PT-2026-33090

A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent could allow an authenticated, local attacker with low privileges to overwrite arbitrary files on the local system of an affected device. This vulnerability is due to improper access controls on files that are on the local file syst...

GHSA-M7R8-6Q9J-M2HC WWBN AVideo has an incomplete fix for CVE-2026-33500: XSS

Summary The incomplete XSS fix in AVideo's ParsedownSafeWithLinks class overrides inlineMarkup for raw HTML but does not override inlineLink or inlineUrlTag, allowing javascript: URLs in markdown link syntax to bypass sanitization. Affected Package - Ecosystem: Other - Package: AVideo - Affected...

WWBN AVideo has an Incomplete fix: Directory traversal bypass via query string in ReceiveImage downloadURL parameters

Summary The directory traversal fix introduced in commit 2375eb5e0 for objects/aVideoEncoderReceiveImage.json.php only checks the URL path component via parseurl$url, PHPURLPATH for .. sequences. However, the downstream function trygetcontentsfromlocal in objects/functionsFile.php uses...

CVE-2026-34160

creationtimestamp| type| source ---|---|--- 2026-04-14 23:21:52+00:00| seen| Telegram/jHpVmdM968c9lFQ4KStSRALTqvtLmQ8NC1zLLnKyLbbys0E 2026-04-15 14:09:42+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mjk347by7p2w 2026-04-29 22:02:37+00:00| seen|...

CVE-2026-40683

creationtimestamp| type| source ---|---|--- 2026-04-14 20:19:08+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mji7bvc7ln27 2026-04-14 21:25:42+00:00| published-proof-of-concept| Telegram/YBv3RW-vRVGMDDlTI6JsAJBRTWorFJbZdjQQujfRdi3MBhU...

CVE-2026-35594

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, Vikunja's link share authentication GetLinkShareFromClaims in pkg/models/linksharing.go constructs authorization objects entirely from JWT claims without any server-side database validation. When a project owner delet...

CVE-2026-5983

A vulnerability was determined in D-Link DIR-605L 2.13B01. This issue affects the function formSetDDNS of the file /goform/formSetDDNS of the component POST Request Handler. Executing a manipulation of the argument curTime can lead to buffer overflow. The attack can be executed remotely. The...

EUVD-2026-22593

Improper link resolution before file access 'link following' in Universal Plug and Play upnp.dll allows an authorized attacker to disclose information locally...

CVE-2026-4913

creationtimestamp| type| source ---|---|--- 2026-04-14 18:27:11+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjhyzpl32h2x 2026-04-15 13:55:13+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mjk2cdepzo2r 2026-04-15 14:45:22+00:00| seen|...

CVE-2026-34629

creationtimestamp| type| source ---|---|--- 2026-04-14 18:21:34+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mjhypoe3v227 2026-04-14 20:17:19+00:00| seen| Telegram/l9bSu4t-Z8RXv5R9-n5DGKDhjKFYmQA28Cy4bVCP0NEotQk 2026-04-14 20:17:42+00:00| seen|...

CVE-2026-34628

creationtimestamp| type| source ---|---|--- 2026-04-14 18:21:27+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mjhyphhnwm2h 2026-04-14 20:17:19+00:00| seen| Telegram/l9bSu4t-Z8RXv5R9-n5DGKDhjKFYmQA28Cy4bVCP0NEotQk 2026-04-14 20:23:38+00:00| seen|...

CVE-2026-34614

Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser...

CVE-2026-32212

Improper link resolution before file access 'link following' in Universal Plug and Play upnp.dll allows an authorized attacker to disclose information locally...

CVE-2026-37601

creationtimestamp| type| source ---|---|--- 2026-04-14 17:52:44+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjhx44uxzz2t...

CVE-2026-2400

creationtimestamp| type| source ---|---|--- 2026-04-14 17:47:30+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjhwsqvbmg2z...

CVE-2026-37595

creationtimestamp| type| source ---|---|--- 2026-04-14 17:43:02+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjhwkr7uwb2z...

CVE-2026-37594

creationtimestamp| type| source ---|---|--- 2026-04-14 17:37:21+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjhwamgi262t...

CVE-2026-37597

creationtimestamp| type| source ---|---|--- 2026-04-14 17:35:41+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjhw5mleb42x...

CVE-2026-34617 Adobe Connect | Cross-site Scripting (XSS) (CWE-79)

Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Cross-Site Scripting XSS vulnerability that could result in privilege escalation. A low-privileged attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or contr...

CVE-2026-21331

Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser...