{"sector":{"id":"finance","name":"Finance & Banking","sector":"financial-services","description":"Retail and corporate banking, payment processors, card networks, and fintech.\nOptimised for threats touching the payment rails, online banking and core\nbanking systems.","visibility":"public"},"top_24h":[{"id":"3c8f8c4e-3e8d-4414-a88a-44f743a92733","threat_type":"cve","title":"In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticate","summary":"In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal attack. By supplying a maliciously crafted fileName parameter during a file upload operation, an attacker can bypass intended storage boundaries and write arbitrary files to any location on the host filesystem accessible by the Java process. This can lead to Remote Code Execution (RCE) and complete system compromise.","severity":"critical","cvss_score":10.0,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","cvss_version":"3.1","tags":["nvd"],"published_at":"2026-05-05T16:16:18.360000Z","last_modified_at":"2026-05-05T19:46:44.895742Z","external_id":"CVE-2026-7411","description":"In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal attack. By supplying a maliciously crafted fileName parameter during a file upload operation, an attacker can bypass intended storage boundaries and write arbitrary files to any location on the host filesystem accessible by the Java process. This can lead to Remote Code Execution (RCE) and complete system compromise.","affected_products":[],"references":["https://gitlab.eclipse.org/security/cve-assignment/-/issues/102","https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/423"],"sources":["nvd"],"score":65.0,"score_breakdown":{"technology_match":{"hit":true,"matched":["Java"],"points":30},"keyword_match":{"hit":false,"matched":[],"points":0},"cwe_match":{"hit":true,"matched":["CWE-22"],"points":20},"cvss_threshold":{"hit":true,"threshold":7.0,"cvss_score":10.0,"points":15},"priority_boost":{"hit":false,"matched":[],"points":0},"excluded":{"hit":false,"matched":[],"points":0},"kev":{"hit":false,"points":0},"actively_exploited":{"hit":false,"points":0},"ransomware":{"hit":false,"points":0},"multi_source":{"hit":false,"source_count":1,"points":0},"package_match":{"hit":false,"matched":[],"points":0},"raw_total":65,"final_score":65.0},"calculated_at":"2026-05-06T02:00:15.515359Z"},{"id":"83f1048d-29c7-4635-b012-e3bee2bfb6bf","threat_type":"cve","title":"OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the `/openmr","summary":"OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the `/openmrs/moduleResources/{moduleid}` endpoint is vulnerable to a path traversal attack. The ModuleResourcesServlet constructs a filesystem path from user-controlled input without performing path boundary validation — the getFile() method concatenates the user-supplied path into an absolute filesystem path without calling normalize() or checking that the result stays within the allowed module resources directory. Because this endpoint serves static resources required for rendering the login page, it is not protected by authentication filters, allowing unauthenticated exploitation.\n\nAn attacker can traverse directories and read arbitrary files from the server filesystem, including /etc/passwd and application configuration files containing database credentials. Successful exploitation requires the target deployment to run on Apache Tomcat versions prior to 8.5.31, where the ..; path parameter bypass is not mitigated by the container. Deployments on Tomcat 8.5.31 or later and Tomcat 9.0.10 or later are protected at the container level, though the underlying code defect remains. This issue has been fixed in versions after 2.7.8 (within the 2.7.x branch) and in version 2.8.6 and later.","severity":"unknown","cvss_score":null,"cvss_vector":null,"cvss_version":null,"tags":["nvd"],"published_at":"2026-05-05T22:16:00.520000Z","last_modified_at":"2026-05-05T22:49:38.059873Z","external_id":"CVE-2026-40075","description":"OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the `/openmrs/moduleResources/{moduleid}` endpoint is vulnerable to a path traversal attack. The ModuleResourcesServlet constructs a filesystem path from user-controlled input without performing path boundary validation — the getFile() method concatenates the user-supplied path into an absolute filesystem path without calling normalize() or checking that the result stays within the allowed module resources directory. Because this endpoint serves static resources required for rendering the login page, it is not protected by authentication filters, allowing unauthenticated exploitation.\n\nAn attacker can traverse directories and read arbitrary files from the server filesystem, including /etc/passwd and application configuration files containing database credentials. Successful exploitation requires the target deployment to run on Apache Tomcat versions prior to 8.5.31, where the ..; path parameter bypass is not mitigated by the container. Deployments on Tomcat 8.5.31 or later and Tomcat 9.0.10 or later are protected at the container level, though the underlying code defect remains. This issue has been fixed in versions after 2.7.8 (within the 2.7.x branch) and in version 2.8.6 and later.","affected_products":[],"references":["https://github.com/openmrs/openmrs-core/security/advisories/GHSA-jjgj-cx3q-pw4w"],"sources":["nvd"],"score":50.0,"score_breakdown":{"technology_match":{"hit":true,"matched":["Tomcat"],"points":30},"keyword_match":{"hit":false,"matched":[],"points":0},"cwe_match":{"hit":true,"matched":["CWE-22"],"points":20},"cvss_threshold":{"hit":false,"threshold":7.0,"cvss_score":null,"points":0},"priority_boost":{"hit":false,"matched":[],"points":0},"excluded":{"hit":false,"matched":[],"points":0},"kev":{"hit":false,"points":0},"actively_exploited":{"hit":false,"points":0},"ransomware":{"hit":false,"points":0},"multi_source":{"hit":false,"source_count":1,"points":0},"package_match":{"hit":false,"matched":[],"points":0},"raw_total":50,"final_score":50.0},"calculated_at":"2026-05-06T02:00:16.356081Z"},{"id":"8747cd08-0545-4a69-960d-e0bafb485278","threat_type":"cve","title":"SQLBot is an intelligent Text-to-SQL system based on large language models and RAG. In versions 1.7.0 and earlier, the Text2SQL chat interface is vuln","summary":"SQLBot is an intelligent Text-to-SQL system based on large language models and RAG. In versions 1.7.0 and earlier, the Text2SQL chat interface is vulnerable to prompt injection. The user-provided question parameter is directly concatenated into the LLM prompt without filtering or escaping, and the SQL extracted from the LLM response is executed against the database without validation or sanitization. An authenticated attacker can craft a malicious question to manipulate the LLM into generating and executing arbitrary SQL statements. When connected to a PostgreSQL data source, this can lead to remote code execution via COPY FROM PROGRAM. This issue has been fixed in version 1.7.1.","severity":"unknown","cvss_score":null,"cvss_vector":null,"cvss_version":null,"tags":["nvd"],"published_at":"2026-05-05T20:16:36.317000Z","last_modified_at":"2026-05-05T20:47:40.316371Z","external_id":"CVE-2026-33324","description":"SQLBot is an intelligent Text-to-SQL system based on large language models and RAG. In versions 1.7.0 and earlier, the Text2SQL chat interface is vulnerable to prompt injection. The user-provided question parameter is directly concatenated into the LLM prompt without filtering or escaping, and the SQL extracted from the LLM response is executed against the database without validation or sanitization. An authenticated attacker can craft a malicious question to manipulate the LLM into generating and executing arbitrary SQL statements. When connected to a PostgreSQL data source, this can lead to remote code execution via COPY FROM PROGRAM. This issue has been fixed in version 1.7.1.","affected_products":[],"references":["https://github.com/dataease/SQLBot/security/advisories/GHSA-q2q6-gqqh-4xrx"],"sources":["nvd"],"score":50.0,"score_breakdown":{"technology_match":{"hit":true,"matched":["PostgreSQL"],"points":30},"keyword_match":{"hit":false,"matched":[],"points":0},"cwe_match":{"hit":true,"matched":["CWE-89"],"points":20},"cvss_threshold":{"hit":false,"threshold":7.0,"cvss_score":null,"points":0},"priority_boost":{"hit":false,"matched":[],"points":0},"excluded":{"hit":false,"matched":[],"points":0},"kev":{"hit":false,"points":0},"actively_exploited":{"hit":false,"points":0},"ransomware":{"hit":false,"points":0},"multi_source":{"hit":false,"source_count":1,"points":0},"package_match":{"hit":false,"matched":[],"points":0},"raw_total":50,"final_score":50.0},"calculated_at":"2026-05-06T02:00:16.039787Z"},{"id":"14ec7f38-462e-4d09-b598-e85a3be6f8cf","threat_type":"cve","title":"In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feature fails to validate the destination URI of deleg","summary":"In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feature fails to validate the destination URI of delegated requests. An unauthenticated remote attacker can exploit this design flaw to force the BaSyx server to execute blind HTTP POST requests to arbitrary internal or external targets. This allows an attacker to bypass network segmentation and pivot into isolated internal IT/OT infrastructure or target Cloud Metadata services (IMDS).","severity":"high","cvss_score":8.6,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N","cvss_version":"3.1","tags":["nvd"],"published_at":"2026-05-05T16:16:18.480000Z","last_modified_at":"2026-05-05T19:46:44.918923Z","external_id":"CVE-2026-7412","description":"In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feature fails to validate the destination URI of delegated requests. An unauthenticated remote attacker can exploit this design flaw to force the BaSyx server to execute blind HTTP POST requests to arbitrary internal or external targets. This allows an attacker to bypass network segmentation and pivot into isolated internal IT/OT infrastructure or target Cloud Metadata services (IMDS).","affected_products":[],"references":["https://gitlab.eclipse.org/security/cve-assignment/-/issues/103","https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/423"],"sources":["nvd"],"score":45.0,"score_breakdown":{"technology_match":{"hit":true,"matched":["Java"],"points":30},"keyword_match":{"hit":false,"matched":[],"points":0},"cwe_match":{"hit":false,"matched":[],"points":0},"cvss_threshold":{"hit":true,"threshold":7.0,"cvss_score":8.6,"points":15},"priority_boost":{"hit":false,"matched":[],"points":0},"excluded":{"hit":false,"matched":[],"points":0},"kev":{"hit":false,"points":0},"actively_exploited":{"hit":false,"points":0},"ransomware":{"hit":false,"points":0},"multi_source":{"hit":false,"source_count":1,"points":0},"package_match":{"hit":false,"matched":[],"points":0},"raw_total":45,"final_score":45.0},"calculated_at":"2026-05-06T02:00:15.564111Z"},{"id":"e478ff62-dbbd-491f-8ebe-6248ab8f7055","threat_type":"cve","title":"The Gravity Bookings Premium plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.5.9 due to insufficient escap","summary":"The Gravity Bookings Premium plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.5.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","severity":"high","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","cvss_version":"3.1","tags":["nvd"],"published_at":"2026-05-06T10:16:18.903000Z","last_modified_at":"2026-05-06T14:04:51.638970Z","external_id":"CVE-2026-1719","description":"The Gravity Bookings Premium plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.5.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","affected_products":[],"references":["https://gravitybooking.com/","https://www.wordfence.com/threat-intel/vulnerabilities/id/ce032abe-ee9d-4be1-ac97-5fa95d598e85?source=cve"],"sources":["nvd"],"score":35.0,"score_breakdown":{"technology_match":{"hit":false,"matched":[],"points":0},"keyword_match":{"hit":false,"matched":[],"points":0},"cwe_match":{"hit":true,"matched":["CWE-89"],"points":20},"cvss_threshold":{"hit":true,"threshold":7.0,"cvss_score":7.5,"points":15},"priority_boost":{"hit":false,"matched":[],"points":0},"excluded":{"hit":false,"matched":[],"points":0},"kev":{"hit":false,"points":0},"actively_exploited":{"hit":false,"points":0},"ransomware":{"hit":false,"points":0},"multi_source":{"hit":false,"source_count":1,"points":0},"package_match":{"hit":false,"matched":[],"points":0},"raw_total":35,"final_score":35.0},"calculated_at":"2026-05-06T14:04:56.047935Z"},{"id":"f5ca24a5-761c-4767-81b0-a44a82633d50","threat_type":"cve","title":"The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'first_n","summary":"The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'first_name' parameter in all versions up to, and including, 5.5.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","severity":"high","cvss_score":7.2,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","cvss_version":"3.1","tags":["nvd"],"published_at":"2026-05-06T08:16:04.230000Z","last_modified_at":"2026-05-06T14:04:51.594543Z","external_id":"CVE-2026-7448","description":"The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'first_name' parameter in all versions up to, and including, 5.5.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","affected_products":[],"references":["https://plugins.trac.wordpress.org/browser/latepoint/tags/5.3.2/lib/controllers/activities_controller.php#L270","https://plugins.trac.wordpress.org/browser/latepoint/tags/5.3.2/lib/helpers/email_helper.php#L50","https://plugins.trac.wordpress.org/browser/latepoint/tags/5.3.2/lib/helpers/replacer_helper.php#L276","https://plugins.trac.wordpress.org/browser/latepoint/tags/5.3.2/lib/models/customer_model.php#L376","https://plugins.trac.wordpress.org/browser/latepoint/tags/5.5.0/lib/controllers/activities_controller.php#L270","https://plugins.trac.wordpress.org/browser/latepoint/tags/5.5.0/lib/helpers/email_helper.php#L50","https://plugins.trac.wordpress.org/browser/latepoint/tags/5.5.0/lib/helpers/replacer_helper.php#L276","https://plugins.trac.wordpress.org/browser/latepoint/tags/5.5.0/lib/models/customer_model.php#L376","https://plugins.trac.wordpress.org/browser/latepoint/trunk/lib/controllers/activities_controller.php#L270","https://plugins.trac.wordpress.org/browser/latepoint/trunk/lib/helpers/email_helper.php#L50","https://plugins.trac.wordpress.org/browser/latepoint/trunk/lib/helpers/replacer_helper.php#L276","https://plugins.trac.wordpress.org/browser/latepoint/trunk/lib/models/customer_model.php#L376","https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3522933%40latepoint%2Ftrunk&old=3516282%40latepoint%2Ftrunk&sfp_email=&sfph_mail=","https://www.wordfence.com/threat-intel/vulnerabilities/id/c8eedec9-d8d4-4052-baec-29f83ac306ac?source=cve"],"sources":["nvd"],"score":35.0,"score_breakdown":{"technology_match":{"hit":false,"matched":[],"points":0},"keyword_match":{"hit":false,"matched":[],"points":0},"cwe_match":{"hit":true,"matched":["CWE-79"],"points":20},"cvss_threshold":{"hit":true,"threshold":7.0,"cvss_score":7.2,"points":15},"priority_boost":{"hit":false,"matched":[],"points":0},"excluded":{"hit":false,"matched":[],"points":0},"kev":{"hit":false,"points":0},"actively_exploited":{"hit":false,"points":0},"ransomware":{"hit":false,"points":0},"multi_source":{"hit":false,"source_count":1,"points":0},"package_match":{"hit":false,"matched":[],"points":0},"raw_total":35,"final_score":35.0},"calculated_at":"2026-05-06T14:04:56.043784Z"},{"id":"7dfec3c4-23f4-4403-bf5c-d95cd65a1f93","threat_type":"cve","title":"The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'booking","summary":"The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'booking_form_page_url' parameter in all versions up to, and including, 5.5.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The malicious activity log entry is written to the database even when Stripe is not configured, because the latepoint_order_intent_created action hook fires before the Stripe Connect account ID is validated, meaning a fully functional Stripe integration is not required for exploitation.","severity":"high","cvss_score":7.2,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","cvss_version":"3.1","tags":["nvd"],"published_at":"2026-05-06T08:16:04.090000Z","last_modified_at":"2026-05-06T14:04:51.574691Z","external_id":"CVE-2026-7332","description":"The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'booking_form_page_url' parameter in all versions up to, and including, 5.5.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The malicious activity log entry is written to the database even when Stripe is not configured, because the latepoint_order_intent_created action hook fires before the Stripe Connect account ID is validated, meaning a fully functional Stripe integration is not required for exploitation.","affected_products":[],"references":["https://plugins.trac.wordpress.org/browser/latepoint/tags/5.4.1/lib/controllers/activities_controller.php#L214","https://plugins.trac.wordpress.org/browser/latepoint/tags/5.4.1/lib/controllers/stripe_connect_controller.php#L260","https://plugins.trac.wordpress.org/browser/latepoint/tags/5.4.1/lib/helpers/activities_helper.php#L83","https://plugins.trac.wordpress.org/browser/latepoint/tags/5.5.0/lib/controllers/activities_controller.php#L214","https://plugins.trac.wordpress.org/browser/latepoint/tags/5.5.0/lib/controllers/stripe_connect_controller.php#L260","https://plugins.trac.wordpress.org/browser/latepoint/tags/5.5.0/lib/helpers/activities_helper.php#L83","https://plugins.trac.wordpress.org/browser/latepoint/trunk/lib/controllers/activities_controller.php#L214","https://plugins.trac.wordpress.org/browser/latepoint/trunk/lib/controllers/stripe_connect_controller.php#L260","https://plugins.trac.wordpress.org/browser/latepoint/trunk/lib/helpers/activities_helper.php#L83","https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3522933%40latepoint%2Ftrunk&old=3516282%40latepoint%2Ftrunk&sfp_email=&sfph_mail=","https://www.wordfence.com/threat-intel/vulnerabilities/id/c03ddcf0-6955-4645-b311-c3833ca61455?source=cve"],"sources":["nvd"],"score":35.0,"score_breakdown":{"technology_match":{"hit":false,"matched":[],"points":0},"keyword_match":{"hit":false,"matched":[],"points":0},"cwe_match":{"hit":true,"matched":["CWE-79"],"points":20},"cvss_threshold":{"hit":true,"threshold":7.0,"cvss_score":7.2,"points":15},"priority_boost":{"hit":false,"matched":[],"points":0},"excluded":{"hit":false,"matched":[],"points":0},"kev":{"hit":false,"points":0},"actively_exploited":{"hit":false,"points":0},"ransomware":{"hit":false,"points":0},"multi_source":{"hit":false,"source_count":1,"points":0},"package_match":{"hit":false,"matched":[],"points":0},"raw_total":35,"final_score":35.0},"calculated_at":"2026-05-06T14:04:56.025564Z"},{"id":"e7abeea8-c2f3-41a1-be26-eef6839afb8a","threat_type":"cve","title":"In ProFTPD through 1.3.9a before 7666224, a SQL injection vulnerability in sqltab_fetch_clients_cb() in contrib/mod_wrap2_sql.c allows a remote attack","summary":"In ProFTPD through 1.3.9a before 7666224, a SQL injection vulnerability in sqltab_fetch_clients_cb() in contrib/mod_wrap2_sql.c allows a remote attacker to inject arbitrary SQL commands via a crafted domain name that is accessed in a reverse DNS lookup. When \"UseReverseDNS on\" is enabled, the attacker-supplied hostname is passed unescaped into SQL queries. The character restrictions of DNS names may affect exploitability.","severity":"high","cvss_score":8.1,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","cvss_version":"3.1","tags":["nvd"],"published_at":"2026-05-05T20:16:39.680000Z","last_modified_at":"2026-05-05T20:47:40.773256Z","external_id":"CVE-2026-44331","description":"In ProFTPD through 1.3.9a before 7666224, a SQL injection vulnerability in sqltab_fetch_clients_cb() in contrib/mod_wrap2_sql.c allows a remote attacker to inject arbitrary SQL commands via a crafted domain name that is accessed in a reverse DNS lookup. When \"UseReverseDNS on\" is enabled, the attacker-supplied hostname is passed unescaped into SQL queries. The character restrictions of DNS names may affect exploitability.","affected_products":[],"references":["https://github.com/proftpd/proftpd/commit/766622456440fbca33abd7927c523673a11d1ed1","https://github.com/proftpd/proftpd/issues/2057"],"sources":["nvd"],"score":35.0,"score_breakdown":{"technology_match":{"hit":false,"matched":[],"points":0},"keyword_match":{"hit":false,"matched":[],"points":0},"cwe_match":{"hit":true,"matched":["CWE-89"],"points":20},"cvss_threshold":{"hit":true,"threshold":7.0,"cvss_score":8.1,"points":15},"priority_boost":{"hit":false,"matched":[],"points":0},"excluded":{"hit":false,"matched":[],"points":0},"kev":{"hit":false,"points":0},"actively_exploited":{"hit":false,"points":0},"ransomware":{"hit":false,"points":0},"multi_source":{"hit":false,"source_count":1,"points":0},"package_match":{"hit":false,"matched":[],"points":0},"raw_total":35,"final_score":35.0},"calculated_at":"2026-05-06T02:00:16.223257Z"},{"id":"baa220cf-8f89-4f83-be0a-a124fecb3295","threat_type":"cve","title":"OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. In versions 6.6.0 through 6.9.12, there is a priv","summary":"OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. In versions 6.6.0 through 6.9.12, there is a privilege escalation vulnerability that can be exploited by unauthenticated attackers to query the API as any existing user, including the default admin account. This issue has been fixed in version 6.9.13. As a workaround, the default admin can be disabled using the `APP__ADMIN__EXTERNALLY_MANAGED` configuration.","severity":"critical","cvss_score":9.8,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","cvss_version":"3.1","tags":["nvd"],"published_at":"2026-05-05T19:16:21.380000Z","last_modified_at":"2026-05-05T19:46:45.181090Z","external_id":"CVE-2026-27960","description":"OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. In versions 6.6.0 through 6.9.12, there is a privilege escalation vulnerability that can be exploited by unauthenticated attackers to query the API as any existing user, including the default admin account. This issue has been fixed in version 6.9.13. As a workaround, the default admin can be disabled using the `APP__ADMIN__EXTERNALLY_MANAGED` configuration.","affected_products":[],"references":["https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-6vvv-vmfr-xhrx"],"sources":["nvd"],"score":35.0,"score_breakdown":{"technology_match":{"hit":false,"matched":[],"points":0},"keyword_match":{"hit":false,"matched":[],"points":0},"cwe_match":{"hit":true,"matched":["CWE-287"],"points":20},"cvss_threshold":{"hit":true,"threshold":7.0,"cvss_score":9.8,"points":15},"priority_boost":{"hit":false,"matched":[],"points":0},"excluded":{"hit":false,"matched":[],"points":0},"kev":{"hit":false,"points":0},"actively_exploited":{"hit":false,"points":0},"ransomware":{"hit":false,"points":0},"multi_source":{"hit":false,"source_count":1,"points":0},"package_match":{"hit":false,"matched":[],"points":0},"raw_total":35,"final_score":35.0},"calculated_at":"2026-05-06T02:00:15.955429Z"},{"id":"78e11655-d312-4b18-9dc5-8854d460dfbc","threat_type":"cve","title":"A user able to connect to Agent 2 can inject an Oracle TNS connection string via the 'service' parameter. This can lead to Agent 2 connecting to an at","summary":"A user able to connect to Agent 2 can inject an Oracle TNS connection string via the 'service' parameter. This can lead to Agent 2 connecting to an attacker-controlled server and leaking Oracle database credentials if they are saved in a named session.","severity":"unknown","cvss_score":null,"cvss_vector":null,"cvss_version":null,"tags":["nvd"],"published_at":"2026-05-06T08:16:02.940000Z","last_modified_at":"2026-05-06T08:59:38.455880Z","external_id":"CVE-2026-23927","description":"A user able to connect to Agent 2 can inject an Oracle TNS connection string via the 'service' parameter. This can lead to Agent 2 connecting to an attacker-controlled server and leaking Oracle database credentials if they are saved in a named session.","affected_products":[],"references":["https://support.zabbix.com/browse/ZBX-27759"],"sources":["nvd"],"score":30.0,"score_breakdown":{"technology_match":{"hit":true,"matched":["Oracle Database"],"points":30},"keyword_match":{"hit":false,"matched":[],"points":0},"cwe_match":{"hit":false,"matched":[],"points":0},"cvss_threshold":{"hit":false,"threshold":7.0,"cvss_score":null,"points":0},"priority_boost":{"hit":false,"matched":[],"points":0},"excluded":{"hit":false,"matched":[],"points":0},"kev":{"hit":false,"points":0},"actively_exploited":{"hit":false,"points":0},"ransomware":{"hit":false,"points":0},"multi_source":{"hit":false,"source_count":1,"points":0},"package_match":{"hit":false,"matched":[],"points":0},"raw_total":30,"final_score":30.0},"calculated_at":"2026-05-06T08:59:38.759898Z"}],"top_7d":[{"id":"0da69b0c-abe3-484a-af6c-cc3bd2432dc7","threat_type":"cve","title":"cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to g","summary":"cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.","severity":"critical","cvss_score":9.8,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","cvss_version":"3.1","tags":["nvd","kev","actively-exploited","ransomware"],"published_at":"2026-04-29T22:17:34.339369Z","last_modified_at":"2026-05-06T09:22:37.673955Z","external_id":"CVE-2026-41940","description":"cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.","affected_products":["cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*","cpe:2.3:a:cpanel:whm:*:*:*:*:*:*:*:*","cpe:2.3:a:cpanel:wp_squared:*:*:*:*:*:wordpress:*:*"],"references":["https://docs.cpanel.net/release-notes/release-notes","https://docs.wpsquared.com/changelogs/versions/changelog/#13617","https://support.cpanel.net/hc/en-us/articles/40073787579671-cPanel-WHM-Security-Update-04-28-2026","https://www.namecheap.com/status-updates/ongoing-critical-security-vulnerability-in-cpanel-april-28-2026","https://www.vulncheck.com/advisories/cpanel-and-whm-authentication-bypass-via-login-flow","https://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940/","https://www.bleepingcomputer.com/news/security/critrical-cpanel-flaw-mass-exploited-in-sorry-ransomware-attacks/","https://github.com/watchtowrlabs/watchTowr-vs-cPanel-WHM-AuthBypass-to-RCE.py","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-41940"],"sources":["nvd","cisa_kev"],"score":75.0,"score_breakdown":{"technology_match":{"hit":false,"matched":[],"points":0},"keyword_match":{"hit":false,"matched":[],"points":0},"cwe_match":{"hit":false,"matched":[],"points":0},"cvss_threshold":{"hit":true,"threshold":7.0,"cvss_score":9.8,"points":15},"priority_boost":{"hit":false,"matched":[],"points":0},"excluded":{"hit":false,"matched":[],"points":0},"kev":{"hit":true,"points":25},"actively_exploited":{"hit":true,"points":15},"ransomware":{"hit":true,"points":15},"multi_source":{"hit":true,"source_count":2,"points":5},"package_match":{"hit":false,"matched":[],"points":0},"raw_total":75,"final_score":75.0},"calculated_at":"2026-05-06T09:23:13.847127Z"},{"id":"3c8f8c4e-3e8d-4414-a88a-44f743a92733","threat_type":"cve","title":"In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticate","summary":"In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal attack. By supplying a maliciously crafted fileName parameter during a file upload operation, an attacker can bypass intended storage boundaries and write arbitrary files to any location on the host filesystem accessible by the Java process. This can lead to Remote Code Execution (RCE) and complete system compromise.","severity":"critical","cvss_score":10.0,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","cvss_version":"3.1","tags":["nvd"],"published_at":"2026-05-05T16:16:18.360000Z","last_modified_at":"2026-05-05T19:46:44.895742Z","external_id":"CVE-2026-7411","description":"In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal attack. By supplying a maliciously crafted fileName parameter during a file upload operation, an attacker can bypass intended storage boundaries and write arbitrary files to any location on the host filesystem accessible by the Java process. This can lead to Remote Code Execution (RCE) and complete system compromise.","affected_products":[],"references":["https://gitlab.eclipse.org/security/cve-assignment/-/issues/102","https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/423"],"sources":["nvd"],"score":65.0,"score_breakdown":{"technology_match":{"hit":true,"matched":["Java"],"points":30},"keyword_match":{"hit":false,"matched":[],"points":0},"cwe_match":{"hit":true,"matched":["CWE-22"],"points":20},"cvss_threshold":{"hit":true,"threshold":7.0,"cvss_score":10.0,"points":15},"priority_boost":{"hit":false,"matched":[],"points":0},"excluded":{"hit":false,"matched":[],"points":0},"kev":{"hit":false,"points":0},"actively_exploited":{"hit":false,"points":0},"ransomware":{"hit":false,"points":0},"multi_source":{"hit":false,"source_count":1,"points":0},"package_match":{"hit":false,"matched":[],"points":0},"raw_total":65,"final_score":65.0},"calculated_at":"2026-05-06T02:00:15.515359Z"},{"id":"ad4209e2-ffa5-48d9-9979-98b819c23e42","threat_type":"cve","title":"A security flaw has been discovered in YunaiV yudao-cloud up to 3.8.0. This affects the function doFilterInternal of the file JwtAuthenticationTokenFi","summary":"A security flaw has been discovered in YunaiV yudao-cloud up to 3.8.0. This affects the function doFilterInternal of the file JwtAuthenticationTokenFilter.java of the component Ruoyi-Vue-Pro. Performing a manipulation of the argument mock-token results in improper authentication. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.","severity":"high","cvss_score":7.3,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","cvss_version":"3.1","tags":["nvd"],"published_at":"2026-05-04T00:16:39.633000Z","last_modified_at":"2026-05-05T19:46:41.230262Z","external_id":"CVE-2026-7710","description":"A security flaw has been discovered in YunaiV yudao-cloud up to 3.8.0. This affects the function doFilterInternal of the file JwtAuthenticationTokenFilter.java of the component Ruoyi-Vue-Pro. Performing a manipulation of the argument mock-token results in improper authentication. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.","affected_products":[],"references":["https://github.com/9str0IL/CVE/issues/5","https://vuldb.com/submit/806493","https://vuldb.com/vuln/360886","https://vuldb.com/vuln/360886/cti"],"sources":["nvd"],"score":65.0,"score_breakdown":{"technology_match":{"hit":true,"matched":["Java"],"points":30},"keyword_match":{"hit":false,"matched":[],"points":0},"cwe_match":{"hit":true,"matched":["CWE-287"],"points":20},"cvss_threshold":{"hit":true,"threshold":7.0,"cvss_score":7.3,"points":15},"priority_boost":{"hit":false,"matched":[],"points":0},"excluded":{"hit":false,"matched":[],"points":0},"kev":{"hit":false,"points":0},"actively_exploited":{"hit":false,"points":0},"ransomware":{"hit":false,"points":0},"multi_source":{"hit":false,"source_count":1,"points":0},"package_match":{"hit":false,"matched":[],"points":0},"raw_total":65,"final_score":65.0},"calculated_at":"2026-05-06T02:00:12.512356Z"},{"id":"dced2fb2-ab18-47db-8ebb-fbc4ffb86704","threat_type":"cve","title":"A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This impacts the function getAccessToken of the file yudao-module-system-biz/","summary":"A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This impacts the function getAccessToken of the file yudao-module-system-biz/src/main/java/io/github/ruoyi/common/oauth2/service/impl/OAuth2TokenServiceImpl.java. Performing a manipulation results in improper authentication. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.","severity":"high","cvss_score":7.3,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","cvss_version":"3.1","tags":["nvd"],"published_at":"2026-05-03T05:15:59.207000Z","last_modified_at":"2026-05-05T19:46:40.541726Z","external_id":"CVE-2026-7679","description":"A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This impacts the function getAccessToken of the file yudao-module-system-biz/src/main/java/io/github/ruoyi/common/oauth2/service/impl/OAuth2TokenServiceImpl.java. Performing a manipulation results in improper authentication. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.","affected_products":[],"references":["https://github.com/9str0IL/CVE/issues/1","https://vuldb.com/submit/800866","https://vuldb.com/vuln/360832","https://vuldb.com/vuln/360832/cti"],"sources":["nvd"],"score":65.0,"score_breakdown":{"technology_match":{"hit":true,"matched":["Java"],"points":30},"keyword_match":{"hit":false,"matched":[],"points":0},"cwe_match":{"hit":true,"matched":["CWE-287"],"points":20},"cvss_threshold":{"hit":true,"threshold":7.0,"cvss_score":7.3,"points":15},"priority_boost":{"hit":false,"matched":[],"points":0},"excluded":{"hit":false,"matched":[],"points":0},"kev":{"hit":false,"points":0},"actively_exploited":{"hit":false,"points":0},"ransomware":{"hit":false,"points":0},"multi_source":{"hit":false,"source_count":1,"points":0},"package_match":{"hit":false,"matched":[],"points":0},"raw_total":65,"final_score":65.0},"calculated_at":"2026-05-06T02:00:11.365701Z"},{"id":"15f31b51-67d7-43f7-8157-ca071990a6f8","threat_type":"cve","title":"The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Path Traversal in versions up to, an","summary":"The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 1.52.1 via the 'upload-1[file][file_path]' parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. Successful exploitation requires a publicly accessible form with a File Upload field where Save and Continue is enabled in that form's Behavior settings and the Save and Continue email notification is configured to attach uploaded files in Email Notifications.","severity":"high","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","cvss_version":"3.1","tags":["nvd"],"published_at":"2026-05-05T07:16:00.643000Z","last_modified_at":"2026-05-05T19:46:43.821539Z","external_id":"CVE-2026-5192","description":"The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 1.52.1 via the 'upload-1[file][file_path]' parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. Successful exploitation requires a publicly accessible form with a File Upload field where Save and Continue is enabled in that form's Behavior settings and the Save and Continue email notification is configured to attach uploaded files in Email Notifications.","affected_products":[],"references":["https://plugins.trac.wordpress.org/changeset/3500671/forminator","https://www.wordfence.com/threat-intel/vulnerabilities/id/788422c4-e070-48aa-a85d-a5d5a25a6a1d?source=cve"],"sources":["nvd"],"score":60.0,"score_breakdown":{"technology_match":{"hit":false,"matched":[],"points":0},"keyword_match":{"hit":true,"matched":["payment"],"points":25},"cwe_match":{"hit":true,"matched":["CWE-22"],"points":20},"cvss_threshold":{"hit":true,"threshold":7.0,"cvss_score":7.5,"points":15},"priority_boost":{"hit":false,"matched":[],"points":0},"excluded":{"hit":false,"matched":[],"points":0},"kev":{"hit":false,"points":0},"actively_exploited":{"hit":false,"points":0},"ransomware":{"hit":false,"points":0},"multi_source":{"hit":false,"source_count":1,"points":0},"package_match":{"hit":false,"matched":[],"points":0},"raw_total":60,"final_score":60.0},"calculated_at":"2026-05-06T02:00:14.807822Z"},{"id":"4f1e1ccb-9a2d-4d4b-88d6-025408e35526","threat_type":"cve","title":"In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: algif_aead - Revert to operating out-of-place\n\nThis mostly reverts commit","summary":"In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: algif_aead - Revert to operating out-of-place\n\nThis mostly reverts commit 72548b093ee3 except for the copying of\nthe associated data.\n\nThere is no benefit in operating in-place in algif_aead since the\nsource and destination come from different mappings.  Get rid of\nall the complexity added for in-place operation and just copy the\nAD directly.","severity":"critical","cvss_score":7.8,"cvss_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","cvss_version":"3.1","tags":["nvd","kev","actively-exploited"],"published_at":"2026-04-29T22:17:30.493476Z","last_modified_at":"2026-05-06T14:04:50.810237Z","external_id":"CVE-2026-31431","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: algif_aead - Revert to operating out-of-place\n\nThis mostly reverts commit 72548b093ee3 except for the copying of\nthe associated data.\n\nThere is no benefit in operating in-place in algif_aead since the\nsource and destination come from different mappings.  Get rid of\nall the complexity added for in-place operation and just copy the\nAD directly.","affected_products":["cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux:10.1:*:*:*:*:*:*:*","cpe:2.3:o:amazon:amazon_linux:-:*:*:*:*:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:-:*:*:*:*:*:*:*","cpe:2.3:o:suse:suse_linux:-:*:*:*:*:*:*:*"],"references":["https://git.kernel.org/stable/c/19d43105a97be0810edbda875f2cd03f30dc130c","https://git.kernel.org/stable/c/3115af9644c342b356f3f07a4dd1c8905cd9a6fc","https://git.kernel.org/stable/c/893d22e0135fa394db81df88697fba6032747667","https://git.kernel.org/stable/c/8b88d99341f139e23bdeb1027a2a3ae10d341d82","https://git.kernel.org/stable/c/961cfa271a918ad4ae452420e7c303149002875b","https://git.kernel.org/stable/c/a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5","https://git.kernel.org/stable/c/ce42ee423e58dffa5ec03524054c9d8bfd4f6237","https://git.kernel.org/stable/c/fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8","http://www.openwall.com/lists/oss-security/2026/04/29/23","http://www.openwall.com/lists/oss-security/2026/04/29/25","http://www.openwall.com/lists/oss-security/2026/04/29/26","http://www.openwall.com/lists/oss-security/2026/04/30/10","http://www.openwall.com/lists/oss-security/2026/04/30/11","http://www.openwall.com/lists/oss-security/2026/04/30/12","http://www.openwall.com/lists/oss-security/2026/04/30/14","http://www.openwall.com/lists/oss-security/2026/04/30/15","http://www.openwall.com/lists/oss-security/2026/04/30/16","http://www.openwall.com/lists/oss-security/2026/04/30/17","http://www.openwall.com/lists/oss-security/2026/04/30/18","http://www.openwall.com/lists/oss-security/2026/04/30/2","http://www.openwall.com/lists/oss-security/2026/04/30/20","http://www.openwall.com/lists/oss-security/2026/04/30/5","http://www.openwall.com/lists/oss-security/2026/04/30/6","http://www.openwall.com/lists/oss-security/2026/05/01/10","http://www.openwall.com/lists/oss-security/2026/05/01/12","http://www.openwall.com/lists/oss-security/2026/05/01/15","http://www.openwall.com/lists/oss-security/2026/05/01/16","http://www.openwall.com/lists/oss-security/2026/05/01/17","http://www.openwall.com/lists/oss-security/2026/05/01/18","http://www.openwall.com/lists/oss-security/2026/05/01/2","http://www.openwall.com/lists/oss-security/2026/05/01/22","http://www.openwall.com/lists/oss-security/2026/05/01/23","http://www.openwall.com/lists/oss-security/2026/05/01/24","http://www.openwall.com/lists/oss-security/2026/05/01/3","http://www.openwall.com/lists/oss-security/2026/05/02/14","http://www.openwall.com/lists/oss-security/2026/05/02/15","http://www.openwall.com/lists/oss-security/2026/05/02/16","http://www.openwall.com/lists/oss-security/2026/05/02/17","http://www.openwall.com/lists/oss-security/2026/05/02/18","http://www.openwall.com/lists/oss-security/2026/05/02/19","http://www.openwall.com/lists/oss-security/2026/05/02/20","http://www.openwall.com/lists/oss-security/2026/05/02/21","http://www.openwall.com/lists/oss-security/2026/05/02/23","http://www.openwall.com/lists/oss-security/2026/05/02/24","http://www.openwall.com/lists/oss-security/2026/05/02/25","http://www.openwall.com/lists/oss-security/2026/05/02/4","http://www.openwall.com/lists/oss-security/2026/05/02/5","http://www.openwall.com/lists/oss-security/2026/05/02/6","http://www.openwall.com/lists/oss-security/2026/05/02/7","http://www.openwall.com/lists/oss-security/2026/05/02/8","http://www.openwall.com/lists/oss-security/2026/05/03/10","http://www.openwall.com/lists/oss-security/2026/05/03/12","http://www.openwall.com/lists/oss-security/2026/05/03/13","http://www.openwall.com/lists/oss-security/2026/05/03/3","http://www.openwall.com/lists/oss-security/2026/05/03/4","http://www.openwall.com/lists/oss-security/2026/05/03/5","http://www.openwall.com/lists/oss-security/2026/05/03/6","http://www.openwall.com/lists/oss-security/2026/05/04/1","http://www.openwall.com/lists/oss-security/2026/05/04/10","http://www.openwall.com/lists/oss-security/2026/05/04/11","http://www.openwall.com/lists/oss-security/2026/05/04/12","http://www.openwall.com/lists/oss-security/2026/05/04/13","http://www.openwall.com/lists/oss-security/2026/05/04/14","http://www.openwall.com/lists/oss-security/2026/05/04/2","http://www.openwall.com/lists/oss-security/2026/05/04/24","http://www.openwall.com/lists/oss-security/2026/05/04/27","http://www.openwall.com/lists/oss-security/2026/05/04/28","http://www.openwall.com/lists/oss-security/2026/05/04/29","http://www.openwall.com/lists/oss-security/2026/05/04/31","http://www.openwall.com/lists/oss-security/2026/05/04/8","http://www.openwall.com/lists/oss-security/2026/05/04/9","http://www.openwall.com/lists/oss-security/2026/05/06/5","https://copy.fail","https://websec.net/blog/cve-2026-31431-linux-algifaead-page-cache-write-to-root-69f38a4ccddd2db1f520f170","https://access.redhat.com/security/cve/cve-2026-31431#cve-details-mitigation","https://github.com/theori-io/copy-fail-CVE-2026-31431","https://lore.kernel.org/linux-cve-announce/2026042214-CVE-2026-31431-3d65@gregkh/","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-31431","https://xint.io/blog/copy-fail-linux-distributions#the-fix-6"],"sources":["cisa_kev","nvd"],"score":60.0,"score_breakdown":{"technology_match":{"hit":false,"matched":[],"points":0},"keyword_match":{"hit":false,"matched":[],"points":0},"cwe_match":{"hit":false,"matched":[],"points":0},"cvss_threshold":{"hit":true,"threshold":7.0,"cvss_score":7.8,"points":15},"priority_boost":{"hit":false,"matched":[],"points":0},"excluded":{"hit":false,"matched":[],"points":0},"kev":{"hit":true,"points":25},"actively_exploited":{"hit":true,"points":15},"ransomware":{"hit":false,"points":0},"multi_source":{"hit":true,"source_count":2,"points":5},"package_match":{"hit":false,"matched":[],"points":0},"raw_total":60,"final_score":60.0},"calculated_at":"2026-05-06T14:04:57.488315Z"},{"id":"83f1048d-29c7-4635-b012-e3bee2bfb6bf","threat_type":"cve","title":"OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the `/openmr","summary":"OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the `/openmrs/moduleResources/{moduleid}` endpoint is vulnerable to a path traversal attack. The ModuleResourcesServlet constructs a filesystem path from user-controlled input without performing path boundary validation — the getFile() method concatenates the user-supplied path into an absolute filesystem path without calling normalize() or checking that the result stays within the allowed module resources directory. Because this endpoint serves static resources required for rendering the login page, it is not protected by authentication filters, allowing unauthenticated exploitation.\n\nAn attacker can traverse directories and read arbitrary files from the server filesystem, including /etc/passwd and application configuration files containing database credentials. Successful exploitation requires the target deployment to run on Apache Tomcat versions prior to 8.5.31, where the ..; path parameter bypass is not mitigated by the container. Deployments on Tomcat 8.5.31 or later and Tomcat 9.0.10 or later are protected at the container level, though the underlying code defect remains. This issue has been fixed in versions after 2.7.8 (within the 2.7.x branch) and in version 2.8.6 and later.","severity":"unknown","cvss_score":null,"cvss_vector":null,"cvss_version":null,"tags":["nvd"],"published_at":"2026-05-05T22:16:00.520000Z","last_modified_at":"2026-05-05T22:49:38.059873Z","external_id":"CVE-2026-40075","description":"OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the `/openmrs/moduleResources/{moduleid}` endpoint is vulnerable to a path traversal attack. The ModuleResourcesServlet constructs a filesystem path from user-controlled input without performing path boundary validation — the getFile() method concatenates the user-supplied path into an absolute filesystem path without calling normalize() or checking that the result stays within the allowed module resources directory. Because this endpoint serves static resources required for rendering the login page, it is not protected by authentication filters, allowing unauthenticated exploitation.\n\nAn attacker can traverse directories and read arbitrary files from the server filesystem, including /etc/passwd and application configuration files containing database credentials. Successful exploitation requires the target deployment to run on Apache Tomcat versions prior to 8.5.31, where the ..; path parameter bypass is not mitigated by the container. Deployments on Tomcat 8.5.31 or later and Tomcat 9.0.10 or later are protected at the container level, though the underlying code defect remains. This issue has been fixed in versions after 2.7.8 (within the 2.7.x branch) and in version 2.8.6 and later.","affected_products":[],"references":["https://github.com/openmrs/openmrs-core/security/advisories/GHSA-jjgj-cx3q-pw4w"],"sources":["nvd"],"score":50.0,"score_breakdown":{"technology_match":{"hit":true,"matched":["Tomcat"],"points":30},"keyword_match":{"hit":false,"matched":[],"points":0},"cwe_match":{"hit":true,"matched":["CWE-22"],"points":20},"cvss_threshold":{"hit":false,"threshold":7.0,"cvss_score":null,"points":0},"priority_boost":{"hit":false,"matched":[],"points":0},"excluded":{"hit":false,"matched":[],"points":0},"kev":{"hit":false,"points":0},"actively_exploited":{"hit":false,"points":0},"ransomware":{"hit":false,"points":0},"multi_source":{"hit":false,"source_count":1,"points":0},"package_match":{"hit":false,"matched":[],"points":0},"raw_total":50,"final_score":50.0},"calculated_at":"2026-05-06T02:00:16.356081Z"},{"id":"8747cd08-0545-4a69-960d-e0bafb485278","threat_type":"cve","title":"SQLBot is an intelligent Text-to-SQL system based on large language models and RAG. In versions 1.7.0 and earlier, the Text2SQL chat interface is vuln","summary":"SQLBot is an intelligent Text-to-SQL system based on large language models and RAG. In versions 1.7.0 and earlier, the Text2SQL chat interface is vulnerable to prompt injection. The user-provided question parameter is directly concatenated into the LLM prompt without filtering or escaping, and the SQL extracted from the LLM response is executed against the database without validation or sanitization. An authenticated attacker can craft a malicious question to manipulate the LLM into generating and executing arbitrary SQL statements. When connected to a PostgreSQL data source, this can lead to remote code execution via COPY FROM PROGRAM. This issue has been fixed in version 1.7.1.","severity":"unknown","cvss_score":null,"cvss_vector":null,"cvss_version":null,"tags":["nvd"],"published_at":"2026-05-05T20:16:36.317000Z","last_modified_at":"2026-05-05T20:47:40.316371Z","external_id":"CVE-2026-33324","description":"SQLBot is an intelligent Text-to-SQL system based on large language models and RAG. In versions 1.7.0 and earlier, the Text2SQL chat interface is vulnerable to prompt injection. The user-provided question parameter is directly concatenated into the LLM prompt without filtering or escaping, and the SQL extracted from the LLM response is executed against the database without validation or sanitization. An authenticated attacker can craft a malicious question to manipulate the LLM into generating and executing arbitrary SQL statements. When connected to a PostgreSQL data source, this can lead to remote code execution via COPY FROM PROGRAM. This issue has been fixed in version 1.7.1.","affected_products":[],"references":["https://github.com/dataease/SQLBot/security/advisories/GHSA-q2q6-gqqh-4xrx"],"sources":["nvd"],"score":50.0,"score_breakdown":{"technology_match":{"hit":true,"matched":["PostgreSQL"],"points":30},"keyword_match":{"hit":false,"matched":[],"points":0},"cwe_match":{"hit":true,"matched":["CWE-89"],"points":20},"cvss_threshold":{"hit":false,"threshold":7.0,"cvss_score":null,"points":0},"priority_boost":{"hit":false,"matched":[],"points":0},"excluded":{"hit":false,"matched":[],"points":0},"kev":{"hit":false,"points":0},"actively_exploited":{"hit":false,"points":0},"ransomware":{"hit":false,"points":0},"multi_source":{"hit":false,"source_count":1,"points":0},"package_match":{"hit":false,"matched":[],"points":0},"raw_total":50,"final_score":50.0},"calculated_at":"2026-05-06T02:00:16.039787Z"},{"id":"0c337d47-6bd6-4408-a0b3-e926e99996e3","threat_type":"cve","title":"n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the Oracle Database node's select operat","summary":"n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the Oracle Database node's select operation allowed user-controlled input passed into the Limit field via expressions to be interpolated directly into the SQL query without sanitization or parameterization. In workflows where external input is passed into the Limit field (e.g., from a webhook), an attacker could inject arbitrary SQL and exfiltrate data from the connected Oracle database. This issue has been patched in versions 1.123.32, 2.17.4, and 2.18.1.","severity":"unknown","cvss_score":null,"cvss_vector":null,"cvss_version":null,"tags":["nvd"],"published_at":"2026-05-04T19:16:05.847000Z","last_modified_at":"2026-05-05T19:46:42.484175Z","external_id":"CVE-2026-42233","description":"n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the Oracle Database node's select operation allowed user-controlled input passed into the Limit field via expressions to be interpolated directly into the SQL query without sanitization or parameterization. In workflows where external input is passed into the Limit field (e.g., from a webhook), an attacker could inject arbitrary SQL and exfiltrate data from the connected Oracle database. This issue has been patched in versions 1.123.32, 2.17.4, and 2.18.1.","affected_products":[],"references":["https://github.com/n8n-io/n8n/security/advisories/GHSA-r6jc-mpqw-m755"],"sources":["nvd"],"score":50.0,"score_breakdown":{"technology_match":{"hit":true,"matched":["Oracle Database"],"points":30},"keyword_match":{"hit":false,"matched":[],"points":0},"cwe_match":{"hit":true,"matched":["CWE-89"],"points":20},"cvss_threshold":{"hit":false,"threshold":7.0,"cvss_score":null,"points":0},"priority_boost":{"hit":false,"matched":[],"points":0},"excluded":{"hit":false,"matched":[],"points":0},"kev":{"hit":false,"points":0},"actively_exploited":{"hit":false,"points":0},"ransomware":{"hit":false,"points":0},"multi_source":{"hit":false,"source_count":1,"points":0},"package_match":{"hit":false,"matched":[],"points":0},"raw_total":50,"final_score":50.0},"calculated_at":"2026-05-06T02:00:14.424189Z"},{"id":"5c7a1bf6-a64f-4def-a66e-6530721a2973","threat_type":"cve","title":"A security flaw has been discovered in Dromara MaxKey up to 3.5.13. Affected by this issue is the function StrUtils.checkSqlInjection of the file StrU","summary":"A security flaw has been discovered in Dromara MaxKey up to 3.5.13. Affected by this issue is the function StrUtils.checkSqlInjection of the file StrUtils.java. Performing a manipulation of the argument filtersfields results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.","severity":"medium","cvss_score":6.3,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","cvss_version":"3.1","tags":["nvd"],"published_at":"2026-05-03T15:15:59.483000Z","last_modified_at":"2026-05-05T19:46:40.983769Z","external_id":"CVE-2026-7699","description":"A security flaw has been discovered in Dromara MaxKey up to 3.5.13. Affected by this issue is the function StrUtils.checkSqlInjection of the file StrUtils.java. Performing a manipulation of the argument filtersfields results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.","affected_products":[],"references":["https://github.com/xpp3901/CVE_APPLY/tree/main/V-M001_MaxKey_Filters_SQL_Injection","https://vuldb.com/submit/804260","https://vuldb.com/vuln/360868","https://vuldb.com/vuln/360868/cti"],"sources":["nvd"],"score":50.0,"score_breakdown":{"technology_match":{"hit":true,"matched":["Java"],"points":30},"keyword_match":{"hit":false,"matched":[],"points":0},"cwe_match":{"hit":true,"matched":["CWE-89"],"points":20},"cvss_threshold":{"hit":false,"threshold":7.0,"cvss_score":6.3,"points":0},"priority_boost":{"hit":false,"matched":[],"points":0},"excluded":{"hit":false,"matched":[],"points":0},"kev":{"hit":false,"points":0},"actively_exploited":{"hit":false,"points":0},"ransomware":{"hit":false,"points":0},"multi_source":{"hit":false,"source_count":1,"points":0},"package_match":{"hit":false,"matched":[],"points":0},"raw_total":50,"final_score":50.0},"calculated_at":"2026-05-06T02:00:12.345184Z"}],"stats":{"total_threats":28741,"critical_count":73,"high_count":0,"average_score":15.31,"sources_active":["nvd","cisa_kev"]}}