CVE-2026-35581

creationtimestamp| type| source ---|---|--- 2026-04-07 19:33:54+00:00| seen| Telegram/2sVgvXJxKnqdd0t3ix7z2PFFoP4qMIqNMJ7HHwXtd94aJL4 2026-04-17 14:07:07+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mjp3vgyzwy2v...

CVE-2026-35523

creationtimestamp| type| source ---|---|--- 2026-04-07 19:33:43+00:00| seen| Telegram/7stdzVfIjMVb7tvEQLoql-CFRLg5JIYu0eUqsXCfmQ30DI4 2026-04-19 00:07:07+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mjsnvavnyu26...

CVE-2026-25357

creationtimestamp| type| source ---|---|--- 2026-04-07 19:30:07+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3miwjbs7ga22h...

CVE-2026-29181

creationtimestamp| type| source ---|---|--- 2026-04-07 18:34:27+00:00| published-proof-of-concept| https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-mh2q-q3fh-2475 2026-04-07 23:20:49+00:00| published-proof-of-concept|...

CVE-2026-39333

ChurchCRM is an open-source church management system. Prior to 7.1.0, he FindFundRaiser.php endpoint reflects user-supplied input DateStart and DateEnd into HTML input field attributes without proper output encoding for the HTML attribute context. An authenticated attacker can craft a malicious U...

GHSA-5F97-JGG4-GQWR

creationtimestamp| type| source ---|---|--- 2026-04-07 17:29:55+00:00| published-proof-of-concept| Telegram/ZjNX94OaGDygpp8THY2068PQ3qFjjnuznV-29wb7oU4kmRI...

GHSA-GRQ6-Q49F-44XH

creationtimestamp| type| source ---|---|--- 2026-04-07 17:29:55+00:00| published-proof-of-concept| Telegram/ZjNX94OaGDygpp8THY2068PQ3qFjjnuznV-29wb7oU4kmRI...

GHSA-HV3W-M4G2-5X77

creationtimestamp| type| source ---|---|--- 2026-04-07 17:29:48+00:00| seen| Telegram/t7opZ3s7Nl85xZs745vJOFh0FG2Whznv9BGbk6FzHivbIC0...

GHSA-XVMF-CFRQ-4J8F

creationtimestamp| type| source ---|---|--- 2026-04-07 17:29:27+00:00| seen| Telegram/yDDpU4nC0b44IAL16-yoyqmXwVbKF5D32H81GUjgS-e3jc...

GHSA-JVRJ-W5HQ-6CP2

creationtimestamp| type| source ---|---|--- 2026-04-07 17:29:14+00:00| published-proof-of-concept| Telegram/8eXn4QLj3W18AYc2pIsiDgfSWsuolTpz1YwE008yOgTXtw...

GHSA-V5HW-CV9C-RPG7

creationtimestamp| type| source ---|---|--- 2026-04-07 17:29:08+00:00| seen| Telegram/S0o7tCbZtDmnRvZjM5kXvvB9yXwoblxnXV5GlrmaLffoEZI...

GHSA-VMVW-QQ8W-WQHG

creationtimestamp| type| source ---|---|--- 2026-04-07 15:21:06+00:00| published-proof-of-concept| Telegram/QBh1FHyWJUCKYAyST3Bw6jIrLbUdJEHanO8DcWQylla0...

EUVD-2026-19657

Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, API keys with an expiresAt date are never validated against the current time during authentication. Any API key — regardless of its expiration date — is accepted indefinitely, allowing a user whose key has expire...

CVE-2026-22679

Weaver Fanwei E-cology 10.0 versions prior to 20260312 contain an unauthenticated remote code execution vulnerability in the /papi/esearch/data/devops/dubboApi/debug/method endpoint that allows attackers to execute arbitrary commands by invoking exposed debug functionality. Attackers can craft PO...

CVE-2021-4473

Tianxin Internet Behavior Management System contains a command injection vulnerability in the Reporter component endpoint that allows unauthenticated attackers to execute arbitrary commands by supplying a crafted objClass parameter containing shell metacharacters and output redirection. Attackers...

CVE-2023-49092

creationtimestamp| type| source ---|---|--- 2026-04-07 11:43:13+00:00| seen| https://gist.github.com/soul2zimate/a5296bc917881b1c43c396b5caf75393...

CVE-2026-33227

creationtimestamp| type| source ---|---|--- 2026-04-07 10:07:20+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mivjticz7b2g...

CVE-2026-1839

creationtimestamp| type| source ---|---|--- 2026-04-07 06:05:54+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3miv4dqxdnj2i...

PT-2026-30957

ChurchCRM is an open-source church management system. Prior to 7.1.0, he FindFundRaiser.php endpoint reflects user-supplied input DateStart and DateEnd into HTML input field attributes without proper output encoding for the HTML attribute context. An authenticated attacker can craft a malicious U...

Endian Firewall DATE Parameter OS Command Injection Vulnerability (CNVD-2026-18422)

Endian Firewall is a network security firewall system from Endian. An operating system command injection vulnerability exists in the Endian Firewall DATE parameter, which stems from incomplete regular expression validation of the DATE parameter in /cgi-bin/logsopenvpn.cgi, and can be exploited by...