of flags the component model specifies that these bits should be ignored but Wasmtime will panic when this value is lifted. This panic only affects wasmtime's implementation of lifting into Val, not when using the flags! macro. This additionally only affects flags-typed values which are part of a WIT interface. This has the risk of being a guest-controlled panic within the host which Wasmtime considers a DoS vector. This vulnerability is fixed in 24.0.7, 36.0.7, 42.0.2, and 43.0.1.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-248"], "affected_products": [], "references": [{"url": "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-m758-wjhj-p3jq", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-09T19:16:24.020", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00012, "epss_percentile": 0.01518, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34944", "description": "Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, On x86-64 platforms with SSE3 disabled Wasmtime's compilation of the f64x2.splat WebAssembly instruction with Cranelift may load 8 more bytes than is necessary. When signals-based-traps are disabled this can result in a uncaught segfault due to loading from unmapped guard pages. With guard pages disabled it's possible for out-of-sandbox data to be loaded, but this data is not visible to WebAssembly guests. This vulnerability is fixed in 24.0.7, 36.0.7, 42.0.2, and 43.0.1.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-248"], "affected_products": [], "references": [{"url": "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-qqfj-4vcm-26hv", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-09T19:16:24.187", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 6e-05, "epss_percentile": 0.0031, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34945", "description": "Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Winch compiler contains a bug where a 64-bit table, part of the memory64 proposal of WebAssembly, incorrectly translated the table.size instruction. This bug could lead to disclosing data on the host's stack to WebAssembly guests. The host's stack can possibly contain sensitive data related to other host-originating operations which is not intended to be disclosed to guests. This bug specifically arose from a mistake where the return value of table.size was statically typed as a 32-bit integer, as opposed to consulting the table's index type to see how large the returned register could be. When combined with details about Wnich's ABI, such as multi-value returns, this can be combined to read stack data from the host, within a guest. This vulnerability is fixed in 36.0.7, 42.0.2, and 43.0.1.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-681"], "affected_products": [], "references": [{"url": "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-m9w2-8782-2946", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-09T19:16:24.330", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00014, "epss_percentile": 0.0253, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34946", "description": "Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Winch compiler contains a vulnerability where the compilation of the table.fill instruction can result in a host panic. This means that a valid guest can be compiled with Winch, on any architecture, and cause the host to panic. This represents a denial-of-service vulnerability in Wasmtime due to guests being able to trigger a panic. The specific issue is that a historical refactoring changed how compiled code referenced tables within the table.* instructions. This refactoring forgot to update the Winch code paths associated as well, meaning that Winch was using the wrong indexing scheme. Due to the feature support of Winch the only problem that can result is tables being mixed up or nonexistent tables being used, meaning that the guest is limited to panicking the host (using a nonexistent table), or executing spec-incorrect behavior and modifying the wrong table. This vulnerability is fixed in 36.0.7, 42.0.2, and 43.0.1.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-670"], "affected_products": [], "references": [{"url": "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-q49f-xg75-m9xw", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-09T19:16:24.490", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00014, "epss_percentile": 0.0253, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34983", "description": "Wasmtime is a runtime for WebAssembly. In 43.0.0, cloning a wasmtime::Linker is unsound and can result in use-after-free bugs. This bug is not controllable by guest Wasm programs. It can only be triggered by a specific sequence of embedder API calls made by the host. Specifically, the following steps must occur to trigger the bug clone a wasmtime::Linker, drop the original linker instance, use the new, cloned linker instance, resulting in a use-after-free. This vulnerability is fixed in 43.0.1.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-416"], "affected_products": [], "references": [{"url": "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-hfr4-7c6c-48w2", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-hfr4-7c6c-48w2", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": []}], "published": "2026-04-09T19:16:24.850", "last_modified": "2026-04-13T16:16:28.560", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00017, "epss_percentile": 0.04018, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34987", "description": "Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime with its Winch (baseline) non-default compiler backend may allow properly constructed guest Wasm to access host memory outside of its linear-memory sandbox. This vulnerability requires use of the Winch compiler (-Ccompiler=winch). By default, Wasmtime uses its Cranelift backend, not Winch. With Winch, the same incorrect assumption is present in theory on both aarch64 and x86-64. The aarch64 case has an observed-working proof of concept, while the x86-64 case is theoretical and may not be reachable in practice. This Winch compiler bug can allow the Wasm guest to access memory before or after the linear-memory region, independently of whether pre- or post-guard regions are configured. The accessible range in the initial bug proof-of-concept is up to 32KiB before the start of memory, or ~4GiB after the start of memory, independently of the size of pre- or post-guard regions or the use of explicit or guard-region-based bounds checking. However, the underlying bug assumes a 32-bit memory offset stored in a 64-bit register has its upper bits cleared when it may not, and so closely related variants of the initial proof-of-concept may be able to access truly arbitrary memory in-process. This could result in a host process segmentation fault (DoS), an arbitrary data leak from the host process, or with a write, potentially an arbitrary RCE. This vulnerability is fixed in 36.0.7, 42.0.2, and 43.0.1.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-125", "CWE-787"], "affected_products": [], "references": [{"url": "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-xx5w-cvp6-jv83", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-09T19:16:25.000", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00042, "epss_percentile": 0.12568, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34988", "description": "Wasmtime is a runtime for WebAssembly. From 28.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's implementation of its pooling allocator contains a bug where in certain configurations the contents of linear memory can be leaked from one instance to the next. The implementation of resetting the virtual memory permissions for linear memory used the wrong predicate to determine if resetting was necessary, where the compilation process used a different predicate. This divergence meant that the pooling allocator incorrectly deduced at runtime that resetting virtual memory permissions was not necessary while compile-time determine that virtual memory could be relied upon. The pooling allocator must be in use, Config::memory_guard_size configuration option must be 0, Config::memory_reservation configuration must be less than 4GiB, and pooling allocator must be configured with max_memory_size the same as the memory_reservation value in order to exploit this vulnerability. If all of these conditions are applicable then when a linear memory is reused the VM permissions of the previous iteration are not reset. This means that the compiled code, which is assuming out-of-bounds loads will segfault, will not actually segfault and can read the previous contents of linear memory if it was previously mapped. This represents a data leakage vulnerability between guest WebAssembly instances which breaks WebAssembly's semantics and additionally breaks the sandbox that Wasmtime provides. Wasmtime is not vulnerable to this issue with its default settings, nor with the default settings of the pooling allocator, but embeddings are still allowed to configure these values to cause this vulnerability. This vulnerability is fixed in 36.0.7, 42.0.2, and 43.0.1.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-119"], "affected_products": [], "references": [{"url": "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-6wgr-89rj-399p", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-09T19:16:25.160", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00011, "epss_percentile": 0.01216, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35195", "description": "Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime's implementation of transcoding strings between components contains a bug where the return value of a guest component's realloc is not validated before the host attempts to write through the pointer. This enables a guest to cause the host to write arbitrary transcoded string bytes to an arbitrary location up to 4GiB away from the base of linear memory. These writes on the host could hit unmapped memory or could corrupt host data structures depending on Wasmtime's configuration. Wasmtime by default reserves 4GiB of virtual memory for a guest's linear memory meaning that this bug will by default on hosts cause the host to hit unmapped memory and abort the process due to an unhandled fault. Wasmtime can be configured, however, to reserve less memory for a guest and to remove all guard pages, so some configurations of Wasmtime may lead to corruption of data outside of a guest's linear memory, such as host data structures or other guests's linear memories. This vulnerability is fixed in 24.0.7, 36.0.7, 42.0.2, and 43.0.1.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-787"], "affected_products": [], "references": [{"url": "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-394w-hwhg-8vgm", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-09T19:16:25.500", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00014, "epss_percentile": 0.0253, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35556", "description": "OpenPLC_V3 is vulnerable to a Plaintext Storage of a Password vulnerability that could allow an attacker to retrieve credentials and access sensitive information.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-256"], "affected_products": [], "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-10", "source": "ics-cert@hq.dhs.gov", "tags": []}], "published": "2026-04-09T19:16:25.663", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00041, "epss_percentile": 0.12288, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35063", "description": "OpenPLC_V3 REST API endpoint checks for JWT presence but never verifies the caller's role. Any authenticated user with role=user can delete any other user, including administrators, by specifying their user ID or they can create new accounts with role=admin, escalating to full administrator access.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-862"], "affected_products": [], "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-10", "source": "ics-cert@hq.dhs.gov", "tags": []}], "published": "2026-04-09T20:16:25.833", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00038, "epss_percentile": 0.11431, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39977", "description": "flatpak-builder is a tool to build flatpaks from source. From 1.4.5 to before 1.4.8, the license-files manifest key takes an array of paths to user defined licence files relative to the source directory of the module. The paths from that array are resolved using g_file_resolve_relative_path() and validated to stay inside the source directory using two checks - g_file_get_relative_path() which does not resolve symlinks and g_file_query_file_type() with G_FILE_QUERY_INFO_NOFOLLOW_SYMLINKS which only applies to the final path component. The copy operation runs on host. This can be exploited by using a crafted manifest and/or source to read arbitrary files from the host and capture them into the build output. This vulnerability is fixed in 1.4.8.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-22"], "affected_products": [], "references": [{"url": "https://github.com/flatpak/flatpak-builder/security/advisories/GHSA-6gm9-3g7m-3965", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-09T20:16:26.660", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00046, "epss_percentile": 0.14083, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1083", "name": "File and Directory Discovery", "tactic": "Discovery"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5187", "description": "Two potential heap out-of-bounds write locations existed in DecodeObjectId() in wolfcrypt/src/asn.c. First, a bounds check only validates one available slot before writing two OID arc values (out[0] and out[1]), enabling a 2-byte out-of-bounds write when outSz equals 1. Second, multiple callers pass sizeof(decOid) (64 bytes on 64-bit platforms) instead of the element count MAX_OID_SZ (32), causing the function to accept crafted OIDs with 33 or more arcs that write past the end of the allocated buffer.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-122", "CWE-787"], "affected_products": [], "references": [{"url": "https://github.com/wolfSSL/wolfssl", "source": "facts@wolfssl.com", "tags": []}], "published": "2026-04-09T20:16:28.233", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00042, "epss_percentile": 0.12568, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5194", "description": "Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA certificates, or smaller than is appropriate for the relevant key type, to be accepted by signature verification functions. This could lead to reduced security of ECDSA certificate-based authentication if the public CA key used is also known. This affects ECDSA/ECC verification when EdDSA or ML-DSA is also enabled.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-295"], "affected_products": [], "references": [{"url": "https://github.com/wolfSSL/wolfssl/pull/10131", "source": "facts@wolfssl.com", "tags": []}], "published": "2026-04-09T20:16:28.420", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00035, "epss_percentile": 0.10244, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1557", "name": "Adversary-in-the-Middle", "tactic": "Credential Access"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-35206", "description": "Helm is a package manager for Charts for Kubernetes. In Helm versions <=3.20.1 and <=4.1.3, a specially crafted Chart will cause helm pull --untar  [chart URL | repo/chartname] to write the Chart's contents to the immediate output directory (as defaulted to the current working directory; or as given by the --destination and --untardir flags), rather than the expected output directory suffixed by the chart's name. This vulnerability is fixed in 3.20.2 and 4.1.4.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-22"], "affected_products": [], "references": [{"url": "https://github.com/helm/helm/commit/4e7994d4467182f535b6797c94b5b0e994a91436", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/helm/helm/releases/tag/v4.1.4", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/helm/helm/security/advisories/GHSA-hr2v-4r36-88hr", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-09T21:16:09.993", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00013, "epss_percentile": 0.02104, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1083", "name": "File and Directory Discovery", "tactic": "Discovery"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40107", "description": "SiYuan is a personal knowledge management system. Prior to 3.6.4, SiYuan configures Mermaid.js with securityLevel: \"loose\" and htmlLabels: true. In this mode, <img> tags with src attributes survive Mermaid's internal DOMPurify and land in SVG <foreignObject> blocks. The SVG is injected via innerHTML with no secondary sanitization. When a victim opens a note containing a malicious Mermaid diagram, the Electron client fetches the URL. On Windows, a protocol-relative URL (//attacker.com/image.png) resolves as a UNC path (\\\\attacker.com\\image.png). Windows attempts SMB authentication automatically, sending the victim's NTLMv2 hash to the attacker. This vulnerability is fixed in 3.6.4.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-918"], "affected_products": [], "references": [{"url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-w95v-4h65-j455", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-09T21:16:12.123", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0005, "epss_percentile": 0.15212, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1090", "name": "Proxy", "tactic": "Command and Control"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5446", "description": "In wolfSSL, ARIA-GCM cipher suites used in TLS 1.2 and DTLS 1.2 reuse an identical 12-byte GCM nonce for every application-data record. Because wc_AriaEncrypt is stateless and passes the caller-supplied IV verbatim to the MagicCrypto SDK with no internal counter, and because the explicit IV is zero-initialized at session setup and never incremented in non-FIPS builds. This vulnerability affects wolfSSL builds configured with --enable-aria and the proprietary MagicCrypto SDK (a non-default, opt-in configuration required for Korean regulatory deployments). AES-GCM is not affected because wc_AesGcmEncrypt_ex maintains an internal invocation counter independently of the call-site guard.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-323"], "affected_products": [], "references": [{"url": "https://github.com/wolfSSL/wolfssl/pull/10111", "source": "facts@wolfssl.com", "tags": []}], "published": "2026-04-09T21:16:12.980", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00042, "epss_percentile": 0.12568, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5447", "description": "Heap buffer overflow in CertFromX509 via AuthorityKeyIdentifier size confusion. A heap buffer overflow occurs when converting an X.509 certificate internally due to incorrect size handling of the AuthorityKeyIdentifier extension.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-122"], "affected_products": [], "references": [{"url": "https://github.com/wolfSSL/wolfssl/pull/10112", "source": "facts@wolfssl.com", "tags": []}], "published": "2026-04-09T21:16:13.150", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00033, "epss_percentile": 0.0931, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40111", "description": "PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he memory hooks executor in praisonaiagents passes a user-controlled command string directly to subprocess.run() with shell=True at src/praisonai-agents/praisonaiagents/memory/hooks.py. No sanitization is performed and shell metacharacters are interpreted by /bin/sh before the intended command executes. Two independent attack surfaces exist. The first is via pre_run_command and post_run_command hook event types registered through the hooks configuration. The second and more severe surface is the .praisonai/hooks.json lifecycle configuration, where hooks registered for events such as BEFORE_TOOL and AFTER_TOOL fire automatically during agent operation. An agent that gains file-write access through prompt injection can overwrite .praisonai/hooks.json and have its payload execute silently at every subsequent lifecycle event without further user interaction. This vulnerability is fixed in 1.5.128.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-78"], "affected_products": [], "references": [{"url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-v7px-3835-7gjx", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-v7px-3835-7gjx", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": []}], "published": "2026-04-09T22:16:34.560", "last_modified": "2026-04-13T16:16:31.623", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00022, "epss_percentile": 0.05886, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5263", "description": "URI nameConstraints from constrained intermediate CAs are parsed but not enforced during certificate chain verification in wolfcrypt/src/asn.c. A compromised or malicious sub-CA could issue leaf certificates with URI SAN entries that violate the nameConstraints of the issuing CA, and wolfSSL would accept them as valid.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-295"], "affected_products": [], "references": [{"url": "https://github.com/wolfSSL/wolfssl/pull/10048", "source": "facts@wolfssl.com", "tags": []}], "published": "2026-04-09T22:16:36.647", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0002, "epss_percentile": 0.05412, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1557", "name": "Adversary-in-the-Middle", "tactic": "Credential Access"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5264", "description": "Heap buffer overflow in DTLS 1.3 ACK message processing. A remote attacker can send a crafted DTLS 1.3 ACK message that triggers a heap buffer overflow.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-122"], "affected_products": [], "references": [{"url": "https://github.com/wolfssl/wolfssl/pull/10076", "source": "facts@wolfssl.com", "tags": []}], "published": "2026-04-09T22:16:36.790", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00183, "epss_percentile": 0.40064, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5772", "description": "A 1-byte stack buffer over-read was identified in the MatchDomainName function (src/internal.c) during wildcard hostname validation when the LEFT_MOST_WILDCARD_ONLY flag is active.  If a wildcard * exhausts the entire hostname string, the function reads one byte past the buffer without a bounds check, which could cause a crash.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-126"], "affected_products": [], "references": [{"url": "https://github.com/wolfSSL/wolfssl/pull/10119", "source": "facts@wolfssl.com", "tags": []}], "published": "2026-04-09T22:16:36.937", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00042, "epss_percentile": 0.12568, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5778", "description": "Integer underflow in wolfSSL packet sniffer <= 5.9.0 allows an attacker to cause a program crash in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by ssl_DecodePacket. The underflow wraps a 16-bit length to a large value that is passed to AEAD decryption routines, causing a large out-of-bounds read and crash. An unauthenticated attacker can trigger this remotely via malformed TLS Application Data records.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-191"], "affected_products": [], "references": [{"url": "https://github.com/wolfSSL/wolfssl/pull/10125", "source": "facts@wolfssl.com", "tags": []}], "published": "2026-04-09T22:16:37.097", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0006, "epss_percentile": 0.18676, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5295", "description": "A stack buffer overflow exists in wolfSSL's PKCS7 implementation in the wc_PKCS7_DecryptOri() function in wolfcrypt/src/pkcs7.c. When processing a CMS EnvelopedData message containing an OtherRecipientInfo (ORI) recipient, the function copies an ASN.1-parsed OID into a fixed 32-byte stack buffer (oriOID[MAX_OID_SZ]) via XMEMCPY without first validating that the parsed OID length does not exceed MAX_OID_SZ. A crafted CMS EnvelopedData message with an ORI recipient containing an OID longer than 32 bytes triggers a stack buffer overflow. Exploitation requires the library to be built with --enable-pkcs7 (disabled by default) and the application to have registered an ORI decrypt callback via wc_PKCS7_SetOriDecryptCb().", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-121"], "affected_products": [], "references": [{"url": "https://github.com/wolfSSL/wolfssl/pull/10116", "source": "facts@wolfssl.com", "tags": []}], "published": "2026-04-09T23:17:01.093", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00016, "epss_percentile": 0.03706, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5503", "description": "In TLSX_EchChangeSNI, the ctx->extensions branch set extensions unconditionally even when TLSX_Find returned NULL. This caused TLSX_UseSNI to attach the attacker-controlled publicName to the shared WOLFSSL_CTX when no inner SNI was configured. TLSX_EchRestoreSNI then failed to clean it up because its removal was gated on serverNameX != NULL. The inner ClientHello was sized before the pollution but written after it, causing TLSX_SNI_Write to memcpy 255 bytes past the allocation boundary.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-787"], "affected_products": [], "references": [{"url": "https://github.com/wolfSSL/wolfssl/pull/10102", "source": "facts@wolfssl.com", "tags": []}], "published": "2026-04-09T23:17:01.257", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00042, "epss_percentile": 0.12712, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5504", "description": "A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover plaintext through repeated decryption queries with modified ciphertext. In previous versions of wolfSSL the interior padding bytes are not validated.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-354"], "affected_products": [], "references": [{"url": "https://github.com/wolfSSL/wolfssl/pull/10088", "source": "facts@wolfssl.com", "tags": []}], "published": "2026-04-09T23:17:01.400", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00019, "epss_percentile": 0.0495, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5507", "description": "When restoring a session from cache, a pointer from the serialized session data is used in a free operation without validation. An attacker who can poison the session cache could trigger an arbitrary free. Exploitation requires the ability to inject a crafted session into the cache and for the application to call specific session restore APIs.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-502"], "affected_products": [], "references": [{"url": "https://github.com/wolfSSL/wolfssl/pull/10088", "source": "facts@wolfssl.com", "tags": []}], "published": "2026-04-09T23:17:01.543", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00016, "epss_percentile": 0.03636, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5392", "description": "Heap out-of-bounds read in PKCS7 parsing. A crafted PKCS7 message can trigger an OOB read on the heap. The missing bounds check is in the indefinite-length end-of-content verification loop in PKCS7_VerifySignedData().", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-125"], "affected_products": [], "references": [{"url": "https://github.com/wolfssl/wolfssl/pull/10039", "source": "facts@wolfssl.com", "tags": []}], "published": "2026-04-10T00:16:35.603", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00014, "epss_percentile": 0.02478, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5393", "description": "Dual-Algorithm CertificateVerify out-of-bounds read. When processing a dual-algorithm CertificateVerify message, an out-of-bounds read can occur on crafted input. This can only occur when --enable-experimental and --enable-dual-alg-certs is used when building wolfSSL.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-125"], "affected_products": [], "references": [{"url": "https://github.com/wolfSSL/wolfssl/pull/10079", "source": "facts@wolfssl.com", "tags": []}], "published": "2026-04-10T00:16:35.750", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00033, "epss_percentile": 0.0931, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5448", "description": "X.509 date buffer overflow in wolfSSL_X509_notAfter / wolfSSL_X509_notBefore. A buffer overflow may occur when parsing date fields from a crafted X.509 certificate via the compatibility layer API. This is only triggered when calling these two APIs directly from an application, and does not affect TLS or certificate verify operations in wolfSSL.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-122"], "affected_products": [], "references": [{"url": "https://github.com/wolfSSL/wolfssl/pull/10071", "source": "facts@wolfssl.com", "tags": []}], "published": "2026-04-10T00:16:35.890", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00015, "epss_percentile": 0.02783, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5460", "description": "A heap use-after-free exists in wolfSSL's TLS 1.3 post-quantum cryptography (PQC) hybrid KeyShare processing. In the error handling path of TLSX_KeyShare_ProcessPqcHybridClient() in src/tls.c, the inner function TLSX_KeyShare_ProcessPqcClient_ex() frees a KyberKey object upon encountering an error. The caller then invokes TLSX_KeyShare_FreeAll(), which attempts to call ForceZero() on the already-freed KyberKey, resulting in writes of zero bytes over freed heap memory.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-416"], "affected_products": [], "references": [{"url": "https://github.com/wolfssl/wolfssl/pull/10092", "source": "facts@wolfssl.com", "tags": []}], "published": "2026-04-10T00:16:36.033", "last_modified": "2026-04-13T15:02:27.760", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00042, "epss_percentile": 0.12712, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5188", "description": "An integer underflow issue exists in wolfSSL when parsing the Subject Alternative Name (SAN) extension of X.509 certificates. A malformed certificate can specify an entry length larger than the enclosing sequence, causing the internal length counter to wrap during parsing. This results in incorrect handling of certificate data. The issue is limited to configurations using the original ASN.1 parsing implementation which is off by default.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-191"], "affected_products": [], "references": [{"url": "https://github.com/wolfSSL/wolfssl/pull/10024", "source": "facts@wolfssl.com", "tags": []}], "published": "2026-04-10T04:17:15.700", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00028, "epss_percentile": 0.07727, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5466", "description": "wolfSSL's ECCSI signature verifier `wc_VerifyEccsiHash` decodes the `r` and `s` scalars from the signature blob via `mp_read_unsigned_bin` with no check that they lie in `[1, q-1]`. A crafted forged signature could verify against any message for any identity, using only publicly-known constants.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-347"], "affected_products": [], "references": [{"url": "https://github.com/wolfssl/wolfssl/pull/10102", "source": "facts@wolfssl.com", "tags": []}], "published": "2026-04-10T04:17:16.420", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00011, "epss_percentile": 0.01426, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5479", "description": "In wolfSSL's EVP layer, the ChaCha20-Poly1305 AEAD decryption path in wolfSSL_EVP_CipherFinal (and related EVP cipher finalization functions) fails to verify the authentication tag before returning plaintext to the caller. When an application uses the EVP API to perform ChaCha20-Poly1305 decryption, the implementation computes or accepts the tag but does not compare it against the expected value.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-354"], "affected_products": [], "references": [{"url": "https://github.com/wolfSSL/wolfssl/pull/10102", "source": "facts@wolfssl.com", "tags": []}], "published": "2026-04-10T04:17:16.930", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 7e-05, "epss_percentile": 0.00506, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5500", "description": "wolfSSL's wc_PKCS7_DecodeAuthEnvelopedData() does not properly sanitize the AES-GCM authentication tag length received and has no lower bounds check. A man-in-the-middle can therefore truncate the mac field from 16 bytes to 1 byte, reducing the tag check from 2⁻¹²⁸ to 2⁻⁸.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-20"], "affected_products": [], "references": [{"url": "https://github.com/wolfSSL/wolfssl/pull/10102", "source": "facts@wolfssl.com", "tags": []}], "published": "2026-04-10T04:17:17.080", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00133, "epss_percentile": 0.32808, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5501", "description": "wolfSSL_X509_verify_cert in the OpenSSL compatibility layer accepts a certificate chain in which the leaf's signature is not checked, if the attacker supplies an untrusted intermediate with Basic Constraints `CA:FALSE` that is legitimately signed by a trusted root. An attacker who obtains any leaf certificate from a trusted CA (e.g. a free DV cert from Let's Encrypt) can forge a certificate for any subject name with any public key and arbitrary signature bytes, and the function returns `WOLFSSL_SUCCESS` / `X509_V_OK`. The native wolfSSL TLS handshake path (`ProcessPeerCerts`) is not susceptible and the issue is limited to applications using the OpenSSL compatibility API directly, which would include integrations of wolfSSL into nginx and haproxy.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-295"], "affected_products": [], "references": [{"url": "https://github.com/wolfSSL/wolfssl/pull/10102", "source": "facts@wolfssl.com", "tags": []}], "published": "2026-04-10T04:17:17.230", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00023, "epss_percentile": 0.0604, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1557", "name": "Adversary-in-the-Middle", "tactic": "Credential Access"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4482", "description": "The installer certificate files in the …/bootstrap/common/ssl folder do not seem to have restricted permissions on Windows systems (users have read and execute access). For the client.key file in particular, this could potentially lead to exploits, as this exposes agent identity material to any locally authenticated standard user.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-732"], "affected_products": [], "references": [{"url": "https://docs.rapid7.com/insight/release-notes-2026-april/#improvements-and-fixes", "source": "cve@rapid7.com", "tags": []}], "published": "2026-04-10T05:16:04.587", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 8e-05, "epss_percentile": 0.00649, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5477", "description": "An integer overflow existed in the wolfCrypt CMAC implementation, that could be exploited to forge CMAC tags. The function wc_CmacUpdate used the guard `if (cmac->totalSz != 0)` to skip XOR-chaining on the first block (where digest is all-zeros and the XOR is a no-op). However, totalSz is word32 and wraps to zero after 2^28 block flushes (4 GiB), causing the guard to erroneously discard the live CBC-MAC chain state. Any two messages sharing a common suffix beyond the 4 GiB mark then produce identical CMAC tags, enabling a zero-work prefix-substitution forgery. The fix removes the guard, making the XOR unconditional; the no-op property on the first block is preserved because digest is zero-initialized by wc_InitCmac_ex.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-190"], "affected_products": [], "references": [{"url": "https://github.com/wolfSSL/wolfssl/pull/10102", "source": "facts@wolfssl.com", "tags": []}], "published": "2026-04-10T06:16:05.243", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00042, "epss_percentile": 0.12712, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33455", "description": "Livestatus injection in the monitoring quicksearch in Checkmk <2.5.0b4 allows an authenticated attacker to inject livestatus commands via the search query due to insufficient input sanitization in search filter plugins.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-140"], "affected_products": [], "references": [{"url": "https://checkmk.com/werk/17988", "source": "security@checkmk.com", "tags": []}], "published": "2026-04-10T09:16:23.447", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00042, "epss_percentile": 0.12568, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33456", "description": "Livestatus injection in the notification test mode in Checkmk <2.5.0b4 and <2.4.0p26 allows an authenticated user with access to the notification test page to inject arbitrary Livestatus commands via a crafted service description.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-140"], "affected_products": [], "references": [{"url": "https://checkmk.com/werk/17989", "source": "security@checkmk.com", "tags": []}], "published": "2026-04-10T09:16:24.493", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00039, "epss_percentile": 0.11461, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33457", "description": "Livestatus injection in the prediction graph page in Checkmk <2.5.0b4, <2.4.0p26, and <2.3.0p47 allows an authenticated user to inject arbitrary Livestatus commands via a crafted service name parameter due to insufficient sanitization of the service description value.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-140"], "affected_products": [], "references": [{"url": "https://checkmk.com/werk/17990", "source": "security@checkmk.com", "tags": []}], "published": "2026-04-10T09:16:24.630", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00042, "epss_percentile": 0.12568, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-31412", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_mass_storage: Fix potential integer overflow in check_command_size_in_blocks()\n\nThe `check_command_size_in_blocks()` function calculates the data size\nin bytes by left shifting `common->data_size_from_cmnd` by the block\nsize (`common->curlun->blkbits`). However, it does not validate whether\nthis shift operation will cause an integer overflow.\n\nInitially, the block size is set up in `fsg_lun_open()` , and the\n`common->data_size_from_cmnd` is set up in `do_scsi_command()`. During\ninitialization, there is no integer overflow check for the interaction\nbetween two variables.\n\nSo if a malicious USB host sends a SCSI READ or WRITE command\nrequesting a large amount of data (`common->data_size_from_cmnd`), the\nleft shift operation can wrap around. This results in a truncated data\nsize, which can bypass boundary checks and potentially lead to memory\ncorruption or out-of-bounds accesses.\n\nFix this by using the check_shl_overflow() macro to safely perform the\nshift and catch any overflows.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": [], "affected_products": [], "references": [{"url": "https://git.kernel.org/stable/c/228b37936376143f4b60cc6828663f6eaceb81b5", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/3428dc5520c811e66622b2f5fa43341bf9a1f8b3", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/387ebb0453b99d71491419a5dc4ab4bee0cacbac", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/8479891d1f04a8ce55366fe4ca361ccdb96f02e1", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/91817ad5452defe69bc7bc0e355f0ed5d01125cc", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/ce0caaed5940162780c5c223b8ae54968a5f059b", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}], "published": "2026-04-10T11:16:22.967", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0001, "epss_percentile": 0.01121, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5777", "description": "This vulnerability exists in the Atom 3x Projector due to improper exposure of the Android Debug Bridge (ADB) service over the local network without authentication or access controls. An unauthenticated attacker on the same network can exploit this vulnerability to obtain root-level access, leading to complete compromise of the targeted device.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-306"], "affected_products": [], "references": [{"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2026-0179", "source": "vdisclose@cert-in.org.in", "tags": []}], "published": "2026-04-10T12:16:04.480", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00012, "epss_percentile": 0.01534, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5774", "description": "Improper synchronization of the userTokens map in the API server in Canonical Juju 4.0.5, 3.6.20, and 2.9.56 may allow an authenticated user to possibly cause a denial of service on the server or possibly reuse a single-use discharge token.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-362"], "affected_products": [], "references": [{"url": "https://github.com/juju/juju/pull/22205", "source": "security@ubuntu.com", "tags": []}, {"url": "https://github.com/juju/juju/pull/22206", "source": "security@ubuntu.com", "tags": []}, {"url": "https://github.com/juju/juju/security/advisories/GHSA-7m55-2hr4-pw78", "source": "security@ubuntu.com", "tags": []}, {"url": "https://github.com/juju/juju/security/advisories/GHSA-7m55-2hr4-pw78", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": []}], "published": "2026-04-10T13:16:46.070", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00011, "epss_percentile": 0.01398, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34477", "description": "The fix for  CVE-2025-68161 https://logging.apache.org/security.html#CVE-2025-68161  was incomplete: it addressed hostname verification only when enabled via the  log4j2.sslVerifyHostName https://logging.apache.org/log4j/2.x/manual/systemproperties.html#log4j2.sslVerifyHostName  system property, but not when configured through the  verifyHostName https://logging.apache.org/log4j/2.x/manual/appenders/network.html#SslConfiguration-attr-verifyHostName  attribute of the <Ssl> element.\n\nAlthough the verifyHostName configuration attribute was introduced in Log4j Core 2.12.0, it was silently ignored in all versions through 2.25.3, leaving TLS connections vulnerable to interception regardless of the configured value.\n\nA network-based attacker may be able to perform a man-in-the-middle attack when all of the following conditions are met:\n\n  *  An SMTP, Socket, or Syslog appender is in use.\n  *  TLS is configured via a nested <Ssl> element.\n  *  The attacker can present a certificate issued by a CA trusted by the appender's configured trust store, or by the default Java trust store if none is configured.\nThis issue does not affect users of the HTTP appender, which uses a separate  verifyHostname https://logging.apache.org/log4j/2.x/manual/appenders/network.html#HttpAppender-attr-verifyHostName  attribute that was not subject to this bug and verifies host names by default.\n\nUsers are advised to upgrade to Apache Log4j Core 2.25.4, which corrects this issue.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-297"], "affected_products": [], "references": [{"url": "https://github.com/apache/logging-log4j2/pull/4075", "source": "security@apache.org", "tags": []}, {"url": "https://lists.apache.org/thread/lkx8cl46t2bvkcwfcb2pd43ygc097lq4", "source": "security@apache.org", "tags": []}, {"url": "https://logging.apache.org/cyclonedx/vdr.xml", "source": "security@apache.org", "tags": []}, {"url": "https://logging.apache.org/log4j/2.x/manual/appenders/network.html#SslConfiguration-attr-verifyHostName", "source": "security@apache.org", "tags": []}, {"url": "https://logging.apache.org/security.html#CVE-2026-34477", "source": "security@apache.org", "tags": []}], "published": "2026-04-10T16:16:30.843", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00108, "epss_percentile": 0.29071, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34478", "description": "Apache Log4j Core's  Rfc5424Layout https://logging.apache.org/log4j/2.x/manual/layouts.html#RFC5424Layout , in versions 2.21.0 through 2.25.3, is vulnerable to log injection via CRLF sequences due to undocumented renames of security-relevant configuration attributes.\n\nTwo distinct issues affect users of stream-based syslog services who configure Rfc5424Layout directly:\n\n  *  The newLineEscape attribute was silently renamed, causing newline escaping to stop working for users of TCP framing (RFC 6587), exposing them to CRLF injection in log output.\n  *  The useTlsMessageFormat attribute was silently renamed, causing users of TLS framing (RFC 5425) to be silently downgraded to unframed TCP (RFC 6587), without newline escaping.\n\n\nUsers of the SyslogAppender are not affected, as its configuration attributes were not modified.\n\nUsers are advised to upgrade to Apache Log4j Core 2.25.4, which corrects this issue.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-117", "CWE-684"], "affected_products": [], "references": [{"url": "https://github.com/apache/logging-log4j2/pull/4074", "source": "security@apache.org", "tags": []}, {"url": "https://lists.apache.org/thread/3k1clr2l6vkdnl4cbhjrnt1nyjvb5gwt", "source": "security@apache.org", "tags": []}, {"url": "https://logging.apache.org/cyclonedx/vdr.xml", "source": "security@apache.org", "tags": []}, {"url": "https://logging.apache.org/log4j/2.x/manual/layouts.html#RFC5424Layout", "source": "security@apache.org", "tags": []}, {"url": "https://logging.apache.org/security.html#CVE-2026-34478", "source": "security@apache.org", "tags": []}, {"url": "http://www.openwall.com/lists/oss-security/2026/04/10/7", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2026-04-10T16:16:31.070", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00145, "epss_percentile": 0.34861, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34479", "description": "The Log4j1XmlLayout from the Apache Log4j 1-to-Log4j 2 bridge fails to escape characters forbidden by the XML 1.0 standard, producing malformed XML output. Conforming XML parsers are required to reject documents containing such characters with a fatal error, which may cause downstream log processing systems to drop or fail to index affected records.\n\nTwo groups of users are affected:\n\n  *  Those using Log4j1XmlLayout directly in a Log4j Core 2 configuration file.\n  *  Those using the Log4j 1 configuration compatibility layer with org.apache.log4j.xml.XMLLayout specified as the layout class.\n\n\nUsers are advised to upgrade to Apache Log4j 1-to-Log4j 2 bridge version 2.25.4, which corrects this issue.\n\nNote: The Apache Log4j 1-to-Log4j 2 bridge is deprecated and will not be present in Log4j 3. Users are encouraged to consult the  Log4j 1 to Log4j 2 migration guide https://logging.apache.org/log4j/2.x/migrate-from-log4j1.html , and specifically the section on eliminating reliance on the bridge.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-116"], "affected_products": [], "references": [{"url": "https://github.com/apache/logging-log4j2/pull/4078", "source": "security@apache.org", "tags": []}, {"url": "https://lists.apache.org/thread/gd0hp6mj17rn3kj279vgy4p7kd4zz5on", "source": "security@apache.org", "tags": []}, {"url": "https://logging.apache.org/cyclonedx/vdr.xml", "source": "security@apache.org", "tags": []}, {"url": "https://logging.apache.org/log4j/2.x/migrate-from-log4j1.html", "source": "security@apache.org", "tags": []}, {"url": "https://logging.apache.org/security.html#CVE-2026-34479", "source": "security@apache.org", "tags": []}, {"url": "http://www.openwall.com/lists/oss-security/2026/04/10/8", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2026-04-10T16:16:31.270", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00119, "epss_percentile": 0.30807, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34480", "description": "Apache Log4j Core's  XmlLayout https://logging.apache.org/log4j/2.x/manual/layouts.html#XmlLayout , in versions up to and including 2.25.3, fails to sanitize characters forbidden by the  XML 1.0 specification https://www.w3.org/TR/xml/#charsets  producing invalid XML output whenever a log message or MDC value contains such characters.\n\nThe impact depends on the StAX implementation in use:\n\n  *  JRE built-in StAX: Forbidden characters are silently written to the output, producing malformed XML. Conforming parsers must reject such documents with a fatal error, which may cause downstream log-processing systems to drop the affected records.\n  *  Alternative StAX implementations (e.g.,  Woodstox https://github.com/FasterXML/woodstox , a transitive dependency of the Jackson XML Dataformat module): An exception is thrown during the logging call, and the log event is never delivered to its intended appender, only to Log4j's internal status logger.\n\n\nUsers are advised to upgrade to Apache Log4j Core 2.25.4, which corrects this issue by sanitizing forbidden characters before XML output.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-116"], "affected_products": [], "references": [{"url": "https://github.com/apache/logging-log4j2/pull/4077", "source": "security@apache.org", "tags": []}, {"url": "https://lists.apache.org/thread/5x0hcnng0chhghp6jgjdp3qmbbhfjzhb", "source": "security@apache.org", "tags": []}, {"url": "https://logging.apache.org/cyclonedx/vdr.xml", "source": "security@apache.org", "tags": []}, {"url": "https://logging.apache.org/log4j/2.x/manual/layouts.html#XmlLayout", "source": "security@apache.org", "tags": []}, {"url": "https://logging.apache.org/security.html#CVE-2026-34480", "source": "security@apache.org", "tags": []}, {"url": "http://www.openwall.com/lists/oss-security/2026/04/10/9", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2026-04-10T16:16:31.463", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00119, "epss_percentile": 0.30807, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34481", "description": "Apache Log4j's  JsonTemplateLayout https://logging.apache.org/log4j/2.x/manual/json-template-layout.html , in versions up to and including 2.25.3, produces invalid JSON output when log events contain non-finite floating-point values (NaN, Infinity, or -Infinity), which are prohibited by RFC 8259. This may cause downstream log processing systems to reject or fail to index affected records.\n\nAn attacker can exploit this issue only if both of the following conditions are met:\n\n  *  The application uses JsonTemplateLayout.\n  *  The application logs a MapMessage containing an attacker-controlled floating-point value.\n\n\nUsers are advised to upgrade to Apache Log4j JSON Template Layout 2.25.4, which corrects this issue.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-116"], "affected_products": [], "references": [{"url": "https://github.com/apache/logging-log4j2/pull/4080", "source": "security@apache.org", "tags": []}, {"url": "https://lists.apache.org/thread/n34zdv00gbkdbzt2rx9rf5mqz6lhopcv", "source": "security@apache.org", "tags": []}, {"url": "https://logging.apache.org/cyclonedx/vdr.xml", "source": "security@apache.org", "tags": []}, {"url": "https://logging.apache.org/log4j/2.x/manual/json-template-layout.html", "source": "security@apache.org", "tags": []}, {"url": "https://logging.apache.org/security.html#CVE-2026-34481", "source": "security@apache.org", "tags": []}, {"url": "http://www.openwall.com/lists/oss-security/2026/04/10/10", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2026-04-10T16:16:31.663", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00119, "epss_percentile": 0.30807, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40021", "description": "Apache Log4net's  XmlLayout https://logging.apache.org/log4net/manual/configuration/layouts.html#layout-list  and  XmlLayoutSchemaLog4J https://logging.apache.org/log4net/manual/configuration/layouts.html#layout-list , in versions before 3.3.0, fail to sanitize characters forbidden by the  XML 1.0 specification https://www.w3.org/TR/xml/#charsets  in MDC property keys and values, as well as the identity field that may carry attacker-influenced data. This causes an exception during serialization and the silent loss of the affected log event.\n\nAn attacker who can influence any of these fields can exploit this to suppress individual log records, impairing audit trails and detection of malicious activity.\n\nUsers are advised to upgrade to Apache Log4net 3.3.0, which fixes this issue.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-116"], "affected_products": [], "references": [{"url": "https://github.com/apache/logging-log4net/pull/280", "source": "security@apache.org", "tags": []}, {"url": "https://lists.apache.org/thread/q8otftjswhk69n3kxslqg7cobr0x4st7", "source": "security@apache.org", "tags": []}, {"url": "https://logging.apache.org/cyclonedx/vdr.xml", "source": "security@apache.org", "tags": []}, {"url": "https://logging.apache.org/log4net/manual/configuration/layouts.html", "source": "security@apache.org", "tags": []}, {"url": "https://logging.apache.org/security.html#CVE-2026-40021", "source": "security@apache.org", "tags": []}, {"url": "http://www.openwall.com/lists/oss-security/2026/04/10/11", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2026-04-10T16:16:32.420", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00119, "epss_percentile": 0.30807, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40023", "description": "Apache Log4cxx's  XMLLayout https://logging.apache.org/log4cxx/1.7.0/classlog4cxx_1_1xml_1_1XMLLayout.html , in versions before 1.7.0, fails to sanitize characters forbidden by the  XML 1.0 specification https://www.w3.org/TR/xml/#charsets  in log messages, NDC, and MDC property keys and values, producing invalid XML output. Conforming XML parsers must reject such documents with a fatal error, which may cause downstream log processing systems to drop or fail to index affected records.\n\nAn attacker who can influence logged data can exploit this to suppress individual log records, impairing audit trails and detection of malicious activity.\n\nUsers are advised to upgrade to Apache Log4cxx 1.7.0, which fixes this issue.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-116"], "affected_products": [], "references": [{"url": "https://github.com/apache/logging-log4cxx/pull/609", "source": "security@apache.org", "tags": []}, {"url": "https://lists.apache.org/thread/y15cv3zblg3dfwr5vy6ddbnl4zyrzr8b", "source": "security@apache.org", "tags": []}, {"url": "https://logging.apache.org/cyclonedx/vdr.xml", "source": "security@apache.org", "tags": []}, {"url": "https://logging.apache.org/log4cxx/1.7.0/classlog4cxx_1_1xml_1_1XMLLayout.html", "source": "security@apache.org", "tags": []}, {"url": "https://logging.apache.org/security.html#CVE-2026-40023", "source": "security@apache.org", "tags": []}, {"url": "http://www.openwall.com/lists/oss-security/2026/04/10/12", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2026-04-10T16:16:32.600", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00119, "epss_percentile": 0.30807, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40073", "description": "SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, under certain circumstances, requests could bypass the BODY_SIZE_LIMIT on SvelteKit applications running with adapter-node. This bypass does not affect body size limits at other layers of the application stack, so limits enforced in the WAF, gateway, or at the platform level are unaffected. This vulnerability is fixed in 2.57.1.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-770"], "affected_products": [], "references": [{"url": "https://github.com/sveltejs/kit/commit/3202ed6c98f9e8d86bf0c4c7ad0f2e273e5e3b95", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/sveltejs/kit/releases/tag/@sveltejs/kit@2.57.1", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/sveltejs/kit/security/advisories/GHSA-2crg-3p73-43xp", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-10T17:17:12.357", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0004, "epss_percentile": 0.11969, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40074", "description": "SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, redirect, when called from inside the handle server hook with a location parameter containing characters that are invalid in a HTTP header, will cause an unhandled TypeError. This could result in DoS on some platforms, especially if the location passed to redirect contains unsanitized user input. This vulnerability is fixed in 2.57.1.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-755"], "affected_products": [], "references": [{"url": "https://github.com/sveltejs/kit/commit/10d7b44425c3d9da642eecce373d0c6ef83b4fcd", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/sveltejs/kit/releases/tag/@sveltejs/kit@2.57.1", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/sveltejs/kit/security/advisories/GHSA-3f6h-2hrp-w5wx", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-10T17:17:12.513", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0004, "epss_percentile": 0.11969, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40157", "description": "PraisonAI is a multi-agent teams system. Prior to 4.5.128, cmd_unpack in the recipe CLI extracts .praison tar archives using raw tar.extract() without validating archive member paths. A .praison bundle containing ../../ entries will write files outside the intended output directory. An attacker who distributes a malicious bundle can overwrite arbitrary files on the victim's filesystem when they run praisonai recipe unpack. This vulnerability is fixed in 4.5.128.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-22"], "affected_products": [], "references": [{"url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-99g3-w8gr-x37c", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-99g3-w8gr-x37c", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": []}], "published": "2026-04-10T17:17:13.457", "last_modified": "2026-04-14T15:16:37.833", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00072, "epss_percentile": 0.21931, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1083", "name": "File and Directory Discovery", "tactic": "Discovery"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40160", "description": "PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, web_crawl's httpx fallback path passes user-supplied URLs directly to httpx.AsyncClient.get() with follow_redirects=True and no host validation. An LLM agent tricked into crawling an internal URL can reach cloud metadata endpoints (169.254.169.254), internal services, and localhost. The response content is returned to the agent and may appear in output visible to the attacker. This fallback is the default crawl path on a fresh PraisonAI installation (no Tavily key, no Crawl4AI installed). This vulnerability is fixed in 1.5.128.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-918"], "affected_products": [], "references": [{"url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-qq9r-63f6-v542", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-qq9r-63f6-v542", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": []}], "published": "2026-04-10T17:17:13.950", "last_modified": "2026-04-13T16:16:32.277", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00041, "epss_percentile": 0.12288, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1090", "name": "Proxy", "tactic": "Command and Control"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-66447", "description": "Chamilo LMS is a learning management system. From 1.11.0 to 2.0-beta.1, anyone can trigger a malicious redirect through the use of the redirect parameter to /login. This vulnerability is fixed in 2.0-beta.2.", "cvss_score": 0.0, "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "cvss_severity": "NONE", "cwes": ["CWE-601"], "affected_products": [], "references": [{"url": "https://github.com/chamilo/chamilo-lms/commit/73ae6293adaa6098374bc22625342dbae5cbc446", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-m82x-prv3-rwwv", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-10T18:16:40.630", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0003, "epss_percentile": 0.08323, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-1502", "description": "CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": [], "affected_products": [], "references": [{"url": "https://github.com/python/cpython/commit/05ed7ce7ae9e17c23a04085b2539fe6d6d3cef69", "source": "cna@python.org", "tags": []}, {"url": "https://github.com/python/cpython/issues/146211", "source": "cna@python.org", "tags": []}, {"url": "https://github.com/python/cpython/pull/146212", "source": "cna@python.org", "tags": []}, {"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/2IVPAEQWUJBCTQZEJEVTYCIKSMQPGRZ3/", "source": "cna@python.org", "tags": []}, {"url": "http://www.openwall.com/lists/oss-security/2026/04/11/4", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2026-04-10T18:16:40.970", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00042, "epss_percentile": 0.12467, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33698", "description": "Chamilo LMS is a learning management system. Prior to 1.11.38, a chained attack can enable otherwise-blocked PHP code from the main/install/ directory and allow an unauthenticated attacker to modify existing files or create new files where allowed by system permissions. This only affects portals with the main/install/ directory still present and read-accessible. This vulnerability is fixed in 1.11.38.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-552"], "affected_products": [], "references": [{"url": "https://github.com/chamilo/chamilo-lms/commit/d3355d7873c7e5b907c5fa84cbd5d9b62ed33e51", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-557g-2w66-gpmf", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-10T19:16:23.033", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00053, "epss_percentile": 0.16447, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33703", "description": "Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Direct Object Reference (IDOR) vulnerability in the /social-network/personal-data/{userId} endpoint allows any authenticated user to access full personal data and API tokens of arbitrary users by modifying the userId parameter. This results in mass disclosure of sensitive user information and credentials, enabling a full platform data breach. This vulnerability is fixed in 2.0.0-RC.3.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-639"], "affected_products": [], "references": [{"url": "https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-27x6-c5c7-gpf5", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-10T19:16:23.327", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00038, "epss_percentile": 0.11431, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-3446", "description": "When calling base64.b64decode() or related functions the decoding process would stop after encountering the first padded quad regardless of whether there was more information to be processed. This can lead to data being accepted which may be processed differently by other implementations. Use \"validate=True\" to enable stricter processing of base64 data.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-345"], "affected_products": [], "references": [{"url": "https://github.com/python/cpython/commit/1f9958f909c1b41a4ffc0b613ef8ec8fa5e7c474", "source": "cna@python.org", "tags": []}, {"url": "https://github.com/python/cpython/commit/4561f6418a691b3e89aef0901f53fe0dfb7f7c0e", "source": "cna@python.org", "tags": []}, {"url": "https://github.com/python/cpython/commit/e31c55121620189a0d1a07b689762d8ca9c1b7fa", "source": "cna@python.org", "tags": []}, {"url": "https://github.com/python/cpython/issues/145264", "source": "cna@python.org", "tags": []}, {"url": "https://github.com/python/cpython/pull/145267", "source": "cna@python.org", "tags": []}, {"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/F5ZT5ICGJ6CKXVUJ34YBVY7WOZ5SHG53/", "source": "cna@python.org", "tags": []}], "published": "2026-04-10T19:16:26.220", "last_modified": "2026-04-13T17:16:30.610", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00023, "epss_percentile": 0.06011, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39921", "description": "GeoNode versions 4.0 before 4.4.5 and 5.0 before 5.0.2 contain a server-side request forgery vulnerability that allows authenticated users with document upload permissions to trigger arbitrary outbound HTTP requests by providing a malicious URL via the doc_url parameter during document upload. Attackers can supply URLs pointing to internal network targets, loopback addresses, RFC1918 addresses, or cloud metadata services to cause the server to make requests to internal resources without SSRF mitigations such as private IP filtering or redirect validation.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-918"], "affected_products": [], "references": [{"url": "https://github.com/GeoNode/geonode/releases/tag/4.4.5", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://github.com/GeoNode/geonode/releases/tag/5.0.2", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/geonode-ssrf-via-document-upload", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-10T20:16:22.083", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0003, "epss_percentile": 0.08375, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1090", "name": "Proxy", "tactic": "Command and Control"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39922", "description": "GeoNode versions 4.0 before 4.4.5 and 5.0 before 5.0.2 contain a server-side request forgery vulnerability in the service registration endpoint that allows authenticated attackers to trigger outbound network requests to arbitrary URLs by submitting a crafted service URL during form validation. Attackers can probe internal network targets including loopback addresses, RFC1918 private IP ranges, link-local addresses, and cloud metadata services by exploiting insufficient URL validation in the WMS service handler without private IP filtering or allowlist enforcement.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-918"], "affected_products": [], "references": [{"url": "https://github.com/GeoNode/geonode/releases/tag/4.4.5", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://github.com/GeoNode/geonode/releases/tag/5.0.2", "source": "disclosure@vulncheck.com", "tags": []}, {"url": "https://www.vulncheck.com/advisories/geonode-ssrf-via-service-registration", "source": "disclosure@vulncheck.com", "tags": []}], "published": "2026-04-10T20:16:22.270", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00036, "epss_percentile": 0.10664, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1090", "name": "Proxy", "tactic": "Command and Control"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40177", "description": "ajenti.plugin.core defines all necessary core elements to allow Ajenti to run properly. Prior to 0.112, if the 2FA was activated, it was possible to bypass the password authentication This vulnerability is fixed in 0.112.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-287"], "affected_products": [], "references": [{"url": "https://github.com/ajenti/ajenti/security/advisories/GHSA-3mcx-6wxm-qr8v", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-10T20:16:22.970", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00073, "epss_percentile": 0.22038, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1078", "name": "Valid Accounts", "tactic": "Initial Access"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40178", "description": "ajenti.plugin.core defines all necessary core elements to allow Ajenti to run properly. Prior to 0.112, if the 2FA was activated, it was possible during a short moment after the authentication of an user to bypass its authentication. This vulnerability is fixed in 0.112.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-287", "CWE-362"], "affected_products": [], "references": [{"url": "https://github.com/ajenti/ajenti/security/advisories/GHSA-8647-755q-fw9p", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-10T20:16:23.117", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00073, "epss_percentile": 0.22038, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1078", "name": "Valid Accounts", "tactic": "Initial Access"}, {"id": "T1068", "name": "Exploitation for Privilege Escalation", "tactic": "Privilege Escalation"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40180", "description": "Quarkus OpenAPI Generator is Quarkus' extensions for generation of Rest Clients and server stubs generation. Prior to 2.16.0 and 2.15.0-lts, the unzip() method in ApicurioCodegenWrapper.java extracts ZIP entries without validating that the resolved file path stays within the intended output directory. At line 101, the destination is constructed as new File(toOutputDir, entry.getName()) and the content is written immediately. A malicious ZIP archive containing entries with path traversal sequences (e.g., ../../malicious.java) would write files outside the target directory. This vulnerability is fixed in 2.16.0 and 2.15.0-lts.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-22"], "affected_products": [], "references": [{"url": "https://github.com/quarkiverse/quarkus-openapi-generator/commit/08b406414ff30ed192e86c7fa924e57565534ff0", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/quarkiverse/quarkus-openapi-generator/commit/e2a9c629a3df719abc74569a3795c265fd0e1239", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/quarkiverse/quarkus-openapi-generator/security/advisories/GHSA-jx2w-vp7f-456q", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/quarkiverse/quarkus-openapi-generator/security/advisories/GHSA-jx2w-vp7f-456q", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": []}], "published": "2026-04-10T20:16:23.260", "last_modified": "2026-04-13T21:16:30.337", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00044, "epss_percentile": 0.13258, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1083", "name": "File and Directory Discovery", "tactic": "Discovery"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40191", "description": "ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.4-beta-1f46165,  ClearanceKit's Endpoint Security event handler only checked the source path of dual-path file operations against File Access Authorization (FAA) rules and App Jail policies. The destination path was ignored entirely. This allowed any local process to bypass file-access protection by using rename, link, copyfile, exchangedata, or clone operations to place or replace files inside protected directories. This vulnerability is fixed in 5.0.4-beta-1f46165.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-863"], "affected_products": [], "references": [{"url": "https://github.com/craigjbass/clearancekit/releases/tag/v5.0.4-1f46165", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/craigjbass/clearancekit/security/advisories/GHSA-92f3-38m7-579h", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-10T21:16:27.440", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00013, "epss_percentile": 0.02107, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40252", "description": "FastGPT is an AI Agent building platform. Prior to 4.14.10.4, Broken Access Control vulnerability (IDOR/BOLA) allows any authenticated team to access and execute applications belonging to other teams by supplying a foreign appId. While the API correctly validates the team token, it does not verify that the requested application belongs to the authenticated team. This leads to cross-tenant data exposure and unauthorized execution of private AI workflows. This vulnerability is fixed in 4.14.10.4.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-284", "CWE-639"], "affected_products": [], "references": [{"url": "https://github.com/labring/FastGPT/releases/tag/v4.14.10.4", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/labring/FastGPT/security/advisories/GHSA-gc8m-w37w-24hw", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-10T21:16:27.907", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00057, "epss_percentile": 0.17791, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5724", "description": "The frontend gRPC server's streaming interceptor chain did not include the authorization interceptor. When a ClaimMapper and Authorizer are configured, unary RPCs enforce authentication and authorization, but the streaming AdminService/StreamWorkflowReplicationMessages endpoint accepted requests without credentials. This endpoint is registered on the same port as WorkflowService and cannot be disabled independently. An attacker with network access to the frontend port could open the replication stream without authentication. Data exfiltration is possible, but  only when a configured replication target is correctly configured and the attacker has knowledge of the cluster configuration, as the history service validates cluster IDs and peer membership before returning replication data.\n\n\n\n\nTemporal Cloud is not affected.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-306"], "affected_products": [], "references": [{"url": "https://github.com/temporalio/temporal/releases/tag/v1.28.4", "source": "security@temporal.io", "tags": []}, {"url": "https://github.com/temporalio/temporal/releases/tag/v1.29.6", "source": "security@temporal.io", "tags": []}, {"url": "https://github.com/temporalio/temporal/releases/tag/v1.30.4", "source": "security@temporal.io", "tags": []}], "published": "2026-04-10T21:16:28.497", "last_modified": "2026-04-13T15:02:06.187", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.001, "epss_percentile": 0.27649, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32146", "description": "Improper path validation vulnerability in the Gleam compiler's handling of git dependencies allows arbitrary file system modification during dependency download.\n\nDependency names from gleam.toml and manifest.toml are incorporated into filesystem paths without sufficient validation or confinement to the intended dependency directory, allowing attacker-controlled paths (via relative traversal such as ../ or absolute paths) to target filesystem locations outside that directory. When resolving git dependencies (e.g. via gleam deps download), the computed path is used for filesystem operations including directory deletion and creation.\n\nThis vulnerability occurs during the dependency resolution and download phase, which is generally expected to be limited to fetching and preparing dependencies within a confined directory. A malicious direct or transitive git dependency can exploit this issue to delete and overwrite arbitrary directories outside the intended dependency directory, including attacker-chosen absolute paths, potentially causing data loss. In some environments, this may be further leveraged to achieve code execution, for example by overwriting git hooks or shell configuration files.\n\nThis issue affects Gleam from 1.9.0-rc1 until 1.15.4.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-22"], "affected_products": [], "references": [{"url": "https://cna.erlef.org/cves/CVE-2026-32146.html", "source": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db", "tags": []}, {"url": "https://github.com/gleam-lang/gleam/commit/1aa5d8e594b0aa240bb213fce6ee19c65e6d5bcf", "source": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db", "tags": []}, {"url": "https://github.com/gleam-lang/gleam/commit/2dc0467f822c75de94697a912755d172928ee40a", "source": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db", "tags": []}, {"url": "https://github.com/gleam-lang/gleam/security/advisories/GHSA-vq5j-55vx-wq8j", "source": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db", "tags": []}, {"url": "https://osv.dev/vulnerability/EEF-CVE-2026-32146", "source": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db", "tags": []}], "published": "2026-04-11T14:16:03.640", "last_modified": "2026-04-14T10:16:30.200", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00015, "epss_percentile": 0.03088, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1083", "name": "File and Directory Discovery", "tactic": "Discovery"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-31413", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix unsound scalar forking in maybe_fork_scalars() for BPF_OR\n\nmaybe_fork_scalars() is called for both BPF_AND and BPF_OR when the\nsource operand is a constant.  When dst has signed range [-1, 0], it\nforks the verifier state: the pushed path gets dst = 0, the current\npath gets dst = -1.\n\nFor BPF_AND this is correct: 0 & K == 0.\nFor BPF_OR this is wrong:    0 | K == K, not 0.\n\nThe pushed path therefore tracks dst as 0 when the runtime value is K,\nproducing an exploitable verifier/runtime divergence that allows\nout-of-bounds map access.\n\nFix this by passing env->insn_idx (instead of env->insn_idx + 1) to\npush_stack(), so the pushed path re-executes the ALU instruction with\ndst = 0 and naturally computes the correct result for any opcode.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": [], "affected_products": [], "references": [{"url": "https://git.kernel.org/stable/c/342aa1ee995ef5bbf876096dc3a5e51218d76fa4", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/58bd87d0e69204dbd739e4387a1edb0c4b1644e7", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/c845894ebd6fb43226b3118d6b017942550910c5", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/d13281ae7ea8902b21d99d10a2c8caf0bdec0455", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}], "published": "2026-04-12T06:16:20.050", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 8e-05, "epss_percentile": 0.00648, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6179", "description": "Stored Cross Site Scripting in NightWolf Penetration Testing Platform allows attack trigger and run malicious script in user's browser", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://bug.report.night-wolf.io/changelogs", "source": "5ac195ad-69e7-48e7-9c1e-bfc958c39761", "tags": []}], "published": "2026-04-13T03:16:03.297", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00047, "epss_percentile": 0.14223, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-21003", "description": "Improper input validation in data related to network restrictions prior to SMR Apr-2026 Release 1 allows physical attackers to bypass the restrictions.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": [], "affected_products": [], "references": [{"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=04", "source": "mobile.security@samsung.com", "tags": []}], "published": "2026-04-13T05:16:02.230", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00044, "epss_percentile": 0.13271, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-21009", "description": "Improper check for exceptional conditions in Recents prior to SMR Apr-2026 Release 1 allows physical attacker to bypass App Pinning.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": [], "affected_products": [], "references": [{"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=04", "source": "mobile.security@samsung.com", "tags": []}], "published": "2026-04-13T06:16:05.483", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00022, "epss_percentile": 0.05829, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-21013", "description": "Incorrect default permission in Galaxy Wearable prior to version 2.2.68.26 allows local attackers to access sensitive information.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": [], "affected_products": [], "references": [{"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2026&month=04", "source": "mobile.security@samsung.com", "tags": []}], "published": "2026-04-13T06:16:06.010", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00014, "epss_percentile": 0.0248, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-21014", "description": "Improper access control in Samsung Camera prior to version 16.5.00.28 allows local attacker to access location data. User interaction is required for triggering this vulnerability.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": [], "affected_products": [], "references": [{"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2026&month=04", "source": "mobile.security@samsung.com", "tags": []}], "published": "2026-04-13T06:16:06.140", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00013, "epss_percentile": 0.02107, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34865", "description": "Out-of-bounds write vulnerability in the WEB module.Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-122"], "affected_products": [], "references": [{"url": "https://consumer.huawei.com/en/support/bulletinwearables/2026/4/", "source": "psirt@huawei.com", "tags": []}], "published": "2026-04-13T07:16:49.977", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0002, "epss_percentile": 0.05266, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-0232", "description": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows allows a local Windows administrator to disable the agent. This issue may be leveraged by malware to perform malicious activity without detection.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-15"], "affected_products": [], "references": [{"url": "https://security.paloaltonetworks.com/CVE-2026-0232", "source": "psirt@paloaltonetworks.com", "tags": []}], "published": "2026-04-13T08:16:20.900", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00013, "epss_percentile": 0.02124, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-0233", "description": "A certificate validation vulnerability in Palo Alto Networks Autonomous Digital Experience Manager on Windows allows an unauthenticated attacker with adjacent network access to execute arbitrary code with NT AUTHORITY\\SYSTEM  privileges.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-295"], "affected_products": [], "references": [{"url": "https://security.paloaltonetworks.com/CVE-2026-0233", "source": "psirt@paloaltonetworks.com", "tags": []}], "published": "2026-04-13T08:16:22.150", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0001, "epss_percentile": 0.01123, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1557", "name": "Adversary-in-the-Middle", "tactic": "Credential Access"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-0234", "description": "An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR and Cortex XSIAM platforms during integration of Microsoft Teams that enables an unauthenticated user to access and modify protected resources.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-347"], "affected_products": [], "references": [{"url": "https://security.paloaltonetworks.com/CVE-2026-0234", "source": "psirt@paloaltonetworks.com", "tags": []}], "published": "2026-04-13T08:16:22.367", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00027, "epss_percentile": 0.07353, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4810", "description": "A Code Injection and Missing Authentication vulnerability in Google Agent Development Kit (ADK) versions 1.7.0 (and 2.0.0a1) through 1.28.1 (and 2.0.0a2) on Python (OSS), Cloud Run, and GKE allows an unauthenticated remote attacker to execute arbitrary code on the server hosting the ADK instance.\n\nThis vulnerability was patched in versions 1.28.1 and 2.0.0a2.\n\n\nCustomers need to redeploy the upgraded ADK to their production environments. In addition, if they are running ADK Web locally, they also need to upgrade their local instance.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-306"], "affected_products": [], "references": [{"url": "https://github.com/google/adk-python/blob/main/CHANGELOG.md#1274-2026-03-26", "source": "f45cbf4e-4146-4068-b7e1-655ffc2c548c", "tags": []}], "published": "2026-04-13T09:16:08.883", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00295, "epss_percentile": 0.52835, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2728", "description": "LibreNMS versions before 26.3.0 are affected by an authenticated Cross-site Scripting vulnerability on the showconfig page. Successful exploitation requires administrative privileges. Exploitation could result in XSS attacks being performed against other users with access to the page.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://projectblack.io/blog/librenms-authenticated-rce-and-xss/#xss-on-showconfig-page-2630", "source": "ab69c47f-b95e-4bf2-b2d9-4b1fd1b24b4a", "tags": []}], "published": "2026-04-13T11:16:05.407", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 2e-05, "epss_percentile": 0.00041, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6204", "description": "LibreNMS versions before 26.3.0 are affected by an authenticated remote code execution vulnerability by abusing the Binary Locations config and the Netcommand feature. Successful exploitation requires administrative privileges. Exploitation could result in compromise of the underlying web server.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-78"], "affected_products": [], "references": [{"url": "https://github.com/librenms/librenms/security/advisories/GHSA-pr3g-phhr-h8fh", "source": "ab69c47f-b95e-4bf2-b2d9-4b1fd1b24b4a", "tags": []}, {"url": "https://projectblack.io/blog/librenms-authenticated-rce-and-xss/#binary-path-rce-poc", "source": "ab69c47f-b95e-4bf2-b2d9-4b1fd1b24b4a", "tags": []}], "published": "2026-04-13T11:16:06.243", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 6e-05, "epss_percentile": 0.00303, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-31414", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_conntrack_expect: use expect->helper\n\nUse expect->helper in ctnetlink and /proc to dump the helper name.\nUsing nfct_help() without holding a reference to the master conntrack\nis unsafe.\n\nUse exp->master->helper in ctnetlink path if userspace does not provide\nan explicit helper when creating an expectation to retain the existing\nbehaviour. The ctnetlink expectation path holds the reference on the\nmaster conntrack and nf_conntrack_expect lock and the nfnetlink glue\npath refers to the master ct that is attached to the skb.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": [], "affected_products": [], "references": [{"url": "https://git.kernel.org/stable/c/3dfd3f7712b5a800f2ba632179e9b738076a51f0", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/4bd1b3d839172724b33d8d02c5a4ff6a1c775417", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/847cb7fe26c5ce5dce0d1a41fac1ea488b7f1781", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/b53294bff19e56ada2f230ceb8b1ffde61cc3817", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/e7ccaa0a62a8ff2be5d521299ce79390c318d306", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/f01794106042ee27e54af6fdf5b319a2fe3df94d", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}], "published": "2026-04-13T14:16:10.537", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00024, "epss_percentile": 0.066, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-31415", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: avoid overflows in ip6_datagram_send_ctl()\n\nYiming Qian reported :\n<quote>\n I believe I found a locally triggerable kernel bug in the IPv6 sendmsg\n ancillary-data path that can panic the kernel via `skb_under_panic()`\n (local DoS).\n\n The core issue is a mismatch between:\n\n - a 16-bit length accumulator (`struct ipv6_txoptions::opt_flen`, type\n `__u16`) and\n - a pointer to the *last* provided destination-options header (`opt->dst1opt`)\n\n when multiple `IPV6_DSTOPTS` control messages (cmsgs) are provided.\n\n - `include/net/ipv6.h`:\n   - `struct ipv6_txoptions::opt_flen` is `__u16` (wrap possible).\n (lines 291-307, especially 298)\n - `net/ipv6/datagram.c:ip6_datagram_send_ctl()`:\n   - Accepts repeated `IPV6_DSTOPTS` and accumulates into `opt_flen`\n without rejecting duplicates. (lines 909-933)\n - `net/ipv6/ip6_output.c:__ip6_append_data()`:\n   - Uses `opt->opt_flen + opt->opt_nflen` to compute header\n sizes/headroom decisions. (lines 1448-1466, especially 1463-1465)\n - `net/ipv6/ip6_output.c:__ip6_make_skb()`:\n   - Calls `ipv6_push_frag_opts()` if `opt->opt_flen` is non-zero.\n (lines 1930-1934)\n - `net/ipv6/exthdrs.c:ipv6_push_frag_opts()` / `ipv6_push_exthdr()`:\n   - Push size comes from `ipv6_optlen(opt->dst1opt)` (based on the\n pointed-to header). (lines 1179-1185 and 1206-1211)\n\n 1. `opt_flen` is a 16-bit accumulator:\n\n - `include/net/ipv6.h:298` defines `__u16 opt_flen; /* after fragment hdr */`.\n\n 2. `ip6_datagram_send_ctl()` accepts *repeated* `IPV6_DSTOPTS` cmsgs\n and increments `opt_flen` each time:\n\n - In `net/ipv6/datagram.c:909-933`, for `IPV6_DSTOPTS`:\n   - It computes `len = ((hdr->hdrlen + 1) << 3);`\n   - It checks `CAP_NET_RAW` using `ns_capable(net->user_ns,\n CAP_NET_RAW)`. (line 922)\n   - Then it does:\n     - `opt->opt_flen += len;` (line 927)\n     - `opt->dst1opt = hdr;` (line 928)\n\n There is no duplicate rejection here (unlike the legacy\n `IPV6_2292DSTOPTS` path which rejects duplicates at\n `net/ipv6/datagram.c:901-904`).\n\n If enough large `IPV6_DSTOPTS` cmsgs are provided, `opt_flen` wraps\n while `dst1opt` still points to a large (2048-byte)\n destination-options header.\n\n In the attached PoC (`poc.c`):\n\n - 32 cmsgs with `hdrlen=255` => `len = (255+1)*8 = 2048`\n - 1 cmsg with `hdrlen=0` => `len = 8`\n - Total increment: `32*2048 + 8 = 65544`, so `(__u16)opt_flen == 8`\n - The last cmsg is 2048 bytes, so `dst1opt` points to a 2048-byte header.\n\n 3. The transmit path sizes headers using the wrapped `opt_flen`:\n\n- In `net/ipv6/ip6_output.c:1463-1465`:\n  - `headersize = sizeof(struct ipv6hdr) + (opt ? opt->opt_flen +\n opt->opt_nflen : 0) + ...;`\n\n With wrapped `opt_flen`, `headersize`/headroom decisions underestimate\n what will be pushed later.\n\n 4. When building the final skb, the actual push length comes from\n `dst1opt` and is not limited by wrapped `opt_flen`:\n\n - In `net/ipv6/ip6_output.c:1930-1934`:\n   - `if (opt->opt_flen) proto = ipv6_push_frag_opts(skb, opt, proto);`\n - In `net/ipv6/exthdrs.c:1206-1211`, `ipv6_push_frag_opts()` pushes\n `dst1opt` via `ipv6_push_exthdr()`.\n - In `net/ipv6/exthdrs.c:1179-1184`, `ipv6_push_exthdr()` does:\n   - `skb_push(skb, ipv6_optlen(opt));`\n   - `memcpy(h, opt, ipv6_optlen(opt));`\n\n With insufficient headroom, `skb_push()` underflows and triggers\n `skb_under_panic()` -> `BUG()`:\n\n - `net/core/skbuff.c:2669-2675` (`skb_push()` calls `skb_under_panic()`)\n - `net/core/skbuff.c:207-214` (`skb_panic()` ends in `BUG()`)\n\n - The `IPV6_DSTOPTS` cmsg path requires `CAP_NET_RAW` in the target\n netns user namespace (`ns_capable(net->user_ns, CAP_NET_RAW)`).\n - Root (or any task with `CAP_NET_RAW`) can trigger this without user\n namespaces.\n - An unprivileged `uid=1000` user can trigger this if unprivileged\n user namespaces are enabled and it can create a userns+netns to obtain\n namespaced `CAP_NET_RAW` (the attached PoC does this).\n\n - Local denial of service: kernel BUG/panic (system crash).\n -\n---truncated---", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": [], "affected_products": [], "references": [{"url": "https://git.kernel.org/stable/c/0bdaf54d3aaddfe8df29371260fa8d4939b4fd6f", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/4e453375561fc60820e6b9d8ebeb6b3ee177d42e", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/5e4ee5dbea134e9257f205e31a96040bed71e83f", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/63fda74885555e6bd1623b5d811feec998740ba4", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/872b74900d5daa37067ac676d9001bb929fc6a2a", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/9ed81d692758dfb9471d7799b24bfa7a08224c31", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}], "published": "2026-04-13T14:16:10.707", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0003, "epss_percentile": 0.08473, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-31416", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nfnetlink_log: account for netlink header size\n\nThis is a followup to an old bug fix: NLMSG_DONE needs to account\nfor the netlink header size, not just the attribute size.\n\nThis can result in a WARN splat + drop of the netlink message,\nbut other than this there are no ill effects.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": [], "affected_products": [], "references": [{"url": "https://git.kernel.org/stable/c/607245c4dbb86d9a10dd8388da0fb82170a99b61", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/6b419700e459fbf707ca1543b7c1b57a60fedb73", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/6d52a4a0520a6696bdde51caa11f2d6821cd0c01", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/761b45c661af48da6a065868d59ab1e1f64fd9b6", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/88a8f56e6276f616baad4274c6b8e4683e26e520", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/f08ffa3e1c8e36b6131f69c5eb23700c28cbd262", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}], "published": "2026-04-13T14:16:10.907", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00024, "epss_percentile": 0.066, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-31417", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/x25: Fix overflow when accumulating packets\n\nAdd a check to ensure that `x25_sock.fraglen` does not overflow.\n\nThe `fraglen` also needs to be resetted when purging `fragment_queue` in\n`x25_clear_queues()`.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": [], "affected_products": [], "references": [{"url": "https://git.kernel.org/stable/c/1734bd85c5e0a7a801295b729efb56b009cb8fc3", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/4e2d1bcef78d21247fe8fef13bc7ed95885df2b5", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/6e568835ea54a3e1d08e310e34f95d434e739477", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/8c92969c197b91c134be27dc3afb64ab468853a9", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/a1822cb524e89b4cd2cf0b82e484a2335496a6d9", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/f953f11ccf4afe6feb635c08145f4240d9a6b544", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}], "published": "2026-04-13T14:16:11.097", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00024, "epss_percentile": 0.066, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-31418", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ipset: drop logically empty buckets in mtype_del\n\nmtype_del() counts empty slots below n->pos in k, but it only drops the\nbucket when both n->pos and k are zero. This misses buckets whose live\nentries have all been removed while n->pos still points past deleted slots.\n\nTreat a bucket as empty when all positions below n->pos are unused and\nrelease it directly instead of shrinking it further.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": [], "affected_products": [], "references": [{"url": "https://git.kernel.org/stable/c/68ca0eea0af02bed36c5e2c13e9fa1647c31a7d4", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/6cea34d7ec6829b62f521a37a287f670144a2233", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/9862ef9ab0a116c6dca98842aab7de13a252ae02", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/ad92ee87462f9a3061361d392e9dbfe2e5c1c9fb", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/b7eef00f08b92b0b9efe8ae0df6d0005e6199323", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/ceacaa76f221a6577aba945bb8873c2e640aeba4", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}], "published": "2026-04-13T14:16:11.267", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00024, "epss_percentile": 0.066, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-31419", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bonding: fix use-after-free in bond_xmit_broadcast()\n\nbond_xmit_broadcast() reuses the original skb for the last slave\n(determined by bond_is_last_slave()) and clones it for others.\nConcurrent slave enslave/release can mutate the slave list during\nRCU-protected iteration, changing which slave is \"last\" mid-loop.\nThis causes the original skb to be double-consumed (double-freed).\n\nReplace the racy bond_is_last_slave() check with a simple index\ncomparison (i + 1 == slaves_count) against the pre-snapshot slave\ncount taken via READ_ONCE() before the loop.  This preserves the\nzero-copy optimization for the last slave while making the \"last\"\ndetermination stable against concurrent list mutations.\n\nThe UAF can trigger the following crash:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in skb_clone\nRead of size 8 at addr ffff888100ef8d40 by task exploit/147\n\nCPU: 1 UID: 0 PID: 147 Comm: exploit Not tainted 7.0.0-rc3+ #4 PREEMPTLAZY\nCall Trace:\n <TASK>\n dump_stack_lvl (lib/dump_stack.c:123)\n print_report (mm/kasan/report.c:379 mm/kasan/report.c:482)\n kasan_report (mm/kasan/report.c:597)\n skb_clone (include/linux/skbuff.h:1724 include/linux/skbuff.h:1792 include/linux/skbuff.h:3396 net/core/skbuff.c:2108)\n bond_xmit_broadcast (drivers/net/bonding/bond_main.c:5334)\n bond_start_xmit (drivers/net/bonding/bond_main.c:5567 drivers/net/bonding/bond_main.c:5593)\n dev_hard_start_xmit (include/linux/netdevice.h:5325 include/linux/netdevice.h:5334 net/core/dev.c:3871 net/core/dev.c:3887)\n __dev_queue_xmit (include/linux/netdevice.h:3601 net/core/dev.c:4838)\n ip6_finish_output2 (include/net/neighbour.h:540 include/net/neighbour.h:554 net/ipv6/ip6_output.c:136)\n ip6_finish_output (net/ipv6/ip6_output.c:208 net/ipv6/ip6_output.c:219)\n ip6_output (net/ipv6/ip6_output.c:250)\n ip6_send_skb (net/ipv6/ip6_output.c:1985)\n udp_v6_send_skb (net/ipv6/udp.c:1442)\n udpv6_sendmsg (net/ipv6/udp.c:1733)\n __sys_sendto (net/socket.c:730 net/socket.c:742 net/socket.c:2206)\n __x64_sys_sendto (net/socket.c:2209)\n do_syscall_64 (arch/x86/entry/syscall_64.c:63 arch/x86/entry/syscall_64.c:94)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n </TASK>\n\nAllocated by task 147:\n\nFreed by task 147:\n\nThe buggy address belongs to the object at ffff888100ef8c80\n which belongs to the cache skbuff_head_cache of size 224\nThe buggy address is located 192 bytes inside of\n freed 224-byte region [ffff888100ef8c80, ffff888100ef8d60)\n\nMemory state around the buggy address:\n ffff888100ef8c00: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc\n ffff888100ef8c80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n>ffff888100ef8d00: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc\n                                                    ^\n ffff888100ef8d80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb\n ffff888100ef8e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n==================================================================", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": [], "affected_products": [], "references": [{"url": "https://git.kernel.org/stable/c/2884bf72fb8f03409e423397319205de48adca16", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/d4cc7e4c80b1634c7b1497574a2fdb18df6c026c", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/f5b94654a4a19891a8108d66ef166de6c028c6cd", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}], "published": "2026-04-13T14:16:11.447", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00017, "epss_percentile": 0.03894, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-31420", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbridge: mrp: reject zero test interval to avoid OOM panic\n\nbr_mrp_start_test() and br_mrp_start_in_test() accept the user-supplied\ninterval value from netlink without validation. When interval is 0,\nusecs_to_jiffies(0) yields 0, causing the delayed work\n(br_mrp_test_work_expired / br_mrp_in_test_work_expired) to reschedule\nitself with zero delay. This creates a tight loop on system_percpu_wq\nthat allocates and transmits MRP test frames at maximum rate, exhausting\nall system memory and causing a kernel panic via OOM deadlock.\n\nThe same zero-interval issue applies to br_mrp_start_in_test_parse()\nfor interconnect test frames.\n\nUse NLA_POLICY_MIN(NLA_U32, 1) in the nla_policy tables for both\nIFLA_BRIDGE_MRP_START_TEST_INTERVAL and\nIFLA_BRIDGE_MRP_START_IN_TEST_INTERVAL, so zero is rejected at the\nnetlink attribute parsing layer before the value ever reaches the\nworkqueue scheduling code. This is consistent with how other bridge\nsubsystems (br_fdb, br_mst) enforce range constraints on netlink\nattributes.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": [], "affected_products": [], "references": [{"url": "https://git.kernel.org/stable/c/c9bc352f716d1bebfe43354bce539ec2d0223b30", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/fa6e24963342de4370e3a3c9af41e38277b74cf3", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}], "published": "2026-04-13T14:16:11.617", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00021, "epss_percentile": 0.05646, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-31421", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: cls_fw: fix NULL pointer dereference on shared blocks\n\nThe old-method path in fw_classify() calls tcf_block_q() and\ndereferences q->handle.  Shared blocks leave block->q NULL, causing a\nNULL deref when an empty cls_fw filter is attached to a shared block\nand a packet with a nonzero major skb mark is classified.\n\nReject the configuration in fw_change() when the old method (no\nTCA_OPTIONS) is used on a shared block, since fw_classify()'s\nold-method path needs block->q which is NULL for shared blocks.\n\nThe fixed null-ptr-deref calling stack:\n KASAN: null-ptr-deref in range [0x0000000000000038-0x000000000000003f]\n RIP: 0010:fw_classify (net/sched/cls_fw.c:81)\n Call Trace:\n  tcf_classify (./include/net/tc_wrapper.h:197 net/sched/cls_api.c:1764 net/sched/cls_api.c:1860)\n  tc_run (net/core/dev.c:4401)\n  __dev_queue_xmit (net/core/dev.c:4535 net/core/dev.c:4790)", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": [], "affected_products": [], "references": [{"url": "https://git.kernel.org/stable/c/18328eff2f97d1a6adcdb6d4a0f42f2f83a31e28", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/3cb055df9e8625ce699a259d8178d67b37f2b160", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/3d41f9a314afa94b1c7c7c75405920123220e8cd", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/5cf41031922c154aa5ccda8bcdb0f5e6226582ec", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/96426c348def662b06bfdc65be3002905604927a", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/faeea8bbf6e958bf3c00cb08263109661975987c", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}], "published": "2026-04-13T14:16:11.740", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00024, "epss_percentile": 0.066, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-31422", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: cls_flow: fix NULL pointer dereference on shared blocks\n\nflow_change() calls tcf_block_q() and dereferences q->handle to derive\na default baseclass.  Shared blocks leave block->q NULL, causing a NULL\nderef when a flow filter without a fully qualified baseclass is created\non a shared block.\n\nCheck tcf_block_shared() before accessing block->q and return -EINVAL\nfor shared blocks.  This avoids the null-deref shown below:\n\n=======================================================================\nKASAN: null-ptr-deref in range [0x0000000000000038-0x000000000000003f]\nRIP: 0010:flow_change (net/sched/cls_flow.c:508)\nCall Trace:\n tc_new_tfilter (net/sched/cls_api.c:2432)\n rtnetlink_rcv_msg (net/core/rtnetlink.c:6980)\n [...]\n=======================================================================", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": [], "affected_products": [], "references": [{"url": "https://git.kernel.org/stable/c/1a280dd4bd1d616a01d6ffe0de284c907b555504", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/415ea0c973c754b9f375225807810eb9045f4293", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/4a09f72007201c9f667dc47f64517ec23eea65e5", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/9bf5fc36a43f7b8b5507c96e74fb81f1e8b4957e", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/a208c3e1232997e9317887294c20008dfcb75449", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/cc707a4fd4c3b6ab2722e06bc359aa010e13d408", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}], "published": "2026-04-13T14:16:11.907", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00024, "epss_percentile": 0.066, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-31423", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: sch_hfsc: fix divide-by-zero in rtsc_min()\n\nm2sm() converts a u32 slope to a u64 scaled value.  For large inputs\n(e.g. m1=4000000000), the result can reach 2^32.  rtsc_min() stores\nthe difference of two such u64 values in a u32 variable `dsm` and\nuses it as a divisor.  When the difference is exactly 2^32 the\ntruncation yields zero, causing a divide-by-zero oops in the\nconcave-curve intersection path:\n\n  Oops: divide error: 0000\n  RIP: 0010:rtsc_min (net/sched/sch_hfsc.c:601)\n  Call Trace:\n   init_ed (net/sched/sch_hfsc.c:629)\n   hfsc_enqueue (net/sched/sch_hfsc.c:1569)\n   [...]\n\nWiden `dsm` to u64 and replace do_div() with div64_u64() so the full\ndifference is preserved.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": [], "affected_products": [], "references": [{"url": "https://git.kernel.org/stable/c/17c1b9807b8a67d676b6dcf749ee932ebaa7f568", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/25b6821884713a31e2b49fb67b0ebd765b33e0a9", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/4576100b8cd03118267513cafacde164b498b322", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/b9e6431cbea8bb1fae8069ed099b4ee100499835", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/c56f78614e7781aaceca9bd3cb2128bf7d45c3bd", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/d0aefec1b1a1ba2c1d251028dc2c4e5b4ce1fea5", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}], "published": "2026-04-13T14:16:12.070", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00024, "epss_percentile": 0.066, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-31424", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: x_tables: restrict xt_check_match/xt_check_target extensions for NFPROTO_ARP\n\nWeiming Shi says:\n\nxt_match and xt_target structs registered with NFPROTO_UNSPEC can be\nloaded by any protocol family through nft_compat. When such a\nmatch/target sets .hooks to restrict which hooks it may run on, the\nbitmask uses NF_INET_* constants. This is only correct for families\nwhose hook layout matches NF_INET_*: IPv4, IPv6, INET, and bridge\nall share the same five hooks (PRE_ROUTING ... POST_ROUTING).\n\nARP only has three hooks (IN=0, OUT=1, FORWARD=2) with different\nsemantics. Because NF_ARP_OUT == 1 == NF_INET_LOCAL_IN, the .hooks\nvalidation silently passes for the wrong reasons, allowing matches to\nrun on ARP chains where the hook assumptions (e.g. state->in being\nset on input hooks) do not hold. This leads to NULL pointer\ndereferences; xt_devgroup is one concrete example:\n\n Oops: general protection fault, probably for non-canonical address 0xdffffc0000000044: 0000 [#1] SMP KASAN NOPTI\n KASAN: null-ptr-deref in range [0x0000000000000220-0x0000000000000227]\n RIP: 0010:devgroup_mt+0xff/0x350\n Call Trace:\n  <TASK>\n  nft_match_eval (net/netfilter/nft_compat.c:407)\n  nft_do_chain (net/netfilter/nf_tables_core.c:285)\n  nft_do_chain_arp (net/netfilter/nft_chain_filter.c:61)\n  nf_hook_slow (net/netfilter/core.c:623)\n  arp_xmit (net/ipv4/arp.c:666)\n  </TASK>\n Kernel panic - not syncing: Fatal exception in interrupt\n\nFix it by restricting arptables to NFPROTO_ARP extensions only.\nNote that arptables-legacy only supports:\n\n- arpt_CLASSIFY\n- arpt_mangle\n- arpt_MARK\n\nthat provide explicit NFPROTO_ARP match/target declarations.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": [], "affected_products": [], "references": [{"url": "https://git.kernel.org/stable/c/1cd6313c8644bfebbd813a05da9daa21b09dd68c", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/3d5d488f11776738deab9da336038add95d342d1", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/3e79374b03bf9a2f282f0eb1d0ac3776f7e0f28a", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/dc3e27dd7d76e21106b8f9bbdc31f5da74a89014", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/e7e1b6bcb389c8708003d40613a59ff2496f6b1f", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/f00ac65c90ea475719e08d629e2e26c8b4e6999b", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}], "published": "2026-04-13T14:16:12.240", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00024, "epss_percentile": 0.066, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-31425", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nrds: ib: reject FRMR registration before IB connection is established\n\nrds_ib_get_mr() extracts the rds_ib_connection from conn->c_transport_data\nand passes it to rds_ib_reg_frmr() for FRWR memory registration. On a\nfresh outgoing connection, ic is allocated in rds_ib_conn_alloc() with\ni_cm_id = NULL because the connection worker has not yet called\nrds_ib_conn_path_connect() to create the rdma_cm_id. When sendmsg() with\nRDS_CMSG_RDMA_MAP is called on such a connection, the sendmsg path parses\nthe control message before any connection establishment, allowing\nrds_ib_post_reg_frmr() to dereference ic->i_cm_id->qp and crash the\nkernel.\n\nThe existing guard in rds_ib_reg_frmr() only checks for !ic (added in\ncommit 9e630bcb7701), which does not catch this case since ic is allocated\nearly and is always non-NULL once the connection object exists.\n\n KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]\n RIP: 0010:rds_ib_post_reg_frmr+0x50e/0x920\n Call Trace:\n  rds_ib_post_reg_frmr (net/rds/ib_frmr.c:167)\n  rds_ib_map_frmr (net/rds/ib_frmr.c:252)\n  rds_ib_reg_frmr (net/rds/ib_frmr.c:430)\n  rds_ib_get_mr (net/rds/ib_rdma.c:615)\n  __rds_rdma_map (net/rds/rdma.c:295)\n  rds_cmsg_rdma_map (net/rds/rdma.c:860)\n  rds_sendmsg (net/rds/send.c:1363)\n  ____sys_sendmsg\n  do_syscall_64\n\nAdd a check in rds_ib_get_mr() that verifies ic, i_cm_id, and qp are all\nnon-NULL before proceeding with FRMR registration, mirroring the guard\nalready present in rds_ib_post_inv(). Return -ENODEV when the connection\nis not ready, which the existing error handling in rds_cmsg_send() converts\nto -EAGAIN for userspace retry and triggers rds_conn_connect_if_down() to\nstart the connection worker.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": [], "affected_products": [], "references": [{"url": "https://git.kernel.org/stable/c/23e07c340c445f0ebff7757ba15434cb447eb662", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/450ec93c0f172374acbf236f1f5f02d53650aa2d", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/47de5b73db3b88f45c107393f26aeba26e9e8fae", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/6b0a8de67ac0c74e1a7df92b73c862cb36780dfc", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/a54ecccfae62c5c85259ae5ea5d9c20009519049", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/a5bfd14c9a299e6db4add4440430ee5e010b03ad", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}], "published": "2026-04-13T14:16:12.420", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00024, "epss_percentile": 0.066, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-31426", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: EC: clean up handlers on probe failure in acpi_ec_setup()\n\nWhen ec_install_handlers() returns -EPROBE_DEFER on reduced-hardware\nplatforms, it has already started the EC and installed the address\nspace handler with the struct acpi_ec pointer as handler context.\nHowever, acpi_ec_setup() propagates the error without any cleanup.\n\nThe caller acpi_ec_add() then frees the struct acpi_ec for non-boot\ninstances, leaving a dangling handler context in ACPICA.\n\nAny subsequent AML evaluation that accesses an EC OpRegion field\ndispatches into acpi_ec_space_handler() with the freed pointer,\ncausing a use-after-free:\n\n BUG: KASAN: slab-use-after-free in mutex_lock (kernel/locking/mutex.c:289)\n Write of size 8 at addr ffff88800721de38 by task init/1\n Call Trace:\n  <TASK>\n  mutex_lock (kernel/locking/mutex.c:289)\n  acpi_ec_space_handler (drivers/acpi/ec.c:1362)\n  acpi_ev_address_space_dispatch (drivers/acpi/acpica/evregion.c:293)\n  acpi_ex_access_region (drivers/acpi/acpica/exfldio.c:246)\n  acpi_ex_field_datum_io (drivers/acpi/acpica/exfldio.c:509)\n  acpi_ex_extract_from_field (drivers/acpi/acpica/exfldio.c:700)\n  acpi_ex_read_data_from_field (drivers/acpi/acpica/exfield.c:327)\n  acpi_ex_resolve_node_to_value (drivers/acpi/acpica/exresolv.c:392)\n  </TASK>\n\n Allocated by task 1:\n  acpi_ec_alloc (drivers/acpi/ec.c:1424)\n  acpi_ec_add (drivers/acpi/ec.c:1692)\n\n Freed by task 1:\n  kfree (mm/slub.c:6876)\n  acpi_ec_add (drivers/acpi/ec.c:1751)\n\nThe bug triggers on reduced-hardware EC platforms (ec->gpe < 0)\nwhen the GPIO IRQ provider defers probing. Once the stale handler\nexists, any unprivileged sysfs read that causes AML to touch an\nEC OpRegion (battery, thermal, backlight) exercises the dangling\npointer.\n\nFix this by calling ec_remove_handlers() in the error path of\nacpi_ec_setup() before clearing first_ec. ec_remove_handlers()\nchecks each EC_FLAGS_* bit before acting, so it is safe to call\nregardless of how far ec_install_handlers() progressed:\n\n  -ENODEV  (handler not installed): only calls acpi_ec_stop()\n  -EPROBE_DEFER (handler installed): removes handler, stops EC", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": [], "affected_products": [], "references": [{"url": "https://git.kernel.org/stable/c/022d1727f33ff90b3e1775125264e3023901952e", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/808c0f156f48d5b8ca34088cbbfba8444e606cbc", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/9c886e63b69658959633937e3acb7ca8addf7499", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/be1a827e15991e874e0d5222d0ea5fdad01960fe", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/d04c007047c88158141d9bd5eac761cdadd3782c", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/f6484cadbcaf26b5844b51bd7307a663dda48ef6", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}], "published": "2026-04-13T14:16:12.600", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00024, "epss_percentile": 0.066, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-31427", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_conntrack_sip: fix use of uninitialized rtp_addr in process_sdp\n\nprocess_sdp() declares union nf_inet_addr rtp_addr on the stack and\npasses it to the nf_nat_sip sdp_session hook after walking the SDP\nmedia descriptions. However rtp_addr is only initialized inside the\nmedia loop when a recognized media type with a non-zero port is found.\n\nIf the SDP body contains no m= lines, only inactive media sections\n(m=audio 0 ...) or only unrecognized media types, rtp_addr is never\nassigned. Despite that, the function still calls hooks->sdp_session()\nwith &rtp_addr, causing nf_nat_sdp_session() to format the stale stack\nvalue as an IP address and rewrite the SDP session owner and connection\nlines with it.\n\nWith CONFIG_INIT_STACK_ALL_ZERO (default on most distributions) this\nresults in the session-level o= and c= addresses being rewritten to\n0.0.0.0 for inactive SDP sessions. Without stack auto-init the\nrewritten address is whatever happened to be on the stack.\n\nFix this by pre-initializing rtp_addr from the session-level connection\naddress (caddr) when available, and tracking via a have_rtp_addr flag\nwhether any valid address was established. Skip the sdp_session hook\nentirely when no valid address exists.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": [], "affected_products": [], "references": [{"url": "https://git.kernel.org/stable/c/01f34a80ac23ae90b1909b94b4ed05343a62f646", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/52fdda318ef2362fc5936385bcb8b3d0328ee629", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/6a2b724460cb67caed500c508c2ae5cf012e4db4", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/6e5e3c87b7e6212f1d8414fc2e4d158b01e12025", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/7edca70751b9bdb5b83eed53cde21eccf3c86147", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/fe463e76c9b4b0b43b5ee8961b4c500231f1a3f6", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}], "published": "2026-04-13T14:16:12.783", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00024, "epss_percentile": 0.066, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-31428", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nfnetlink_log: fix uninitialized padding leak in NFULA_PAYLOAD\n\n__build_packet_message() manually constructs the NFULA_PAYLOAD netlink\nattribute using skb_put() and skb_copy_bits(), bypassing the standard\nnla_reserve()/nla_put() helpers. While nla_total_size(data_len) bytes\nare allocated (including NLA alignment padding), only data_len bytes\nof actual packet data are copied. The trailing nla_padlen(data_len)\nbytes (1-3 when data_len is not 4-byte aligned) are never initialized,\nleaking stale heap contents to userspace via the NFLOG netlink socket.\n\nReplace the manual attribute construction with nla_reserve(), which\nhandles the tailroom check, header setup, and padding zeroing via\n__nla_reserve(). The subsequent skb_copy_bits() fills in the payload\ndata on top of the properly initialized attribute.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": [], "affected_products": [], "references": [{"url": "https://git.kernel.org/stable/c/52025ebaa29f4eb4ed8bf92ce83a68f24ab7fdf7", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/7eff72968161fb8ddb26113344de3b92fb7d7ef5", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/a2f6ff3444b663d6cfa63eadd61327a18592885a", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/a8365d1064ded323797c5e28e91070c52f44b76c", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/c9f6c51d36482805ac3ffadb9663fe775a13e926", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}, {"url": "https://git.kernel.org/stable/c/fc961dd7272b5e4a462999635e44a4770d7f2482", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": []}], "published": "2026-04-13T14:16:12.957", "last_modified": "2026-04-13T15:01:43.663", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00024, "epss_percentile": 0.066, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-66236", "description": "Before Airflow 3.2.0, it was unclear that secure Airflow deployments require the Deployment Manager to take appropriate actions and pay attention to security details and security model of Airflow. Some assumptions the Deployment Manager could make were not clear or explicit enough, even though Airflow's intentions and security model of Airflow did not suggest different assumptions. The overall security model [1], workload isolation [2], and JWT authentication details [3] are now described in more detail. Users concerned with role isolation and following the Airflow security model of Airflow are advised to upgrade to Airflow 3.2, where several security improvements have been implemented. They should also read and follow the relevant documents to make sure that their deployment is secure enough. It also clarifies that the Deployment Manager is ultimately responsible for securing your Airflow deployment. This had also been communicated via Airflow 3.2.0 Blog announcement [4].\n\n[1] Security Model:  https://airflow.apache.org/docs/apache-airflow/stable/security/jwt_token_authentication.html \n[2] Workload isolation:  https://airflow.apache.org/docs/apache-airflow/stable/security/workload.html \n[3] JWT Token authentication:  https://airflow.apache.org/docs/apache-airflow/stable/security/jwt_token_authentication.html \n[4] Airflow 3.2.0 Blog announcement:  https://airflow.apache.org/blog/airflow-3.2.0/ \n\n\n\nUsers are recommended to upgrade to version 3.2.0, which fixes this issue.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-532"], "affected_products": [], "references": [{"url": "https://github.com/apache/airflow/pull/58662", "source": "security@apache.org", "tags": []}, {"url": "https://lists.apache.org/thread/g8fyy1tkmxkkfk7tx2v6h8mvwzpyykbo", "source": "security@apache.org", "tags": []}, {"url": "http://www.openwall.com/lists/oss-security/2026/04/13/6", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2026-04-13T15:17:05.953", "last_modified": "2026-04-13T17:16:27.327", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00042, "epss_percentile": 0.12476, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1005", "name": "Data from Local System", "tactic": "Collection"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-30804", "description": "Unrestricted Upload of File with Dangerous Type vulnerability allows Remote Code Execution via file upload. This issue affects Pandora FMS: from 777 through 800", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-434"], "affected_products": [], "references": [{"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/", "source": "security@pandorafms.com", "tags": []}], "published": "2026-04-13T16:16:25.487", "last_modified": "2026-04-13T16:16:25.487", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00367, "epss_percentile": 0.58697, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1105", "name": "Ingress Tool Transfer", "tactic": "Command and Control"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-30806", "description": "Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via Network Report. This issue affects Pandora FMS: from 777 through 800", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-78"], "affected_products": [], "references": [{"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/", "source": "security@pandorafms.com", "tags": []}], "published": "2026-04-13T16:16:25.680", "last_modified": "2026-04-13T16:16:25.680", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0062, "epss_percentile": 0.70028, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.2, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-30809", "description": "Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via WebServerModuleDebug. This issue affects Pandora FMS: from 777 through 800", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-78"], "affected_products": [], "references": [{"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/", "source": "security@pandorafms.com", "tags": []}], "published": "2026-04-13T16:16:25.853", "last_modified": "2026-04-13T16:16:25.853", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00464, "epss_percentile": 0.64317, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-30811", "description": "Missing Authorization vulnerability allows Exposure of Sensitive Information via configuration endpoint. This issue affects Pandora FMS: from 777 through 800", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-276"], "affected_products": [], "references": [{"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/", "source": "security@pandorafms.com", "tags": []}], "published": "2026-04-13T16:16:25.993", "last_modified": "2026-04-13T16:16:25.993", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00038, "epss_percentile": 0.11431, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-30812", "description": "Improper Neutralization of Input During Web Page Generation vulnerability allows Stored Cross-Site Scripting via event comments. This issue affects Pandora FMS: from 777 through 800", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/", "source": "security@pandorafms.com", "tags": []}], "published": "2026-04-13T16:16:26.147", "last_modified": "2026-04-13T16:16:26.147", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00047, "epss_percentile": 0.14223, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-30813", "description": "Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via module search. This issue affects Pandora FMS: from 777 through 800", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-89"], "affected_products": [], "references": [{"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/", "source": "security@pandorafms.com", "tags": []}], "published": "2026-04-13T16:16:26.303", "last_modified": "2026-04-13T16:16:26.303", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0003, "epss_percentile": 0.08432, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34186", "description": "Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via custom fields. This issue affects Pandora FMS: from 777 through 800", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-89"], "affected_products": [], "references": [{"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/", "source": "security@pandorafms.com", "tags": []}], "published": "2026-04-13T16:16:27.343", "last_modified": "2026-04-13T16:16:27.343", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0003, "epss_percentile": 0.08432, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34188", "description": "Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via Event Response execution. This issue affects Pandora FMS: from 777 through 800", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-78"], "affected_products": [], "references": [{"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/", "source": "security@pandorafms.com", "tags": []}], "published": "2026-04-13T16:16:27.487", "last_modified": "2026-04-13T16:16:27.487", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00359, "epss_percentile": 0.58127, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.1, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-23891", "description": "Decidim is a participatory democracy framework. In versions below 0.30.5 and 0.31.0.rc1 through 0.31.0, a stored code execution vulnerability in the user name field allows a low-privileged attacker to execute arbitrary code in the context of any user who passively visits a comment page, resulting in high confidentiality and integrity impact across security boundaries. This issue has been fixed in versions 0.30.5 and 0.31.1.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://github.com/decidim/decidim/releases/tag/v0.30.5", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/decidim/decidim/releases/tag/v0.31.1", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/decidim/decidim/security/advisories/GHSA-fc46-r95f-hq7g", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-13T17:16:28.063", "last_modified": "2026-04-13T17:16:28.063", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00061, "epss_percentile": 0.18876, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39940", "description": "ChurchCRM is an open-source church management system. Prior to 7.0.0, it was possible in many places across the ChurchCRM application to create a link that, when visited by an authenticated user, would redirect them to any URL chosen by an attacker if they clicked 'Cancel' button on the page. For this write-up the DonatedItemEditor.php will be used as an example, however wherever all instances of 'linkBack' should be assessed. This vulnerability is fixed in 7.0.0.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-601"], "affected_products": [], "references": [{"url": "https://github.com/ChurchCRM/CRM/security/advisories/GHSA-5g52-rvjf-6wwf", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/ChurchCRM/CRM/security/advisories/GHSA-v3hj-33xf-qx47", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-13T17:16:30.450", "last_modified": "2026-04-13T17:16:30.450", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00038, "epss_percentile": 0.11431, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-6100", "description": "Use-after-free (UAF) was possible in the `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when a memory allocation fails with a `MemoryError` and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling pointer in this specific error condition.\n\nThe vulnerability is only present if the program re-uses decompressor instances across multiple decompression calls even after a `MemoryError` is raised during decompression. Using the helper functions to one-shot decompress data such as `lzma.decompress()`, `bz2.decompress()`, `gzip.decompress()`, and `zlib.decompress()` are not affected as a new decompressor instance is used per call. If the decompressor instance is not re-used after an error condition, this usage is similarly not vulnerable.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-416", "CWE-787"], "affected_products": [], "references": [{"url": "https://github.com/python/cpython/commit/47128e64f98c3a20271138a98c2922bea2a3ee0e", "source": "cna@python.org", "tags": []}, {"url": "https://github.com/python/cpython/commit/6a5f79c8d7bbf22b083b240910c7a8781a59437d", "source": "cna@python.org", "tags": []}, {"url": "https://github.com/python/cpython/commit/8fc66aef6d7b3ae58f43f5c66f9366cc8cbbfcd2", "source": "cna@python.org", "tags": []}, {"url": "https://github.com/python/cpython/commit/c3cf71c3366fe49acb776a639405c0eea6169c20", "source": "cna@python.org", "tags": []}, {"url": "https://github.com/python/cpython/commit/e20c6c9667c99ecaab96e1a2b3767082841ffc8b", "source": "cna@python.org", "tags": []}, {"url": "https://github.com/python/cpython/issues/148395", "source": "cna@python.org", "tags": []}, {"url": "https://github.com/python/cpython/pull/148396", "source": "cna@python.org", "tags": []}, {"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/HTWB2Z6KT5QQX4RYEZAFININDHNOSIF3/", "source": "cna@python.org", "tags": []}, {"url": "http://www.openwall.com/lists/oss-security/2026/04/13/10", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2026-04-13T18:16:31.297", "last_modified": "2026-04-14T15:16:41.247", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0005, "epss_percentile": 0.15501, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-29955", "description": "The `/registercrd` endpoint in KubePlus 4.14 in the kubeconfiggenerator component is vulnerable to command injection. The component uses `subprocess.Popen()` with `shell=True` parameter to execute shell commands, and the user-supplied `chartName` parameter is directly concatenated into the command string without any sanitization or validation. An attacker can inject arbitrary shell commands by crafting a malicious `chartName` parameter value.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": [], "affected_products": [], "references": [{"url": "https://gist.github.com/b0b0haha/f011fdd69adc3ae272a4e3b99af90163", "source": "cve@mitre.org", "tags": []}, {"url": "https://github.com/b0b0haha/CVE-2026-29955/blob/main/README.md", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-13T19:16:39.137", "last_modified": "2026-04-13T19:16:39.137", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00039, "epss_percentile": 0.11645, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-31048", "description": "An issue in the <code>pickle</code> protocol of Pyro v3.x allows attackers to execute arbitrary code via supplying a crafted pickled string message.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": [], "affected_products": [], "references": [{"url": "https://github.com/Sif-0x01/security-advisories/security/advisories/GHSA-7625-w9h5-83rv", "source": "cve@mitre.org", "tags": []}, {"url": "https://github.com/irmen/Pyro3/blob/master/Pyro/protocol.py#L672-L711", "source": "cve@mitre.org", "tags": []}, {"url": "https://github.com/irmen/Pyro3/blob/master/docs/9-security.html#L341-L346", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-13T20:16:33.410", "last_modified": "2026-04-13T20:16:33.410", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00017, "epss_percentile": 0.04032, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32270", "description": "Craft Commerce is an ecommerce platform for Craft CMS. In versions 4.0.0 through 4.10.2 and 5.0.0 through 5.5.4, the PaymentsController::actionPay discloses some order data to unauthenticated users when an order number is provided and the email check fails during an anonymous payment. The JSON error response includes the serialized order object (order), which contains some sensitive fields such as customer email, shipping address, and billing address. The frontend payment flow's actionPay() retrieves orders by number before authorization is fully enforcedLoad order by number. This issue has been fixed in versions 4.11.0 and 5.6.0.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-200", "CWE-862"], "affected_products": [], "references": [{"url": "https://github.com/craftcms/commerce/commit/48a5d946419964e2af1ac64a8e1acc2a32ca0a08", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/craftcms/commerce/releases/tag/4.11.0", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/craftcms/commerce/releases/tag/5.6.0", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/craftcms/commerce/security/advisories/GHSA-3vxg-x5f8-f5qf", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-13T20:16:33.527", "last_modified": "2026-04-13T20:16:33.527", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00047, "epss_percentile": 0.14409, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1005", "name": "Data from Local System", "tactic": "Collection"}, {"id": "T1548", "name": "Abuse Elevation Control Mechanism", "tactic": "Privilege Escalation"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-51414", "description": "In Phpgurukul Online Course Registration v3.1, an arbitrary file upload vulnerability was discovered within the profile picture upload functionality on the /my-profile.php page.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": [], "affected_products": [], "references": [{"url": "https://github.com/12T40910/CVE/issues/12", "source": "cve@mitre.org", "tags": []}, {"url": "https://medium.com/@tanushkushtk01/cve-2025-51414-unrestricted-file-upload-in-online-course-registration-v3-1-bd8b839be1d7", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-13T21:16:23.610", "last_modified": "2026-04-13T21:16:23.610", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00018, "epss_percentile": 0.04749, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-26460", "description": "A HTML Injection vulnerability exists in the Dashboard module of Vtiger CRM 8.4.0. The application fails to properly neutralize user-supplied input in the tabid parameter of the DashBoardTab view (getTabContents action), allowing an attacker to inject arbitrary HTML content into the dashboard interface. The injected content is rendered in the victim's browser", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": [], "affected_products": [], "references": [{"url": "https://www.simonjuguna.com/cve-2026-26460-html-injection-vulnerability-in-vtiger-open-source-edition-v8-4-0/", "source": "cve@mitre.org", "tags": []}, {"url": "https://www.vtiger.com/open-source-crm/", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-13T21:16:24.020", "last_modified": "2026-04-13T21:16:24.020", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00018, "epss_percentile": 0.04749, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-31280", "description": "An issue in the Bluetooth RFCOMM service of Parani M10 Motorcycle Intercom v2.1.3 allows unauthorized attackers to cause a Denial of Service (DoS) via supplying crafted RFCOMM frames.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": [], "affected_products": [], "references": [{"url": "https://amoebatech.gitbook.io/amoebatech-docs/cve-2026-31280-insecure-bluetooth-rfcomm-leading-to-device-crash-in-parani-m10-intercom", "source": "cve@mitre.org", "tags": []}, {"url": "https://nvd.nist.gov/vuln/detail/cve-2023-4586", "source": "cve@mitre.org", "tags": []}, {"url": "https://nvd.nist.gov/vuln/detail/cve-2025-20701", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-13T21:16:24.143", "last_modified": "2026-04-13T21:16:24.143", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00017, "epss_percentile": 0.03861, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32271", "description": "Craft Commerce is an ecommerce platform for Craft CMS. In versions 4.0.0 through 4.10.2 and 5.0.0 through 5.5.4, there is an SQL injection vulnerability in the Commerce TotalRevenue widget which allows any authenticated control panel user to achieve remote code execution through a four-step exploitation chain. The attack exploits unsanitized widget settings interpolated into SQL expressions, combined with PDO's default multi-statement query support, to inject a maliciously serialized PHP object into the queue table. When the queue consumer processes the injected job, the unrestricted unserialize() call in yii2-queue instantiates a GuzzleHttp FileCookieJar gadget chain whose __destruct() method writes a PHP webshell to the server's webroot. The complete chain requires only three HTTP requests, no administrative privileges, and results in arbitrary command execution as the PHP process user, with queue processing triggered via an unauthenticated endpoint. This issue has been fixed in versions 4.10.3 and 5.5.5.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-89"], "affected_products": [], "references": [{"url": "https://github.com/craftcms/commerce/commit/6d2d24b3a2b0c06593856d05446f82bd8af92d72", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/craftcms/commerce/security/advisories/GHSA-875v-7m49-8x88", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-13T21:16:24.260", "last_modified": "2026-04-13T21:16:24.260", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00198, "epss_percentile": 0.4186, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-32272", "description": "Craft Commerce is an ecommerce platform for Craft CMS. In versions 5.0.0 through 5.5.4, an SQL injection vulnerability exists where the ProductQuery::hasVariant and VariantQuery::hasProduct properties bypass the input sanitization blocklist added to ElementIndexesController in a prior security fix (GHSA-2453-mppf-46cj). The blocklist only strips top-level Yii2 Query properties such as where and orderBy, but hasVariant and hasProduct pass through untouched and internally call Craft::configure() on a subquery without sanitization, re-introducing SQL injection. Any authenticated control panel user can exploit this via boolean-based blind SQL injection to extract arbitrary database contents, including security keys that enable forging admin sessions for privilege escalation. This issue has been fixed in version 5.6.0.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-89"], "affected_products": [], "references": [{"url": "https://github.com/advisories/GHSA-2453-mppf-46cj", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/craftcms/commerce/pull/4232", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/craftcms/commerce/releases/tag/5.6.0", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/craftcms/commerce/security/advisories/GHSA-r54v-qq87-px5r", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-13T21:16:24.410", "last_modified": "2026-04-13T21:16:24.410", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0003, "epss_percentile": 0.08479, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-22565", "description": "An Improper Input Validation vulnerability could allow a malicious actor with access to the UniFi Play network to cause the device to stop responding.
 \n\nAffected Products:\nUniFi Play PowerAmp (Version 1.0.35 and earlier)
\nUniFi Play Audio Port  (Version 1.0.24 and earlier)
 \n\nMitigation:\nUpdate UniFi Play PowerAmp to Version 1.0.38 or later
\nUpdate UniFi Play Audio Port  to Version 1.1.9 or later", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-20"], "affected_products": [], "references": [{"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-063/e468dd4b-5090-4ef8-89d8-939903c08e83", "source": "support@hackerone.com", "tags": []}], "published": "2026-04-13T22:16:28.313", "last_modified": "2026-04-13T22:16:28.313", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00011, "epss_percentile": 0.0142, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4786", "description": "Mitgation of CVE-2026-4519 was incomplete. If the URL contained \"%action\" the mitigation could be bypassed for certain browser types the \"webbrowser.open()\" API could have commands injected into the underlying shell. See CVE-2026-4519 for details.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-77"], "affected_products": [], "references": [{"url": "https://github.com/python/cpython/commit/c5767a72838a8dda9d6dc5d3558075b055c56bca", "source": "cna@python.org", "tags": []}, {"url": "https://github.com/python/cpython/commit/d22922c8a7958353689dc4763dd72da2dea03fff", "source": "cna@python.org", "tags": []}, {"url": "https://github.com/python/cpython/commit/f4654824ae0850ac87227fb270f9057477946769", "source": "cna@python.org", "tags": []}, {"url": "https://github.com/python/cpython/issues/148169", "source": "cna@python.org", "tags": []}, {"url": "https://github.com/python/cpython/pull/148170", "source": "cna@python.org", "tags": []}, {"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/JQDUNJVB4AQNTJECSUKOBDU3XCJIPSE5/", "source": "cna@python.org", "tags": []}], "published": "2026-04-13T22:16:30.413", "last_modified": "2026-04-14T15:16:39.417", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0002, "epss_percentile": 0.05328, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1059", "name": "Command and Scripting Interpreter", "tactic": "Execution"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39979", "description": "jq is a command-line JSON processor. In commits before 2f09060afab23fe9390cce7cb860b10416e1bf5f, the jv_parse_sized() API in libjq accepts a counted buffer with an explicit length parameter, but its error-handling path formats the input buffer using %s in jv_string_fmt(), which reads until a NUL terminator is found rather than respecting the caller-supplied length. This means that when malformed JSON is passed in a non-NUL-terminated buffer, the error construction logic performs an out-of-bounds read past the end of the buffer. The vulnerability is reachable by any libjq consumer calling jv_parse_sized() with untrusted input, and depending on memory layout, can result in memory disclosure or process termination. The issue has been patched in commit 2f09060afab23fe9390cce7cb860b10416e1bf5f.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-125"], "affected_products": [], "references": [{"url": "https://github.com/jqlang/jq/commit/2f09060afab23fe9390cce7cb860b10416e1bf5f", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/jqlang/jq/security/advisories/GHSA-2hhh-px8h-355p", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/jqlang/jq/security/advisories/GHSA-2hhh-px8h-355p", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": []}], "published": "2026-04-13T23:16:27.823", "last_modified": "2026-04-14T15:16:37.047", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00042, "epss_percentile": 0.12712, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5086", "description": "Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks.\n\nFor example, if Crypt::SecretBuffer was used to store and compare plaintext passwords, then discrepencies in timing could be used to guess the secret password.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-208"], "affected_products": [], "references": [{"url": "https://metacpan.org/release/NERDVANA/Crypt-SecretBuffer-0.019/source/Changes", "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "tags": []}, {"url": "http://www.openwall.com/lists/oss-security/2026/04/13/12", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2026-04-13T23:16:27.990", "last_modified": "2026-04-14T02:16:05.917", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00018, "epss_percentile": 0.04749, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-33948", "description": "jq is a command-line JSON processor. Commits before 6374ae0bcdfe33a18eb0ae6db28493b1f34a0a5b contain a vulnerability where CLI input parsing allows validation bypass via embedded NUL bytes. When reading JSON from files or stdin, jq uses strlen() to determine buffer length instead of the actual byte count from fgets(), causing it to truncate input at the first NUL byte and parse only the preceding prefix. This enables an attacker to craft input with a benign JSON prefix before a NUL byte followed by malicious trailing data, where jq validates only the prefix as valid JSON while silently discarding the suffix. Workflows relying on jq to validate untrusted JSON before forwarding it to downstream consumers are susceptible to parser differential attacks, as those consumers may process the full input including the malicious trailing bytes. This issue has been patched by commit 6374ae0bcdfe33a18eb0ae6db28493b1f34a0a5b.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-20", "CWE-170"], "affected_products": [], "references": [{"url": "https://github.com/jqlang/jq/commit/6374ae0bcdfe33a18eb0ae6db28493b1f34a0a5b", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/jqlang/jq/security/advisories/GHSA-32cx-cvvh-2wj9", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-14T00:16:06.867", "last_modified": "2026-04-14T00:16:06.867", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00097, "epss_percentile": 0.26819, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39422", "description": "MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting (XSS) vulnerability through the application name or icon fields when creating an application. When a victim visits the public chat interface (/ui/chat/{access_token}), the ChatHeadersMiddleware retrieves the application data and directly inserts the unescaped application name and icon into the HTML response via string replacement. This allows an attacker to execute arbitrary JavaScript in the victim's browser context. This issue has been fixed in version 2.8.0.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://github.com/1Panel-dev/MaxKB/commit/026a2d623e2aa5efa67c4834651e79d5d7cab1da", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/1Panel-dev/MaxKB/releases/tag/v2.8.0", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-wf7p-3jq5-q52w", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-wf7p-3jq5-q52w", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": []}], "published": "2026-04-14T01:16:04.850", "last_modified": "2026-04-14T14:16:14.407", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00044, "epss_percentile": 0.13361, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39423", "description": "MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain an Eval Injection vulnerability in the Markdown rendering engine that allows any user capable of interacting with the AI chat interface to execute arbitrary JavaScript in the browsers of other users, including administrators, resulting in Stored Cross-Site Scripting (XSS). This issue has been fixed in version 2.8.0.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-79", "CWE-95"], "affected_products": [], "references": [{"url": "https://github.com/1Panel-dev/MaxKB/commit/34fb95bde9574c5b3a734ab00c7f29b9e7d32669", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/1Panel-dev/MaxKB/releases/tag/v2.8.0", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-462x-99gf-mp79", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-14T01:16:05.000", "last_modified": "2026-04-14T01:16:05.000", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00044, "epss_percentile": 0.13361, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39424", "description": "MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, the chat export feature is vulnerable to Improper Neutralization of Formula Elements in a CSV File. When an administrator exports the application chat history to an Excel file (.xlsx) via the /admin/api/workspace/{workspace_id}/application/{application_id}/chat/export endpoint, strings starting with formula characters are written directly without proper sanitization. Opening this file in spreadsheet applications like Microsoft Excel can lead to Arbitrary Code Execution (RCE) on the administrator's workstation via Dynamic Data Exchange (DDE). The issue is a variant of CVE-2025-4546, which fixed the exact same pattern in apps/dataset/serializers/document_serializers.py but missed the application chat export sink. This issue has been fixed in version 2.8.0.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-1236"], "affected_products": [], "references": [{"url": "https://github.com/1Panel-dev/MaxKB/commit/24cd68acae5f726eed828e2ac801827a2a70536f", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/1Panel-dev/MaxKB/releases/tag/v2.8.0", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-rr4r-7cj2-29vp", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-14T01:16:05.153", "last_modified": "2026-04-14T01:16:05.153", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00061, "epss_percentile": 0.18876, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39425", "description": "MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting (XSS) vulnerability that allows authenticated users to inject arbitrary HTML and JavaScript into the Application prologue (Opening Remarks) field by wrapping malicious payloads in <html_rander> tags. The backend fails to sanitize or encode HTML entities in the prologue field when applications are created or updated via the /admin/api/workspace/{workspace_id}/application endpoint, storing the raw payload directly in the database. The frontend then renders this content using an innerHTML-equivalent mechanism, trusting <html_rander>-wrapped content to be safe, which enables persistent DOM-based Stored XSS execution against any visitor who opens the affected chatbot interface. Exploitation can lead to session hijacking, unauthorized actions performed on behalf of victims (such as deleting workspaces or applications), and sensitive data exposure. This issue has been fixed in version 2.8.0.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-80"], "affected_products": [], "references": [{"url": "https://github.com/1Panel-dev/MaxKB/releases/tag/v2.8.0", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-3rq5-pgm7-pvp4", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-14T02:16:05.307", "last_modified": "2026-04-14T02:16:05.307", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00069, "epss_percentile": 0.21245, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-39426", "description": "MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting (XSS) vulnerability where the frontend's MdRenderer.vue component parses custom <iframe_render> tags from LLM responses or Application Prologue configurations, bypassing standard Markdown sanitization and XSS filtering. The unsanitized HTML content is passed to the IframeRender.vue component, which renders it directly into an <iframe> via the srcdoc attribute configured with sandbox=\"allow-scripts allow-same-origin\". This can be a dangerous combination, allowing injected scripts to escape the iframe and execute JavaScript in the parent window using window.parent. Since the Prologue is rendered for any user visiting an application's chat interface, this results in a high-impact Stored XSS that can lead to session hijacking, unauthorized actions, and sensitive data exposure. This issue has been fixed in version 2.8.0.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://github.com/1Panel-dev/MaxKB/releases/tag/v2.8.0", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-q2qg-43vq-f2wv", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-14T02:16:05.460", "last_modified": "2026-04-14T02:16:05.460", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00047, "epss_percentile": 0.14223, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-34984", "description": "External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Versions 2.2.0 and below contain a vulnerability in runtime/template/v2/template.go where the v2 template engine removes env and expandenv from Sprig's TxtFuncMap() but leaves the getHostByName function accessible to user-controlled templates. Since ESO executes templates within the controller process, an attacker who can create or update templated ExternalSecret resources can invoke controller-side DNS lookups using secret-derived values. This creates a DNS exfiltration primitive, allowing fetched secret material to be leaked via DNS queries without requiring direct outbound network access from the attacker's workload. The impact is a confidentiality issue, particularly in environments where untrusted or lower-trust users can author templated ExternalSecret resources and the controller has DNS resolution capability. This issue has been fixed in version 2.3.0.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-200"], "affected_products": [], "references": [{"url": "https://github.com/external-secrets/external-secrets/commit/6800989bdc12782ca2605d3b8bf7f2876a16551a", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/external-secrets/external-secrets/releases/tag/v2.3.0", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/external-secrets/external-secrets/security/advisories/GHSA-r2pg-r6h7-crf3", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-14T03:16:08.530", "last_modified": "2026-04-14T03:16:08.530", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.0004, "epss_percentile": 0.11863, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1005", "name": "Data from Local System", "tactic": "Collection"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-40315", "description": "PraisonAI is a multi-agent teams system. Prior to 4.5.133, there is an SQL identifier injection vulnerability in SQLiteConversationStore where the table_prefix configuration value is directly concatenated into SQL queries via f-strings without any validation or sanitization. Since SQL identifiers cannot be safely parameterized, an attacker who controls the table_prefix value (e.g., through from_yaml or from_dict configuration input) can inject arbitrary SQL fragments that alter query structure. This enables unauthorized data access, such as reading internal SQLite tables like sqlite_master, and manipulation of query results through techniques like UNION-based injection. The vulnerability propagates from configuration input in config.py, through factory.py, to the SQL query construction in sqlite.py. Exploitation requires the ability to influence configuration input, and successful exploitation leads to internal schema disclosure and full query result tampering. This issue has been fixed in version 4.5.133.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-89"], "affected_products": [], "references": [{"url": "https://github.com/MervinPraison/PraisonAI/commit/0accebb2e3c3ec2fca66bbea0444fb7a35f0b4ef", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-x783-xp3g-mqhp", "source": "security-advisories@github.com", "tags": []}, {"url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-x783-xp3g-mqhp", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": []}], "published": "2026-04-14T04:17:16.057", "last_modified": "2026-04-14T14:16:15.020", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00022, "epss_percentile": 0.05886, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-31908", "description": "Header injection vulnerability in Apache APISIX.\n\nThe attacker can take advantage of certain configuration in forward-auth plugin to inject malicious headers.\nThis issue affects Apache APISIX: from 2.12.0 through 3.15.0.\n\nUsers are recommended to upgrade to version 3.16.0, which fixes the issue.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-75"], "affected_products": [], "references": [{"url": "https://lists.apache.org/thread/sob643s5lztov7x579j8o0c444t36n6b", "source": "security@apache.org", "tags": []}, {"url": "http://www.openwall.com/lists/oss-security/2026/04/14/3", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": []}], "published": "2026-04-14T09:16:35.650", "last_modified": "2026-04-14T09:16:35.650", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00029, "epss_percentile": 0.08028, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-13822", "description": "MCPHub in versions below 0.11.0 is vulnerable to authentication bypass. Some endpoints are not protected by authentication middleware, allowing an unauthenticated attacker to perform actions in the name of other users and using their privileges.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-639"], "affected_products": [], "references": [{"url": "https://cert.pl/en/posts/2026/04/CVE-2025-13822", "source": "cvd@cert.pl", "tags": []}, {"url": "https://github.com/samanhappy/mcphub", "source": "cvd@cert.pl", "tags": []}], "published": "2026-04-14T11:16:24.300", "last_modified": "2026-04-14T11:16:24.300", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0.00043, "epss_percentile": 0.13147, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2449", "description": "Improper neutralization of argument delimiters in a command ('argument injection') vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Hijacking a Privileged Thread of Execution.This issue affects upKeeper Instant Privilege Access: through 1.5.0.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-88"], "affected_products": [], "references": [{"url": "https://support.upkeeper.se/hc/en-us/articles/26783425404444-CVE-2026-2449-Improper-neutralization-of-argument-delimiters-in-a-command", "source": "80f39f49-2521-4ee7-9e17-af5d55e8032f", "tags": []}], "published": "2026-04-14T12:16:21.590", "last_modified": "2026-04-14T12:16:21.590", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2024-9168", "description": "Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": [], "affected_products": [], "references": [], "published": "2026-04-14T13:16:21.220", "last_modified": "2026-04-14T13:16:21.220", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2450", "description": ".NET misconfiguration: use of impersonation vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Hijacking a Privileged Thread of Execution.This issue affects upKeeper Instant Privilege Access: through 1.5.0.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-520"], "affected_products": [], "references": [{"url": "https://support.upkeeper.se/hc/en-us/articles/26783542353692-CVE-2026-2450-NET-misconfiguration-use-of-impersonation", "source": "80f39f49-2521-4ee7-9e17-af5d55e8032f", "tags": []}], "published": "2026-04-14T13:16:22.333", "last_modified": "2026-04-14T13:16:22.333", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5307", "description": "Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": [], "affected_products": [], "references": [], "published": "2026-04-14T13:16:22.593", "last_modified": "2026-04-14T13:16:22.593", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-7389", "description": "A vulnerability in the AdminServer component of OpenEdge on all supported platforms grants its authenticated users OS-level access to the server\nthrough the adopted authority of the AdminServer process itself.  The delegated authority of the AdminServer could allow its users the ability to read arbitrary files on the host system through the misuse of the setFile() and openFile()\n methods exposed through the RMI interface.  Misuse was limited only by OS-level authority of the AdminServer's elevated \nprivileges granted and the user's access to these methods enabled through RMI.  The exploitable methods have been removed thus eliminating their access through RMI or downstream of the RMI registry.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-552"], "affected_products": [], "references": [{"url": "https://community.progress.com/s/article/Important-Arbitrary-File-Ready-Security-Update-for-OpenEdge-AdminServer", "source": "security@progress.com", "tags": []}], "published": "2026-04-14T14:16:10.263", "last_modified": "2026-04-14T14:16:10.263", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-8095", "description": "The OECH1 prefix encoding is intended to obfuscate values across the OpenEdge platform.  It has been identified as cryptographically weak and unsuitable for stored encodings and enterprise applications.  OECH1 encodings should be considered exploitable and immediately replaced by any other supported prefix encoding, all of which are based on symmetric encryption.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-257"], "affected_products": [], "references": [{"url": "https://community.progress.com/s/article/Unintended-Use-of-OECH1-for-Password-Secrets-Protection", "source": "security@progress.com", "tags": []}], "published": "2026-04-14T14:16:11.237", "last_modified": "2026-04-14T14:16:11.237", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-31049", "description": "An issue in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to execute arbitrary code and escalate privileges via the CSV registration field", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": [], "affected_products": [], "references": [{"url": "https://blog.hostbillapp.com/2025/12/03/hostbill-security-advisory/", "source": "cve@mitre.org", "tags": []}, {"url": "https://github.com/Muhammad5235/HostBill-CVEs-2025/blob/main/Missing%20Server-Side%20Validation/Registration%20fields%20%26%20Import%20Csv", "source": "cve@mitre.org", "tags": []}, {"url": "https://hostbillapp.com/changelog", "source": "cve@mitre.org", "tags": []}, {"url": "https://hostbillapp.com/release-notes/11-27-2025.html", "source": "cve@mitre.org", "tags": []}, {"url": "https://hostbillapp.com/release-notes/12-01-2025.html", "source": "cve@mitre.org", "tags": []}, {"url": "https://hostbillapp.com/responsible-disclosure", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-14T14:16:13.130", "last_modified": "2026-04-14T14:16:13.130", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-61260", "description": "A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enables code execution through malicious MCP (Model Context Protocol) configuration files. The attack is triggered when a user runs the codex command inside a malicious or compromised repository. Codex automatically loads project-local .env and .codex/config.toml files without requiring user confirmation, allowing attackers to embed arbitrary commands that execute immediately.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": [], "affected_products": [], "references": [{"url": "http://openai.com", "source": "cve@mitre.org", "tags": []}, {"url": "https://research.checkpoint.com/2025/openai-codex-cli-command-injection-vulnerability/", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-14T15:16:24.487", "last_modified": "2026-04-14T15:16:24.487", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-69893", "description": "A side-channel vulnerability exists in the implementation of BIP-39 mnemonic processing, as observed in Trezor One v1.13.0 to v1.14.0, Trezor T v1.13.0 to v1.14.0, and Trezor Safe v1.13.0 to v1.14.0 hardware wallets. This originates from the BIP-39 standard guidelines, which induce non-constant time execution and specific branch patterns for word searching. An attacker with physical access during the initial setup phase can collect a single side-channel trace. By utilizing profiling-based Deep Learning Side-Channel Analysis (DL-SCA), the attacker can recover the mnemonic code and subsequently steal the assets. The issue was patched.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": [], "affected_products": [], "references": [{"url": "http://trezor.com", "source": "cve@mitre.org", "tags": []}, {"url": "https://trezor.io/vulnerability/fix-side-channel-in-bip-39-mnemonic-processing-when-unlocked", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-14T15:16:25.357", "last_modified": "2026-04-14T15:16:25.357", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-30480", "description": "A Local File Inclusion (LFI) vulnerability in the NFSen module (nfsen.inc.php) of LibreNMS 22.11.0-23-gd091788f2 allows authenticated attackers to include arbitrary PHP files from the server filesystem via path traversal sequences in the nfsen parameter.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": [], "affected_products": [], "references": [{"url": "https://github.com/parlakbarann/CVE-2026-30480", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-14T15:16:27.337", "last_modified": "2026-04-14T15:16:27.337", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-65133", "description": "A SQL injection vulnerability exists in the School Management System (version 1.0) by manikandan580. An unauthenticated or authenticated remote attacker can supply a crafted HTTP request to the affected endpoint to manipulate SQL query logic and extract sensitive database information.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": [], "affected_products": [], "references": [{"url": "https://github.com/TREXNEGRO/Security-Advisories/blob/main/CVE-2025-65133/README.md", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-14T16:16:34.180", "last_modified": "2026-04-14T16:16:34.180", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-65134", "description": "In manikandan580 School-management-system 1.0, a reflected cross-site scripting (XSS) vulnerability exists in /studentms/admin/contact-us.php via the email POST parameter.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": [], "affected_products": [], "references": [{"url": "https://github.com/TREXNEGRO/Security-Advisories/blob/main/CVE-2025-65134/README.md", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-14T16:16:34.383", "last_modified": "2026-04-14T16:16:34.383", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2399", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause critical files overwritten with text data when a Web Admin user alters the POST /REST/upssleep request payload.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-22"], "affected_products": [], "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf", "source": "cybersecurity@se.com", "tags": []}], "published": "2026-04-14T16:16:38.290", "last_modified": "2026-04-14T16:16:38.290", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1083", "name": "File and Directory Discovery", "tactic": "Discovery"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2400", "description": "CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability exists that could cause application user credentials to reset  when  a Web Admin user alters the POST /setPCBEDesc request payload.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-93"], "affected_products": [], "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf", "source": "cybersecurity@se.com", "tags": []}], "published": "2026-04-14T16:16:38.477", "last_modified": "2026-04-14T16:16:38.477", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2401", "description": "CWE-532 Insertion of Sensitive Information into Log File vulnerability exists that could cause  confidential information to be exposed when a Web Admin user executes a malicious file provided by an attacker.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-532"], "affected_products": [], "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf", "source": "cybersecurity@se.com", "tags": []}], "published": "2026-04-14T16:16:38.623", "last_modified": "2026-04-14T16:16:38.623", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1005", "name": "Data from Local System", "tactic": "Collection"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2402", "description": "CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that would allow an attacker to gain access to the user account by performing an arbitrary number of authentication attempts with different credentials on a sequence of requests to multiple endpoints.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-307"], "affected_products": [], "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf", "source": "cybersecurity@se.com", "tags": []}], "published": "2026-04-14T16:16:38.767", "last_modified": "2026-04-14T16:16:38.767", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2403", "description": "CWE-1284 Improper Validation of Specified Quantity in Input vulnerability exists that could cause Event and Data Log truncation impacting log integrity when a Web Admin user alters the POST /logsettings request payload.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-1284"], "affected_products": [], "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf", "source": "cybersecurity@se.com", "tags": []}], "published": "2026-04-14T16:16:38.913", "last_modified": "2026-04-14T16:16:38.913", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2404", "description": "CWE-116 Improper Encoding or Escaping of Output vulnerability exists that could cause log injection and forged log when an attacker alters the POST /j_security check request payload.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-116"], "affected_products": [], "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf", "source": "cybersecurity@se.com", "tags": []}], "published": "2026-04-14T16:16:39.057", "last_modified": "2026-04-14T16:16:39.057", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-2405", "description": "CWE-400 Uncontrolled Resource Consumption vulnerability exists that could cause excessive troubleshooting zip file creation and denial of service when a Web Admin user floods the system with POST /helpabout requests.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-400"], "affected_products": [], "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf", "source": "cybersecurity@se.com", "tags": []}], "published": "2026-04-14T16:16:39.197", "last_modified": "2026-04-14T16:16:39.197", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-38533", "description": "An improper authorization vulnerability in the /api/v1/users/{id} endpoint of Snipe-IT v8.4.0 allows authenticated attackers with the users.edit permission to modify sensitive authentication and account-state fields of other non-admin users via supplying a crafted PUT request.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": [], "affected_products": [], "references": [{"url": "https://github.com/TREXNEGRO/Security-Advisories/tree/main/CVE-2026-38533", "source": "cve@mitre.org", "tags": []}, {"url": "https://snipeitapp.com/", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-14T16:16:43.963", "last_modified": "2026-04-14T16:16:43.963", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-4832", "description": "CWE-798 Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to sensitive device information when an unauthenticated attacker is able to interrogate the SNMP port.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-798"], "affected_products": [], "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-03.pdf", "source": "cybersecurity@se.com", "tags": []}], "published": "2026-04-14T16:16:48.167", "last_modified": "2026-04-14T16:16:48.167", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1078.001", "name": "Default Accounts", "tactic": "Initial Access"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5713", "description": "The \"profiling.sampling\" module (Python 3.15+) and \"asyncio introspection capabilities\" (3.14+, \"python -m asyncio ps\" and \"python -m asyncio pstree\") features could be used to read and write addresses in a privileged process if that process connected to a malicious or \"infected\" Python process via the remote debugging feature. This vulnerability requires persistently and repeatedly connecting to the process to be exploited, even after the connecting process crashes with high likelihood due to ASLR.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-121", "CWE-125"], "affected_products": [], "references": [{"url": "https://github.com/python/cpython/commit/289fd2c97a7e5aecb8b69f94f5e838ccfeee7e67", "source": "cna@python.org", "tags": []}, {"url": "https://github.com/python/cpython/issues/148178", "source": "cna@python.org", "tags": []}, {"url": "https://github.com/python/cpython/pull/148187", "source": "cna@python.org", "tags": []}, {"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/OG4RHARYSNIE22GGOMVMCRH76L5HKPLM/", "source": "cna@python.org", "tags": []}], "published": "2026-04-14T16:16:48.717", "last_modified": "2026-04-14T17:16:54.363", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1203", "name": "Exploitation for Client Execution", "tactic": "Execution"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2025-70023", "description": "An issue pertaining to CWE-843: Access of Resource Using Incompatible Type was discovered in transloadit uppy v0.25.6.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": [], "affected_products": [], "references": [{"url": "https://gist.github.com/zcxlighthouse/27926a85371ac5d2291f44903254753e", "source": "cve@mitre.org", "tags": []}, {"url": "https://github.com/transloadi", "source": "cve@mitre.org", "tags": []}, {"url": "https://github.com/transloadit/uppy", "source": "cve@mitre.org", "tags": []}], "published": "2026-04-14T18:16:41.677", "last_modified": "2026-04-14T18:16:41.677", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-0207", "description": "A vulnerability exists in FlashBlade whereby sensitive information may be logged under specific conditions.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-532"], "affected_products": [], "references": [{"url": "https://support.purestorage.com/bundle/m_security_bulletins/page/Pure_Security/topics/concept/c_security_bulletins.html", "source": "psirt@purestorage.com", "tags": []}], "published": "2026-04-14T18:16:41.800", "last_modified": "2026-04-14T18:16:41.800", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1005", "name": "Data from Local System", "tactic": "Collection"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-0209", "description": "Under certain administrative conditions, FlashArray Purity may apply snapshot retention policies earlier or later than configured.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-783"], "affected_products": [], "references": [{"url": "https://support.purestorage.com/bundle/m_security_bulletins/page/Pure_Security/topics/concept/c_security_bulletins.html", "source": "psirt@purestorage.com", "tags": []}], "published": "2026-04-14T18:16:41.980", "last_modified": "2026-04-14T18:16:41.980", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-24906", "description": "October is a Content Management System (CMS) and web platform. Versions prior to 3.7.14 and 4.1.10 contain a Stored Cross-Site Scripting (XSS) vulnerability in the Backend Editor Settings. The Markup Classes fields (used for paragraph styles, inline styles, table styles, etc.) did not sanitize input to valid CSS class name characters. Malicious values were rendered unsanitized in Froala editor dropdown menus, allowing JavaScript execution when any user opened a RichEditor. Exploitation could lead to privilege escalation if a superuser opens any RichEditor during routine content editing (e.g., editing a blog post), and requires authenticated backend access with editor settings permissions. This issue has been fixed in versions 3.7.14 and 4.1.10. To workaround this issue, restrict editor settings permissions to fully trusted administrators only", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://github.com/octobercms/october/security/advisories/GHSA-6qmh-j78v-ffp7", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-14T18:16:45.063", "last_modified": "2026-04-14T18:16:45.063", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-24907", "description": "October is a Content Management System (CMS) and web platform. Versions prior to 3.7.14 and 4.1.10 contain a stored cross-site scripting (XSS) vulnerability in the Event Log mail preview feature. When viewing logged mail messages, HTML content was rendered in an iframe without proper sandboxing, allowing JavaScript execution in the viewer's browser context. This issue has been fixed in versions 3.7.14 and 4.1.10. If users are unable to update immediately, workarounds include restricting mail template editing permissions to fully trusted administrators only and restricting Event Log viewing permissions to minimize exposure.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": ["CWE-79"], "affected_products": [], "references": [{"url": "https://github.com/octobercms/october/security/advisories/GHSA-j4j5-9x6g-rgxc", "source": "security-advisories@github.com", "tags": []}], "published": "2026-04-14T18:16:45.233", "last_modified": "2026-04-14T18:16:45.233", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [{"id": "T1189", "name": "Drive-by Compromise", "tactic": "Initial Access"}], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5754", "description": "Reflected Cross-Site Scripting (XSS) Vulnerability in Radware Alteon 34.5.4.0 vADC load-balancer allows an attacker to inject malicious scripts into the website, potentially leading to unauthorized actions, data theft, or other malicious activities.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": [], "affected_products": [], "references": [{"url": "https://www.radware.com/products/alteon/", "source": "cret@cert.org", "tags": []}], "published": "2026-04-14T18:17:39.487", "last_modified": "2026-04-14T18:17:39.487", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}, {"cve_id": "CVE-2026-5756", "description": "Unauthenticated Configuration File Modification Vulnerability in DRC Central Office Services (COS) allows an attacker to modify the server's configuration file, potentially leading to mass data exfiltration, malicious traffic interception, or disruption of testing services.", "cvss_score": null, "cvss_vector": null, "cvss_severity": null, "cwes": [], "affected_products": [], "references": [{"url": "https://www.datarecognitioncorp.com/", "source": "cret@cert.org", "tags": []}], "published": "2026-04-14T18:17:39.600", "last_modified": "2026-04-14T18:17:39.600", "days_since_publish": 999, "source": "nvd", "in_kev": false, "kev_data": null, "epss_score": 0, "epss_percentile": 0, "social_posts": 0, "social_repos": 0, "has_poc": false, "poc_urls": [], "nuclei_template": null, "mitre_techniques": [], "ats_score": 0, "ats_level": "INFO", "ats_breakdown": {"severity": 0.0, "exploit_probability": 0.0, "weaponization": 0, "social_signal": 0, "time_factor": 0}}]}