CVE-2026-35535 - Sudo Privilege Escalation Vulnerability
Published: Fri, 03 Apr 2026 02:21:33 +0000
CVE ID :CVE-2026-35535
Published : April 3, 2026, 2:21 a.m. | 44 minutes ago
Description :In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation.
Severity: 7.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-35508 - Shynet XSS Vulnerability in urldisplay and iconify Template Filters
Published: Fri, 03 Apr 2026 02:16:15 +0000
CVE ID :CVE-2026-35508
Published : April 3, 2026, 2:16 a.m. | 50 minutes ago
Description :Shynet before 0.14.0 allows XSS in urldisplay and iconify template filters,
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-35507 - Shynet Host Header Injection Vulnerability
Published: Fri, 03 Apr 2026 02:16:15 +0000
CVE ID :CVE-2026-35507
Published : April 3, 2026, 2:16 a.m. | 50 minutes ago
Description :Shynet before 0.14.0 allows Host header injection in the password reset flow.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-28815 - Apple Swift-Crypto Out-of-Bounds Read
Published: Fri, 03 Apr 2026 01:32:28 +0000
CVE ID :CVE-2026-28815
Published : April 3, 2026, 1:32 a.m. | 1 hour, 33 minutes ago
Description :A remote attacker can supply a short X-Wing HPKE encapsulated key and trigger an out-of-bounds read in the C decapsulation path, potentially causing a crash or memory disclosure depending on runtime protections. This issue is fixed in swift-crypto version 4.3.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-33107 - Azure Databricks Elevation of Privilege Vulnerability
Published: Fri, 03 Apr 2026 00:16:05 +0000
CVE ID :CVE-2026-33107
Published : April 3, 2026, 12:16 a.m. | 2 hours, 50 minutes ago
Description :Server-side request forgery (ssrf) in Azure Databricks allows an unauthorized attacker to elevate privileges over a network.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-33105 - Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability
Published: Fri, 03 Apr 2026 00:16:05 +0000
CVE ID :CVE-2026-33105
Published : April 3, 2026, 12:16 a.m. | 2 hours, 50 minutes ago
Description :Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over a network.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-32213 - Azure AI Foundry Elevation of Privilege Vulnerability
Published: Fri, 03 Apr 2026 00:16:04 +0000
CVE ID :CVE-2026-32213
Published : April 3, 2026, 12:16 a.m. | 2 hours, 50 minutes ago
Description :Improper authorization in Azure AI Foundry allows an unauthorized attacker to elevate privileges over a network.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-32211 - Azure MCP Server Information Disclosure Vulnerability
Published: Fri, 03 Apr 2026 00:16:04 +0000
CVE ID :CVE-2026-32211
Published : April 3, 2026, 12:16 a.m. | 2 hours, 50 minutes ago
Description :Missing authentication for critical function in Azure MCP Server allows an unauthorized attacker to disclose information over a network.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-32173 - Azure SRE Agent Information Disclosure Vulnerability
Published: Fri, 03 Apr 2026 00:16:04 +0000
CVE ID :CVE-2026-32173
Published : April 3, 2026, 12:16 a.m. | 2 hours, 50 minutes ago
Description :Improper authentication in Azure SRE Agent allows an unauthorized attacker to disclose information over a network.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-26135 - Azure Custom Locations Resource Provider (RP) Elevation of Privilege Vulnerability
Published: Fri, 03 Apr 2026 00:16:04 +0000
CVE ID :CVE-2026-26135
Published : April 3, 2026, 12:16 a.m. | 2 hours, 50 minutes ago
Description :Server-side request forgery (ssrf) in Azure Custom Locations Resource Provider (RP) allows an authorized attacker to elevate privileges over a network.
Severity: 9.6 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2022-4986 - Hirschmann EagleSDV Denial of Service via TLS
Published: Thu, 02 Apr 2026 22:16:23 +0000
CVE ID :CVE-2022-4986
Published : April 2, 2026, 10:16 p.m. | 4 hours, 49 minutes ago
Description :Hirschmann EagleSDV version 05.4.01 prior to 05.4.02 contains a denial-of-service vulnerability that causes the device to crash during session establishment when using TLS 1.0 or TLS 1.1. Attackers can trigger a crash by initiating TLS connections with these protocol versions to disrupt service availability.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-35467 - Private Key stored as extractable in browser IndexeDB
Published: Thu, 02 Apr 2026 21:16:40 +0000
CVE ID :CVE-2026-35467
Published : April 2, 2026, 9:16 p.m. | 5 hours, 49 minutes ago
Description :The stored API keys in temporary browser client is not marked as protected allowing for JavScript console or other errors to allow for extraction of the encryption credentials.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-35466 - Stored XSS via unsanitized input from remote service
Published: Thu, 02 Apr 2026 21:16:40 +0000
CVE ID :CVE-2026-35466
Published : April 2, 2026, 9:16 p.m. | 5 hours, 49 minutes ago
Description :XSS vulnerability in cveInterface.js allows for inject HTML to be passed to display, as cveInterface trusts input from CVE API services
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-30252 - Interzen Consulting S.r.l ZenShare Suite Cross-Site Scripting (XSS)
Published: Thu, 02 Apr 2026 21:16:40 +0000
CVE ID :CVE-2026-30252
Published : April 2, 2026, 9:16 p.m. | 5 hours, 49 minutes ago
Description :Multiple reflected cross-site scripting (XSS) vulnerabilities in the login.php endpoint of Interzen Consulting S.r.l ZenShare Suite v17.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via a crafted URL injected into the codice_azienda and red_url parameters.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-30251 - Interzen Consulting S.r.l ZenShare Suite Reflected Cross-Site Scripting (XSS)
Published: Thu, 02 Apr 2026 21:16:40 +0000
CVE ID :CVE-2026-30251
Published : April 2, 2026, 9:16 p.m. | 5 hours, 49 minutes ago
Description :A reflected cross-site scripting (XSS) vulnerability in the login_newpwd.php endpoint of Interzen Consulting S.r.l ZenShare Suite v17.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via a crafted URL injected into the codice_azienda parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-15620 - HiOS Switch Platform Denial-of-Service via Web Interface
Published: Thu, 02 Apr 2026 21:16:40 +0000
CVE ID :CVE-2025-15620
Published : April 2, 2026, 9:16 p.m. | 5 hours, 49 minutes ago
Description :HiOS Switch Platform versions 09.1.00 prior to 09.4.05 and 10.3.01 contains a denial-of-service vulnerability in the web interface that allows remote attackers to reboot the affected device by sending a malicious HTTP GET request to a specific endpoint. Attackers can trigger an uncontrolled reboot condition through crafted HTTP requests to cause service disruption and unavailability of the switch.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-14033 - Hirschmann EagleSDV Denial of Service via TLS
Published: Thu, 02 Apr 2026 21:16:39 +0000
CVE ID :CVE-2024-14033
Published : April 2, 2026, 9:16 p.m. | 5 hours, 49 minutes ago
Description :Hirschmann Industrial IT products (BAT-R, BAT-F, BAT450-F, BAT867-R, BAT867-F, WLC, BAT Controller Virtual) contain a heap overflow vulnerability in the HiLCOS web interface that allows unauthenticated remote attackers to trigger a denial-of-service condition by sending specially crafted requests to the web interface. Attackers can exploit this heap overflow to crash the affected device and cause service disruption, particularly in configurations where the Public Spot functionality is enabled.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-5420 - Shinrays Games Goods Triple App cats.goods.sort.sorting.games jRwTX.java hard-coded key
Published: Thu, 02 Apr 2026 20:16:29 +0000
CVE ID :CVE-2026-5420
Published : April 2, 2026, 8:16 p.m. | 6 hours, 49 minutes ago
Description :A security flaw has been discovered in Shinrays Games Goods Triple App up to 1.200. The affected element is an unknown function of the file jRwTX.java of the component cats.goods.sort.sorting.games. Performing a manipulation of the argument AES_IV/AES_PASSWORD results in use of hard-coded cryptographic key
. Attacking locally is a requirement. The complexity of an attack is rather high. The exploitability is described as difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 2.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-35383 - Bentley Systems iTwin Platform exposed access token
Published: Thu, 02 Apr 2026 20:16:29 +0000
CVE ID :CVE-2026-35383
Published : April 2, 2026, 8:16 p.m. | 6 hours, 49 minutes ago
Description :Bentley Systems iTwin Platform exposed a Cesium ion access token in the source of some web pages. An unauthenticated attacker could use this token to enumerate or delete certain assets. As of 2026-03-27, the token is no longer present in the web pages and cannot be used to enumerate or delete assets.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-35053 - OneUptime: Unauthenticated Workflow Execution via ManualAPI
Published: Thu, 02 Apr 2026 20:16:29 +0000
CVE ID :CVE-2026-35053
Published : April 2, 2026, 8:16 p.m. | 6 hours, 49 minutes ago
Description :OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, the Worker service's ManualAPI exposes workflow execution endpoints (GET /workflow/manual/run/:workflowId and POST /workflow/manual/run/:workflowId) without any authentication middleware. An attacker who can obtain or guess a workflow ID can trigger arbitrary workflow execution with attacker-controlled input data, enabling JavaScript code execution, notification abuse, and data manipulation. This issue has been patched in version 10.0.42.
Severity: 9.2 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-34932 - hoppscotch: Stored XSS via mock server responses on backend origin
Published: Thu, 02 Apr 2026 20:16:28 +0000
CVE ID :CVE-2026-34932
Published : April 2, 2026, 8:16 p.m. | 6 hours, 49 minutes ago
Description :hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, there is a stored XSS vulnerability that can lead to CSRF. This issue has been patched in version 2026.3.0.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-34931 - hoppscotch: Improper loopback redirect_uri validation in device-login flow
Published: Thu, 02 Apr 2026 20:16:28 +0000
CVE ID :CVE-2026-34931
Published : April 2, 2026, 8:16 p.m. | 6 hours, 49 minutes ago
Description :hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, there is an open redirect vulnerability that leads to token exfiltration. With these tokens, the attacker can sign in as the victim to takeover their account. This issue has been patched in version 2026.3.0.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-34848 - hoppscotch: Stored XSS in team member overflow tooltip via display name
Published: Thu, 02 Apr 2026 20:16:28 +0000
CVE ID :CVE-2026-34848
Published : April 2, 2026, 8:16 p.m. | 6 hours, 49 minutes ago
Description :hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, there is a stored XSS vulnerability in the team member overflow tooltip via display name. This issue has been patched in version 2026.3.0.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-34847 - hoppscotch: Open redirect via `/enter?redirect=`
Published: Thu, 02 Apr 2026 20:16:28 +0000
CVE ID :CVE-2026-34847
Published : April 2, 2026, 8:16 p.m. | 6 hours, 49 minutes ago
Description :hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, the /enter page contains a DOM-based open redirect vulnerability. The redirect query parameter is directly used to construct a URL and redirect the user without proper validation. This issue has been patched in version 2026.3.0.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-34840 - OneUptime SSO: Multi-Assertion Identity Injection via Decoupled Signature Verification
Published: Thu, 02 Apr 2026 20:16:28 +0000
CVE ID :CVE-2026-34840
Published : April 2, 2026, 8:16 p.m. | 6 hours, 49 minutes ago
Description :OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, OneUptime's SAML SSO implementation (App/FeatureSet/Identity/Utils/SSO.ts) has decoupled signature verification and identity extraction. isSignatureValid() verifies the first
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
