PT-2026-35174

Name of the Vulnerable Software and Affected Versions BIVOCOM TR321 version 21.1.1.50 Description A flaw in the Wireless Setting component allows for remote cross-site scripting XSS, which is a technique where malicious scripts are injected into trusted websites. This occurs through the...

CVE-2026-42856

creationtimestamp| type| source ---|---|--- 2026-04-24 14:05:57+00:00| published-proof-of-concept| https://github.com/Jovancoding/Network-AI/security/advisories/GHSA-fj4g-2p96-q6m3...

GHSA-C799-4WW6-Q93W

creationtimestamp| type| source ---|---|--- 2026-04-24 05:18:33+00:00| published-proof-of-concept| Telegram/wieF1Cc87yTCfYHn4YFnWJ1bAgxO-EGJdmyMzATQMYWieSQ...

GHSA-JMJ9-2C4Q-849J

creationtimestamp| type| source ---|---|--- 2026-04-24 05:18:33+00:00| published-proof-of-concept| Telegram/wieF1Cc87yTCfYHn4YFnWJ1bAgxO-EGJdmyMzATQMYWieSQ...

CVE-2026-33208

creationtimestamp| type| source ---|---|--- 2026-04-24 05:18:33+00:00| published-proof-of-concept| Telegram/wieF1Cc87yTCfYHn4YFnWJ1bAgxO-EGJdmyMzATQMYWieSQ...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the parseActions function. An attacker can execute arbitrary code by sending crafted input to the affected process. Remediation A fix was pushed into the master branch but not yet published. Referenc...

CVE-2026-40099

Kirby is an open-source content management system. Kirby's user permissions control which user role is allowed to perform specific actions to content models in the CMS. These permissions are defined for each role in the user blueprint site/blueprints/users/.... It is also possible to customize th...

GHSA-V92G-XGXW-VVMM

creationtimestamp| type| source ---|---|--- 2026-04-23 21:26:07+00:00| published-proof-of-concept| Telegram/wY3PGk1V7kusFG8GbDK0g0CtGhXXIm9UsDC-frBku-7BiY...

GHSA-HC8W-H2MF-HP59

creationtimestamp| type| source ---|---|--- 2026-04-23 21:25:36+00:00| published-proof-of-concept| Telegram/tS2ffuiIBjg-jG5ou8TlrNJjBU2OGhcKfhZwclhyaQjdHg...

Improper Neutralization

Overview Affected versions of this package are vulnerable to Improper Neutralization of inline in the BaseCookie.jsoutput function. An attacker can inject arbitrary script content by supplying specially crafted input containing HTML parser-sensitive sequences. Remediation A fix was pushed into th...

RUSTSEC-2026-0108 `sui-execution-cut` was removed from crates.io for malicious code

sui-execution-cut included a build script that attempted to exfiltrate data from the build machine. The malicious crate had 1 version published on 2026-04-20 and had no evidence of actual usage. This crate had no dependencies on crates.io...

Uncontrolled Recursion

Overview org.webjars.npm:xmldom is an A pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. Affected versions of this package are vulnerable to Uncontrolled Recursion in the recursive processing of deeply nested XML documents by several DOM-related...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the endpoint process. An attacker can access sensitive information and cause a denial of service by sending a maliciously crafted request. Remediation A fix was pushed into the master branch but not yet published...

GHSA-9C4Q-HQ6P-C237

creationtimestamp| type| source ---|---|--- 2026-04-22 03:15:49+00:00| published-proof-of-concept| Telegram/NIz4Hq2d69t6fRYm4ZcrXWZIskbJKFNbLYHbUSSyCcR9Mzg...

GHSA-GPH2-J4C9-VHHR

creationtimestamp| type| source ---|---|--- 2026-04-21 23:30:36+00:00| published-proof-of-concept| Telegram/ITN0hTjNGfPMK-REHkV5qJBsGo4t4-tf1bJT5aod5DHh0UQ...

GHSA-6RC6-P838-686F

creationtimestamp| type| source ---|---|--- 2026-04-21 21:27:33+00:00| published-proof-of-concept| Telegram/PLPaRbcJDaPiLP6CzuoYppan71AlFD-MBdwXLbLZgMJCSE...

GHSA-HPXJ-9FGP-FHHF

creationtimestamp| type| source ---|---|--- 2026-04-21 21:27:33+00:00| published-proof-of-concept| Telegram/PLPaRbcJDaPiLP6CzuoYppan71AlFD-MBdwXLbLZgMJCSE...

CVE-2026-40903

creationtimestamp| type| source ---|---|--- 2026-04-21 21:27:33+00:00| published-proof-of-concept| Telegram/PLPaRbcJDaPiLP6CzuoYppan71AlFD-MBdwXLbLZgMJCSE...

CVE-2026-40614

creationtimestamp| type| source ---|---|--- 2026-04-21 21:26:08+00:00| published-proof-of-concept| Telegram/Sh-VDLwDsigv2TtmIHQb5bM9xL-0-hntwqefkM3TigDwq8o...

Use of a Broken or Risky Cryptographic Algorithm

Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm in the cryptographic algorithm implementation. An attacker can compromise the confidentiality of sensitive information by exploiting weak or insufficient cryptographic algorithms...