2026-04-20
2026-04-20 17:16Z
HIGH

CVE-2026-25524 — Openmage Magento: Prior to version 20.17.0, PHP functions such as `getimagesize()`, `file_exists()`, and `is_readable()` can trigger

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-25524

Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, PHP functions such as `getimagesize()`, `file_exists()`, and `is_readable()` can trigger deserialization when processing `phar://` stream wrapper paths. OpenMage LTS uses these functions with potentially controllable file paths during image validation and m CVSSv3.1 8.1 (HIGH)

CWECWE 502VNDMagentoVNDOpenmageTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-04-20
2026-04-20 16:16Z
HIGH

CVE-2026-26944 — Dell Powerprotect_dp_series_appliance: PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-26944

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain a missing authentication for critical function vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges. Exploitation requires an authenticated user to perform a specific action. CVSSv3.1 8.8 (HIGH)

CWECWE 306VNDDellTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-20
2026-04-20 16:16Z
CRIT

CVE-2026-24467 — Filigran Openaev: Starting in version 1.0.0 and prior to version 2.0.13, OpenAEV's password reset implementation contains

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-24467

OpenAEV is an open source platform allowing organizations to plan, schedule and conduct cyber adversary simulation campaign and tests. Starting in version 1.0.0 and prior to version 2.0.13, OpenAEV's password reset implementation contains multiple security weaknesses that together allow reliable account takeover. The primary issue is that password reset tokens do not expire. Once a token is generated, it remains valid indefinitely, even if significant time has passed or if ne CVSSv3.1 9.0 (CRITICAL) · EPSS 73th percentile

CWECWE 640VNDOpenaevVNDFiligranTYPVulnerability
9.0
CVSS v3.1
95
Edit Score
2026-04-20
2026-04-20 14:16Z
CRIT

CVE-2026-5760 — SGLang's reranking endpoint (/v1/rerank) achieves Remote Code Execution (RCE) when a model file containing

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5760

SGLang's reranking endpoint (/v1/rerank) achieves Remote Code Execution (RCE) when a model file containing a malcious tokenizer.chat_template is loaded, as the Jinja2 chat templates are rendered using an unsandboxed jinja2.Environment(). CVSSv3.1 9.8 (CRITICAL) · EPSS 59th percentile

CWECWE 94TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-20
2026-04-20 14:16Z
HIGH

CVE-2026-4048 — Progress Connection_manager_for_objectscale: OS Command Injection Remote Code Execution Vulnerability in UI in Progress ADC Products allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-4048

OS Command Injection Remote Code Execution Vulnerability in UI in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in a custom WAF rule file during the file upload process. CVSSv3.1 8.4 (HIGH) · EPSS 23th percentile

CWECWE 77VNDProgressVNDCommandTYPVulnerability
8.4
CVSS v3.1
92
Edit Score
2026-04-20
2026-04-20 14:16Z
HIGH

CVE-2026-3519 — Progress Connection_manager_for_objectscale: OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-3519

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “VS Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'aclcontrol' command CVSSv3.1 8.4 (HIGH) · EPSS 23th percentile

CWECWE 77VNDProgressVNDCommandTYPVulnerability
8.4
CVSS v3.1
92
Edit Score
2026-04-20
2026-04-20 14:16Z
HIGH

CVE-2026-3518 — Progress Connection_manager_for_objectscale: OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-3518

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'killsession' command CVSSv3.1 8.4 (HIGH) · EPSS 23th percentile

CWECWE 77VNDProgressVNDCommandTYPVulnerability
8.4
CVSS v3.1
92
Edit Score
728 × 90 / responsive · programmatic ad slot
2026-04-20
2026-04-20 14:16Z
HIGH

CVE-2026-3517 — Progress Connection_manager_for_objectscale: OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-3517

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “Geo Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'addcountry' command CVSSv3.1 8.4 (HIGH) · EPSS 23th percentile

CWECWE 77VNDProgressVNDCommandTYPVulnerability
8.4
CVSS v3.1
92
Edit Score
2026-04-20
2026-04-20 14:16Z
CRIT

CVE-2026-33557 — Apache Kafka: A possible security vulnerability has been identified in Apache Kafka.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-33557

A possible security vulnerability has been identified in Apache Kafka. By default, the broker property `sasl.oauthbearer.jwt.validator.class` is set to `org.apache.kafka.common.security.oauthbearer.DefaultJwtValidator`. It accepts any JWT token without validating its signature, issuer, or audience. An attacker can generate a JWT token from any issuer with the `preferred_username` set to any user, and the broker will accept it. We advise the Kafka users using kafka v4.1.0 or CVSSv3.1 9.1 (CRITICAL)

CWECWE 303CWECWE 1285VNDApacheTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2026-04-20
2026-04-20 09:22Z
CRIT

FakeWallet crypto stealer spreading through iOS apps in the App Store

Kaspersky Securelist·securelist.comin the wild

Kaspersky discovered 26+ phishing apps in the Apple App Store masquerading as popular cryptocurrency wallets (MetaMask, Ledger, Trust Wallet, Coinbase, TokenPocket, imToken, Bitpie), primarily targeting Chinese users. Once installed, these apps redirect to malicious pages that distribute trojanzed wallet versions engineered to steal recovery phrases and private keys via library injection, method swizzling, and sophisticated phishing overlays. The campaign has been active since at least fall 2025 and employs both hot-wallet credential harvesting and cold-wallet phishing, with some samples also containing SparkKitty modules, suggesting possible threat-actor overlap.

SRFApplicationSRFMobileTACTA0001TACTA0006TACTA0009VNDAppleVNDCoinbaseVNDLedger
82
Edit Score
2026-04-20
2026-04-20 09:16Z
HIGH

CVE-2026-5967 — Teamt5 Threatsonar_anti-ransomware: ThreatSonar Anti-Ransomware developed by TeamT5 has an Privilege Escalation vulnerability.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5967

ThreatSonar Anti-Ransomware developed by TeamT5 has an Privilege Escalation vulnerability. Authenticated remote attackers with shell access can inject OS commands and execute them with root privileges. CVSSv3.1 8.8 (HIGH) · EPSS 34th percentile

CWECWE 78VNDTeamt5VNDThreatsonarTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-20
2026-04-20 08:16Z
HIGH

CVE-2026-5966 — Teamt5 Threatsonar_anti-ransomware: ThreatSonar Anti-Ransomware developed by TeamT5 has an Arbitrary File Deletion vulnerability.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5966

ThreatSonar Anti-Ransomware developed by TeamT5 has an Arbitrary File Deletion vulnerability. Authenticated remote attackers with web access can exploit Path Traversal to delete arbitrary files on the system. CVSSv3.1 8.1 (HIGH) · EPSS 57th percentile

CWECWE 22CWECWE 23VNDTeamt5VNDThreatsonarTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-04-20
2026-04-20 08:16Z
CRIT

CVE-2026-5964 — Digiwin Easyflow_.net: EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5964

EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. CVSSv3.1 9.8 (CRITICAL) · EPSS 28th percentile

CWECWE 89VNDDigiwinVNDEasyflowTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-20
2026-04-20 08:16Z
CRIT

CVE-2026-5963 — Digiwin Easyflow_.net: EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5963

EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. CVSSv3.1 9.8 (CRITICAL) · EPSS 28th percentile

CWECWE 89VNDDigiwinVNDEasyflowTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-20
2026-04-20 07:16Z
CRIT

CVE-2026-6644 — Asustor Data_master: A command injection vulnerability was found in the PPTP VPN Clients on the ADM.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-6644

A command injection vulnerability was found in the PPTP VPN Clients on the ADM. The vulnerability allows an administrative user to break out of the restricted web environment and execute arbitrary code on the underlying operating system. This occurs due to insufficient validation of user-supplied input before it is passed to a system shell. Successful exploitation allows an attacker to achieve Remote Code Execution (RCE) and fully compromise the system. Affected products and CVSSv3.1 9.1 (CRITICAL) · EPSS 55th percentile

CWECWE 78VNDAsustorTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2026-04-20
2026-04-20 06:24Z
HIGH

AzureAD-Attack-Defense — This publication is a collection of various common attack scenarios on Microsoft Entra ID (formerly known as Azure Activ

GitHub · Azure / Entra tools·github.comGITHUB POC

AzureAD-Attack-Defense is a comprehensive community-driven playbook documenting attack and defense scenarios against Microsoft Entra ID (Azure AD). The repository covers password spray, consent grant abuse, service principal exploitation in Azure DevOps, Entra Connect sync account abuse, PRT token replay, and adversary-in-the-middle phishing attacks, with detection rules and mitigation strategies mapped to MITRE ATT&CK framework.

TACTA0001TACTA0006SRFIdentitySRFCloudTACTA0008TACTA0009VNDMicrosoftTYPResearch
82
Edit Score
2026-04-20
2026-04-20 00:00Z
CRIT

The Vercel Breach: OAuth Supply Chain Attack Exposes the Hidden Risk in Platform Environment Variables

Trend Micro Research·trendmicro.comin the wild

Vercel suffered a supply-chain OAuth compromise originating from Lumma Stealer malware infection at third-party vendor Context.ai in February 2026. Attackers leveraged stolen Google Workspace OAuth tokens to pivot into Vercel's internal systems and enumerate customer environment variables, exposing non-sensitive credentials stored unencrypted at rest. The incident demonstrates how OAuth trust relationships bypass perimeter defenses and how default-insecure environment variable models amplify blast radius across downstream services.

TACTA0004TACTA0001TACTA0006TACTA0007TACTA0003SRFCloudSRFSupply ChainVNDGoogle
88
Edit Score
2026-04-19
2026-04-19 18:52Z
HIGH

magnetar — A EDR bypassing shellcode loader framework for Windows 10 64bit, featuring ETW/AMSI patching, Tartarus Gate, process pro

GitHub · EDR bypass / evasion·github.comGITHUB POC

Magnetar is a Windows 10 64-bit shellcode loader framework designed to bypass EDR solutions through ETW/AMSI patching, direct syscalls via Tartarus Gate, process injection techniques (Early Bird APC, Process Hypnosis), PPID spoofing, and process protection mechanisms. The author intentionally removed the critical syscall obfuscation component from the public release due to its demonstrated effectiveness against Sophos EDR, requiring users to supply their own implementation.

SRFOsTACTA0005TACTA0002OSWindowsTYPToolSTGDefense EvasionSTGExecutionEXPProcess Injection
78
Edit Score
2026-04-18
2026-04-18 17:16Z
CRIT

CVE-2026-41242 — Protobufjs_project Protobufjs: In versions prior to 8.0.1 and 7.5.5, attackers can inject arbitrary code in the

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-41242

protobufjs compiles protobuf definitions into JavaScript (JS) functions. In versions prior to 8.0.1 and 7.5.5, attackers can inject arbitrary code in the "type" fields of protobuf definitions, which will then execute during object decoding using that definition. Versions 8.0.1 and 7.5.5 patch the issue. CVSSv3.1 9.8 (CRITICAL)

CWECWE 94VNDProtobufjs ProjectTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-18
2026-04-18 02:16Z
HIGH

CVE-2026-40487 — Gitroom Postiz: Prior to version 2.21.6, a file upload validation bypass allows any authenticated user to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-40487

Postiz is an AI social media scheduling tool. Prior to version 2.21.6, a file upload validation bypass allows any authenticated user to upload arbitrary HTML, SVG, or other executable file types to the server by spoofing the `Content-Type` header. The uploaded files are then served by nginx with a Content-Type derived from their original extension (`text/html`, `image/svg+xml`), enabling Stored Cross-Site Scripting (XSS) in the context of the application's origin. This can le CVSSv3.1 8.9 (HIGH)

CWECWE 434CWECWE 345CWECWE 79VNDGitroomVNDPostizTYPVulnerability
8.9
CVSS v3.1
95
Edit Score
2026-04-18
2026-04-18 02:16Z
HIGH

CVE-2026-35582 — Nsa Emissary: In versions 8.42.0 and below, Executrix.getCommand() is vulnerable to OS command injection because it

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-35582

Emissary is a P2P based data-driven workflow engine. In versions 8.42.0 and below, Executrix.getCommand() is vulnerable to OS command injection because it interpolates temporary file paths into a /bin/sh -c shell command string without any escaping or input validation. The IN_FILE_ENDING and OUT_FILE_ENDING configuration keys flow directly into these paths, allowing a place author who can write or modify a .cfg file to inject arbitrary shell metacharacters that execute OS co CVSSv3.1 8.8 (HIGH) · EPSS 17th percentile

CWECWE 78CWECWE 116VNDNsaVNDEmissaryTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-18
2026-04-18 02:11Z
HIGH

v3.8.0

Nuclei releases·github.comGHSA-29rg-wmcw-hpf4GHSA-jm34-66cf-qpvr

Nuclei v3.8.0 released with two security fixes addressing sandbox escape vectors: JS module now respects allow-local-file-access in require() calls, and template expressions are now restricted to template-authored code only. The release also includes 20+ bug fixes covering race conditions, path handling, and concurrent map writes across fuzzing, WebSocket, and HTTP modules.

SRFApplicationVNDProjectdiscoveryTYPTool
72
Edit Score
2026-04-18
2026-04-18 01:16Z
CRIT

CVE-2026-40572 — Minecanton209 Novumos: In versions prior to 0.24, Syscall 15 (MemoryMapRange) allows Ring 3 user-mode processes to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-40572

NovumOS is a custom 32-bit operating system written in Zig and x86 Assembly. In versions prior to 0.24, Syscall 15 (MemoryMapRange) allows Ring 3 user-mode processes to map arbitrary virtual address ranges into their address space without validating against forbidden regions, including critical kernel structures such as the IDT, GDT, TSS, and page tables. A local attacker can exploit this to modify kernel interrupt handlers, resulting in privilege escalation from user mode to CVSSv3.1 9.0 (CRITICAL) · EPSS 4th percentile

CWECWE 269VNDMinecanton209VNDNovumosTYPVulnerability
9.0
CVSS v3.1
95
Edit Score
2026-04-18
2026-04-18 01:16Z
HIGH

CVE-2026-40350 — Leepeuker Movary: Prior to version 0.71.1, an ordinary authenticated user can access the user-management endpoints `/settings/users`

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-40350

Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated user can access the user-management endpoints `/settings/users` and use them to enumerate all users and create a new administrator account. This happens because the route definitions do not enforce admin-only middleware, and the controller-level authorization check uses a broken boolean condition. As a result, any user with a valid web session cookie c CVSSv3.1 8.8 (HIGH) · EPSS 14th percentile

CWECWE 863VNDLeepeukerVNDMovaryTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-18
2026-04-18 01:16Z
CRIT

CVE-2026-40317 — Minecanton209 Novumos: In versions prior to 0.24, Syscall 12 (JumpToUser) accepts an arbitrary entry point address

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-40317

NovumOS is a custom 32-bit operating system written in Zig and x86 Assembly. In versions prior to 0.24, Syscall 12 (JumpToUser) accepts an arbitrary entry point address from user-space registers without validation, allowing any Ring 3 user-mode process to jump to kernel addresses and execute arbitrary code in Ring 0 context, resulting in local privilege escalation. This issue has been fixed in version 0.24. If developers are unable to immediately update, they should restrict CVSSv3.1 9.3 (CRITICAL) · EPSS 6th percentile

CWECWE 269CWECWE 20VNDMinecanton209VNDNovumosTYPVulnerability
9.3
CVSS v3.1
97
Edit Score