2026-04-21
2026-04-21 17:05Z
LOW

v9.0.2

BloodHound releases·github.comCVE-2026-33815CVE-2026-33816

BloodHound v9.0.2 released with routine maintenance updates including cipher additions, Azure post-processing fixes, and a pgx dependency upgrade to remediate two CVEs in the database driver. The release includes minor feature additions and build improvements.

SRFApplicationVNDBloodhoundVNDSpecter OpsTYPToolTYPVulnerability
9.8
CVSS v3.1
35
Edit Score
2026-04-21
2026-04-21 16:02Z
CRIT

The Vercel Breach Explains Why Identity Attack Path Management Can’t Wait

SpecterOps·specterops.ioin the wild

Vercel suffered a supply-chain breach when an employee connected the AI tool Context.ai to corporate Google Workspace via OAuth with overly broad permissions. Context.ai was subsequently compromised via an infostealer (Lumma Stealer) targeting a Context.ai employee, exposing OAuth tokens that granted attackers direct access to Vercel's identity infrastructure and internal systems. SpecterOps frames this as a structural identity attack path problem: the compromise of a non-human identity (NHI) with delegated trust relationships enabled lateral movement at machine speed, exposing the inadequacy of traditional IAM governance against AI-driven identity risks.

TACTA0001SRFIdentityTACTA0003SRFCloudTACTA0008VNDGoogleVNDVercelVNDContext Ai
82
Edit Score
2026-04-21
2026-04-21 15:41Z
HIGH

CVE-2026-3324 — Log360: ManageEngine Log360 builds 13000–13013 contain an authentication bypass vulnerability in exposed V1

Horizon3.ai·horizon3.aiCVE-2026-3324

ManageEngine Log360 builds 13000–13013 contain an authentication bypass vulnerability in exposed V1 APIs that allows attackers to bypass authorization checks and gain unauthorized access to data and operations. The vendor patched the issue in build 13017 released March 10, 2026, with public disclosure on April 17, 2026.

SRFApplicationTACTA0001SRFWebVNDLog360VNDManageengineTYPVulnerabilityTYPAdvisorySTGInitial Access
68
Edit Score
2026-04-21
2026-04-21 15:16Z
HIGH

CVE-2026-31019 — Dolibarr Dolibarr_erp\/crm: An authenticated user with permission to edit PHP content can bypass this filtering, resulting

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-31019

In the Website module of Dolibarr ERP & CRM 22.0.4 and below, the application uses blacklist-based filtering to restrict dangerous PHP functions related to system command execution. An authenticated user with permission to edit PHP content can bypass this filtering, resulting in full remote code execution with the ability to execute arbitrary operating system commands on the server. CVSSv3.1 8.8 (HIGH)

CWECWE 78VNDDolibarrTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-21
2026-04-21 15:16Z
HIGH

CVE-2026-31018 — Dolibarr Dolibarr_erp\/crm: In Dolibarr ERP & CRM <= 22.0.4, PHP code detection and editing permission enforcement

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-31018

In Dolibarr ERP & CRM <= 22.0.4, PHP code detection and editing permission enforcement in the Website module is not applied consistently to all input parameters, allowing an authenticated user restricted to HTML/JavaScript editing to inject PHP code through unprotected inputs during website page creation. CVSSv3.1 8.8 (HIGH)

CWECWE 94CWECWE 284VNDDolibarrTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-21
2026-04-21 14:38Z
CRIT

Kyber Ransomware Double Trouble: Windows and ESXi Attacks Explained

Rapid7 Research·rapid7.comin the wild

Rapid7 analyzed two Kyber ransomware variants—one targeting VMware ESXi and one targeting Windows—recovered from a March 2026 incident. The ESXi variant uses ChaCha8 encryption despite claiming post-quantum Kyber1024, while the Windows variant correctly implements AES-256-CTR with Kyber1024 key wrapping. Both variants share campaign infrastructure and employ sophisticated anti-recovery techniques including VM termination, shadow copy deletion, and management interface defacement.

SRFOsTACTA0005TACTA0002SRFNetwork ApplianceTACTA0040VNDMicrosoftVNDVmwareTYPResearch
82
Edit Score
2026-04-21
2026-04-21 13:16Z
HIGH

CVE-2026-6750 — Mozilla Firefox: Privilege escalation in the Graphics: WebRender component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-6750

Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. CVSSv3.1 8.8 (HIGH)

CWECWE 269VNDMozillaTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
728 × 90 / responsive · programmatic ad slot
2026-04-21
2026-04-21 13:16Z
CRIT

CVE-2026-6748 — Mozilla Firefox: Uninitialized memory in the Audio/Video: Web Codecs component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-6748

Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. CVSSv3.1 9.8 (CRITICAL)

CWECWE 457CWECWE 824VNDMozillaVNDUninitializedTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-21
2026-04-21 11:16Z
HIGH

CVE-2026-41038 — Qntmnet Qn-i-470_firmware: An attacker on the same network could exploit this vulnerability by performing password guessing

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-41038

This vulnerability exists in Quantum Networks router due to lack of enforcement of strong password policies in the web-based management interface. An attacker on the same network could exploit this vulnerability by performing password guessing or brute-force attacks against user accounts, leading to unauthorized access to the targeted device. CVSSv3.1 8.8 (HIGH) · EPSS 7th percentile

CWECWE 521VNDQntmnetVNDQuantumTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-21
2026-04-21 10:16Z
HIGH

CVE-2026-41037 — Qntmnet Qn-i-470_firmware: An attacker on the same network could exploit this vulnerability by performing brute force

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-41037

This vulnerability exists in Quantum Networks router due to missing rate limiting and CAPTCHA protection for failed login attempts in the web-based management interface. An attacker on the same network could exploit this vulnerability by performing brute force attacks against administrative credentials, leading to unauthorized access with root privileges on the targeted device. CVSSv3.1 8.8 (HIGH) · EPSS 7th percentile

CWECWE 307VNDQntmnetVNDQuantumTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-21
2026-04-21 10:16Z
HIGH

CVE-2026-41036 — Qntmnet Qn-i-470_firmware: Successful exploitation of this vulnerability could allow the attacker to perform remote code execution

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-41036

This vulnerability exists in Quantum Networks router due to inadequate sanitization of user-supplied input in the management CLI interface. An authenticated remote attacker could exploit this vulnerability by injecting arbitrary OS commands on the targeted device. Successful exploitation of this vulnerability could allow the attacker to perform remote code execution with root privileges on the targeted device. CVSSv3.1 8.8 (HIGH) · EPSS 64th percentile

CWECWE 78VNDQntmnetVNDQuantumTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-21
2026-04-21 07:58Z
INFO

shannon — Shannon Lite is an autonomous, white-box AI pentester for web applications and APIs. It analyzes your source code, ident

GitHub · LPE exploits·github.comGITHUB POC

Shannon Lite is an open-source autonomous AI pentester for web applications and APIs that performs white-box security testing by analyzing source code and executing real exploits. The tool identifies attack vectors across injection, XSS, SSRF, and authentication bypass categories, generating proof-of-concept exploits for confirmed vulnerabilities. Shannon Pro, the commercial variant, adds agentic SAST, SCA, secrets scanning, and business logic testing with static-dynamic correlation.

SRFApplicationSRFWebTACTA0042TACTA0043TYPToolSTGDiscoverySTGExecutionSTGInitial Access
72
Edit Score
2026-04-21
2026-04-21 04:16Z
CRIT

CVE-2026-5965 — NewSoftOA: developed by NewSoft has an OS Command Injection vulnerability, allowing unauthenticated local attackers

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5965

NewSoftOA developed by NewSoft has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on the server. CVSSv3.1 9.8 (CRITICAL) · EPSS 92th percentile

CWECWE 78VNDNewsoftoaTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2026-04-21
2026-04-21 03:16Z
HIGH

CVE-2026-40497 — Freescout Freescout: CSP allows `style-src * 'self' 'unsafe-inline'`, so injected inline styles execute freely.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-40497

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, FreeScout's `Helper::stripDangerousTags()` removes `<script>`, `<form>`, `<iframe>`, `<object>` but does NOT strip `<style>` tags. The mailbox signature field is saved via POST /mailbox/settings/{id} and later rendered unescaped via `{!! $conversation->getSignatureProcessed([], true) !!}` in conversation views. CSP allows `style-src * 'self' 'unsafe-inline'`, so injected inline styles exec CVSSv3.1 8.1 (HIGH)

CWECWE 79VNDFreescoutTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-04-21
2026-04-21 02:16Z
CRIT

CVE-2026-40496 — Freescout Freescout: Prior to version 1.8.213, attachment download tokens are generated using a weak and predictable

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-40496

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, attachment download tokens are generated using a weak and predictable formula: `md5(APP_KEY + attachment_id + size)`. Since attachment_id is sequential and size can be brute-forced in a small range, an unauthenticated attacker can forge valid tokens and download any private attachment without credentials. Version 1.8.213 fixes the issue. CVSSv3.1 9.1 (CRITICAL)

CWECWE 340CWECWE 330VNDFreescoutTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2026-04-21
2026-04-21 02:16Z
HIGH

CVE-2026-39866 — Lawnchair Lawnchair: Prior to commit fcba413f55dd47f8a3921445252849126c6266b2, command injection in release_update.yml workflow dispatch input allows arbitrary code

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-39866

Lawnchair is a free, open-source home app for Android. Prior to commit fcba413f55dd47f8a3921445252849126c6266b2, command injection in release_update.yml workflow dispatch input allows arbitrary code execution. Commit fcba413f55dd47f8a3921445252849126c6266b2 patches the issue. CVSSv3.1 8.8 (HIGH)

CWECWE 77VNDLawnchairTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-21
2026-04-21 01:16Z
CRIT

CVE-2026-39861 — Anthropic Claude_code: Reliably exploiting this required the ability to add untrusted content into a Claude Code

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-39861

Claude Code is an agentic coding tool. Prior to version 2.1.64, Claude Code's sandbox did not prevent sandboxed processes from creating symlinks pointing to locations outside the workspace. When Claude Code subsequently wrote to a path within such a symlink, its unsandboxed process followed the symlink and wrote to the target location outside the workspace without prompting the user for confirmation. This allowed a sandbox escape where neither the sandboxed command nor the un CVSSv3.1 10.0 (CRITICAL)

CWECWE 22CWECWE 61VNDAnthropicVNDClaudeTYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2026-04-21
2026-04-21 01:16Z
HIGH

CVE-2026-39386 — M1k1o Neko: This results in a complete compromise of the instance.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-39386

Neko is a a self-hosted virtual browser that runs in Docker and uses WebRTC In versions 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1, any authenticated user can immediately obtain full administrative control of the entire Neko instance (member management, room settings, broadcast control, session termination, etc.). This results in a complete compromise of the instance. The vulnerability has been patched in v3.0.11 and v3.1.2. If upgrading is not immediately possible, the fol CVSSv3.1 8.8 (HIGH)

CWECWE 269CWECWE 639CWECWE 284CWECWE 20VNDM1k1oVNDNekoTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-21
2026-04-21 00:16Z
CRIT

CVE-2026-41329 — Openclaw Openclaw: before 2026.3.31 contains a sandbox bypass vulnerability allowing attackers to escalate privileges via

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-41329

OpenClaw before 2026.3.31 contains a sandbox bypass vulnerability allowing attackers to escalate privileges via heartbeat context inheritance and senderIsOwner parameter manipulation. Attackers can exploit improper context validation to bypass sandbox restrictions and achieve unauthorized privilege escalation. CVSSv3.1 9.9 (CRITICAL) · EPSS 13th percentile

CWECWE 648VNDOpenclawTYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2026-04-21
2026-04-21 00:16Z
HIGH

CVE-2026-41303 — Openclaw Openclaw: before 2026.3.28 contains an authorization bypass vulnerability in Discord text approval commands that

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-41303

OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in Discord text approval commands that allows non-approvers to resolve pending exec approvals. Attackers can send Discord text commands to bypass the channels.discord.execApprovals.approvers allowlist and approve pending host execution requests. CVSSv3.1 8.8 (HIGH) · EPSS 20th percentile

CWECWE 863VNDOpenclawTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-21
2026-04-21 00:16Z
HIGH

CVE-2026-41296 — Openclaw Openclaw: before 2026.3.31 contains a time-of-check-time-of-use race condition in the remote filesystem bridge readFile

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-41296

OpenClaw before 2026.3.31 contains a time-of-check-time-of-use race condition in the remote filesystem bridge readFile function that allows sandbox escape. Attackers can exploit the separate path validation and file read operations to bypass sandbox restrictions and read arbitrary files. CVSSv3.1 8.2 (HIGH) · EPSS 8th percentile

CWECWE 367VNDOpenclawTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2026-04-21
2026-04-21 00:16Z
HIGH

CVE-2026-41294 — Openclaw Openclaw: before 2026.3.28 loads the current working directory .env file before trusted state-dir configuration

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-41294

OpenClaw before 2026.3.28 loads the current working directory .env file before trusted state-dir configuration, allowing environment variable injection. Attackers can place a malicious .env file in a repository or workspace to override runtime configuration and security-sensitive environment settings during OpenClaw startup. CVSSv3.1 8.6 (HIGH) · EPSS 3th percentile

CWECWE 15VNDOpenclawTYPVulnerability
8.6
CVSS v3.1
93
Edit Score
2026-04-21
2026-04-21 00:16Z
HIGH

CVE-2026-35587 — Nicolargo Glances: Prior to version 4.5.4, a Server-Side Request Forgery (SSRF) vulnerability exists in the Glances

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-35587

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, a Server-Side Request Forgery (SSRF) vulnerability exists in the Glances IP plugin due to improper validation of the public_api configuration parameter. The value of public_api is used directly in outbound HTTP requests without any scheme restriction or hostname/IP validation. An attacker who can modify the Glances configuration can force the application to send requests to arbitrary inte CVSSv3.1 8.8 (HIGH)

CWECWE 918VNDNicolargoVNDGlancesTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-21
2026-04-21 00:16Z
HIGH

CVE-2026-35570 — Gitlawb Openclaude: When the sandbox auto-allow feature is active and no explicit deny rule is configured

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-35570

OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Versions prior to 0.5.1 have a logic flaw in `bashToolHasPermission()` inside `src/tools/BashTool/bashPermissions.ts`. When the sandbox auto-allow feature is active and no explicit deny rule is configured, the function returns an `allow` result immediately — before the path constraint filter (`checkPathConstraints`) is ever evaluated. This allows commands containing path trav CVSSv3.1 8.4 (HIGH)

CWECWE 284CWECWE 22VNDGitlawbVNDOpenclaudeTYPVulnerability
8.4
CVSS v3.1
92
Edit Score
2026-04-21
2026-04-21 00:00Z
CRIT

Void Dokkaebi Uses Fake Job Interview Lure to Spread Malware via Code Repositories

Trend Micro Research·trendmicro.comin the wild

Void Dokkaebi (Famous Chollima), a North Korea-aligned threat actor, has evolved a self-propagating supply chain worm that spreads malware through compromised developer repositories via two mechanisms: malicious VS Code task configurations (.vscode/tasks.json) and injected obfuscated JavaScript with git history tampering. Analysis identified over 750 infected repositories, 500+ malicious VS Code tasks, and compromises of major organizations including DataStax and Neutralinojs, with payloads staged on blockchain infrastructure (Tron, Aptos, BSC) and delivered as DEV#POPPER RAT variants.

SRFApplicationSRFOsTACTA0005TACTA0001TACTA0002TACTA0003TACTA0011SRFSupply Chain
92
Edit Score