News & Sicurezza

CVE ID :CVE-2026-35047 Published : April 6, 2026, 5:25 p.m. | 30 minutes ago Description :Brave CMS is an open-source CMS. Prior to 2.0.6, an Unrestricted File Upload vulnerability in the CKEditor endpoint allows attackers to upload arbitrary files, including executable scripts. This may lead to Remote Code Execution (RCE) on the server, potentially resulting in full system compromise, data exfiltration, or service disruption. All users running affected versions of BraveCMS are impacted. This vulnerability is fixed in 2.0.6. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-35046 Published : April 6, 2026, 5:20 p.m. | 35 minutes ago Description :Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, Tandoor Recipes allows authenticated users to inject arbitrary tags into recipe step instructions. The bleach.clean() sanitizer explicitly whitelists the tag, causing the backend to persist and serve unsanitized CSS payloads via the API. Any client consuming instructions_markdown from the API and rendering it as HTML without additional sanitization will execute attacker-controlled CSS — enabling UI redressing, phishing overlays, visual defacement, and CSS-based data exfiltration. This vulnerability is fixed in 2.6.4. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-35045 Published : April 6, 2026, 5:17 p.m. | 37 minutes ago Description :Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, the PUT /api/recipe/batch_update/ endpoint in Tandoor Recipes allows any authenticated user within a Space to modify any recipe in that Space, including recipes marked as private by other users. This bypasses all object-level authorization checks enforced on standard single-recipe endpoints (PUT /api/recipe/{id}/), enabling forced exposure of private recipes, unauthorized self-grant of access via the shared list, and metadata tampering. This vulnerability is fixed in 2.6.4. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

A vulnerability has been found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This vulnerability affects unknown code of the file /login.php of the component Parameter Handler. Such manipulation of the argument Password leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet.

CVE ID :CVE-2026-5670 Published : April 6, 2026, 5:17 p.m. | 38 minutes ago Description :A vulnerability was found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This issue affects the function move_uploaded_file of the file /AssignmentSection/submission/upload.php. Performing a manipulation of the argument File results in unrestricted upload. The attack can be initiated remotely. The exploit has been made public and could be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet. Severity: 6.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-5668 Published : April 6, 2026, 5:17 p.m. | 38 minutes ago Description :A flaw has been found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This affects an unknown part of the file /admin/Add%20notice/add%20notice.php. This manipulation of the argument $_SERVER['PHP_SELF'] causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been published and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet. Severity: 4.8 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-35039 Published : April 6, 2026, 5:17 p.m. | 38 minutes ago Description :fast-jwt provides fast JSON Web Token (JWT) implementation. From 0.0.1 to before 6.1.0, setting up a custom cacheKeyBuilder method which does not properly create unique keys for different tokens can lead to cache collisions. This could cause tokens to be mis-identified during the verification process leading to valid tokens returning claims from different valid tokens and users being mis-identified as other users based on the wrong token. Severity: 9.1 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-35042 Published : April 6, 2026, 5:17 p.m. | 38 minutes ago Description :fast-jwt provides fast JSON Web Token (JWT) implementation. In 6.1.0 and earlier, fast-jwt does not validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that fast-jwt does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC. Severity: 7.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-35037 Published : April 6, 2026, 5:17 p.m. | 38 minutes ago Description :Ech0 is an open-source, self-hosted publishing platform for personal idea sharing. Prior to 4.2.8, the GET /api/website/title endpoint accepts an arbitrary URL via the website_url query parameter and makes a server-side HTTP request to it without any validation of the target host or IP address. The endpoint requires no authentication. An attacker can use this to reach internal network services, cloud metadata endpoints (169.254.169.254), and localhost-bound services, with partial response data exfiltrated via the HTML tag extraction This vulnerability is fixed in 4.2.8. Severity: 7.2 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-34989 Published : April 6, 2026, 5:17 p.m. | 38 minutes ago Description :CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 31.0.0.0, the application fails to properly sanitize user-controlled input when users update their profile name (e.g., full name / username). An attacker can inject a malicious JavaScript payload into their profile name, which is then stored server-side. This stored payload is later rendered unsafely in multiple application views without proper output encoding, leading to stored cross-site scripting (XSS). This vulnerability is fixed in 31.0.0.0. Severity: 9.4 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-34992 Published : April 6, 2026, 5:17 p.m. | 38 minutes ago Description :Antrea is a Kubernetes networking solution intended to be Kubernetes native. Prior to 2.4.5 and 2.5.2, a missing encryption vulnerability affects inter-Node Pod traffic. In Antrea clusters configured for dual-stack networking with IPsec encryption enabled (trafficEncryptionMode: ipsec), Antrea fails to apply encryption for IPv6 Pod traffic. While the IPv4 traffic is correctly encrypted via ESP (Encapsulating Security Payload), traffic using IPv6 is transmitted in plaintext. This occurs because the packets are encapsulated (using Geneve or VXLAN) but bypass the IPsec encryption layer. Impacted Users: users with dual-stack clusters and IPsec encryption enabled. Single-stack IPv4 or IPv6 clusters are not affected. This vulnerability is fixed in 2.4.5 and 2.5.2. Severity: 7.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-35029 Published : April 6, 2026, 5:17 p.m. | 38 minutes ago Description :LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.83.0, the /config/update endpoint does not enforce admin role authorization. A user who is already authenticated into the platform can then use this endpoint to modify proxy configuration and environment variables, register custom pass-through endpoint handlers pointing to attacker-controlled Python code, achieving remote code execution, read arbitrary server files by setting UI_LOGO_PATH and fetching via /get_image, and take over other privileged accounts by overwriting UI_USERNAME and UI_PASSWORD environment variables. Fixed in v1.83.0. Severity: 8.7 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...