CVE ID :CVE-2026-39399 Published : April 14, 2026, 11:16 p.m. | 1 hour, 24 minutes ago Description :NuGet Gallery is a package repository that powers nuget.org. A security vulnerability exists in the NuGetGallery backend…
CVE-2026-35589 – nanobot: Cross-Site WebSocket Hijacking in WhatsApp Bridge (CVE-2026-2577 Fix Update)
CVE ID :CVE-2026-35589 Published : April 14, 2026, 11:16 p.m. | 1 hour, 24 minutes ago Description :nanobot is a personal AI assistant. Versions prior to 0.1.5 contain a Cross-Site WebSocket Hijacking (CSWSH) vulnerability…
CVE-2026-35033 – Jellyfin: Potential SSRF + Arbitrary file read via stream argument injection
CVE ID :CVE-2026-35033 Published : April 14, 2026, 11:16 p.m. | 1 hour, 24 minutes ago Description :Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain an unauthenticated arbitrary…
CVE-2026-35032 – Jellyfin: Potential SSRF + Arbitrary file read via LiveTV M3U tuner
CVE ID :CVE-2026-35032 Published : April 14, 2026, 11:16 p.m. | 1 hour, 24 minutes ago Description :Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain…
CVE-2026-35031 – Jellyfin: Potential RCE via subtitle upload path traversal + .strm chain
CVE ID :CVE-2026-35031 Published : April 14, 2026, 11:16 p.m. | 1 hour, 24 minutes ago Description :Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain…
CVE-2026-27681 – SQL Injection vulnerability in SAP Business Planning and Consolidation and SAP Business Warehouse
CVE ID :CVE-2026-27681 Published : April 14, 2026, 12:16 a.m. | 24 minutes ago Description :Due to insufficient authorization checks in SAP Business Planning and Consolidation and SAP Business Warehouse, an authenticated user…
CVE-2026-22564 – “UniFi Play Improper Access Control SSH Enablement Vulnerability”
CVE ID :CVE-2026-22564 Published : April 13, 2026, 10:16 p.m. | 2 hours, 23 minutes ago Description :An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play network…
CVE-2026-22563 – “UniFi Play PowerAmp and Audio Port Command Injection Vulnerability”
CVE ID :CVE-2026-22563 Published : April 13, 2026, 10:16 p.m. | 2 hours, 23 minutes ago Description :A series of Improper Input Validation vulnerabilities could allow a Command Injection by a malicious actor with…
CVE-2026-22562 – “Ubiquiti UniFi Play Path Traversal Remote Code Execution Vulnerability”
CVE ID :CVE-2026-22562 Published : April 13, 2026, 10:16 p.m. | 2 hours, 23 minutes ago Description :A malicious actor with access to the UniFi Play network could exploit a Path Traversal vulnerability found…
CVE-2026-32272 – Craft Commerce: Blind SQL Injection via hasVariant/hasProduct
CVE ID :CVE-2026-32272 Published : April 13, 2026, 9:16 p.m. | 3 hours, 23 minutes ago Description :Craft Commerce is an ecommerce platform for Craft CMS. In versions 5.0.0 through 5.5.4, an SQL injection…