CVE ID :CVE-2026-31845 Published : April 11, 2026, 7:16 p.m. | 5 hours, 23 minutes ago Description :A reflected cross-site scripting (XSS) vulnerability exists in Rukovoditel CRM version 3.6.4 and earlier in the Zadarma…
CVE-2026-34621 – Acrobat Reader | Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’) (CWE-1321)
CVE ID :CVE-2026-34621 Published : April 11, 2026, 7:16 a.m. | 17 hours, 23 minutes ago Description :Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype…
CVE-2026-5144 – BuddyPress Groupblog <= 1.9.3 – Authenticated (Subscriber+) Privilege Escalation to Administrator via Group Blog IDOR
CVE ID :CVE-2026-5144 Published : April 11, 2026, 2:16 a.m. | 22 hours, 23 minutes ago Description :The BuddyPress Groupblog plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and…
CVE-2026-5059 – aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability
CVE ID :CVE-2026-5059 Published : April 11, 2026, 1:16 a.m. | 23 hours, 23 minutes ago Description :aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary…
CVE-2026-5058 – aws-mcp-server Command Injection Remote Code Execution Vulnerability
CVE ID :CVE-2026-5058 Published : April 11, 2026, 1:16 a.m. | 23 hours, 23 minutes ago Description :aws-mcp-server Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on…
CVE-2026-40189 – goshs has a file-based ACL authorization bypass in goshs state-changing routes
CVE ID :CVE-2026-40189 Published : April 10, 2026, 8:16 p.m. | 4 hours, 23 minutes ago Description :goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.4, goshs enforces the documented per-folder .goshs ACL/basic-auth…
CVE-2026-40177 – Password bypass when 2FA is activated
CVE ID :CVE-2026-40177 Published : April 10, 2026, 8:16 p.m. | 4 hours, 23 minutes ago Description :ajenti.plugin.core defines all necessary core elements to allow Ajenti to run properly. Prior to 0.112, if the…
CVE-2026-40175 – Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain
CVE ID :CVE-2026-40175 Published : April 10, 2026, 8:16 p.m. | 4 hours, 23 minutes ago Description :Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0, the Axios…
CVE-2026-40168 – Postiz has Server-Side Request Forgery via Redirect Bypass in /api/public/stream
CVE ID :CVE-2026-40168 Published : April 10, 2026, 8:16 p.m. | 4 hours, 23 minutes ago Description :Postiz is an AI social media scheduling tool. Prior to 2.21.5, the /api/public/stream endpoint is vulnerable to…
CVE-2026-33707 – Weak Password Recovery Mechanism for Forgotten Password in chamilo/chamilo-lms
CVE ID :CVE-2026-33707 Published : April 10, 2026, 7:16 p.m. | 5 hours, 23 minutes ago Description :Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, the default password reset mechanism…