—

CVE-2026-31049EXPLOITED

n/a · n/a

CVE-2026-31049: An issue in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to execute arbitrary code and escalate privile

Description

A vulnerability, which was classified as critical, has been found in Hostbill 2025-11-24/2025-12-01. The impacted element is an unknown function of the component Registration Handler. Performing a manipulation results in csv injection.

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a, 2025-11-24, 2025-12-01

References

Related News (1 articles)

Tier C

VulDB7h ago

CVE-2026-31049 | Hostbill 2025-11-24/2025-12-01 Registration csv injection

→ No new info (linked only)

CISA KEV❌ No

Actively exploited✅ Yes

PublishedApr 14, 2026

Last enriched7h agov2

Trending Score48

Source articles1

Independent1

Info Completeness6/14

Missing: cvss, epss, cwe, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2025-65135EXP

CVE-2025-65135: In manikandan580 School-management-system 1.0, a time-based blind SQL injection vulnerability exists in /studentms/admin

Trending: 57

HIGHCVE-2026-38530EXP

CVE-2026-38530: A Broken Object-Level Authorization (BOLA) in the /Controllers/Lead/LeadController.php endpoint of Webkul Krayin CRM v2.

Trending: 51

HIGHCVE-2026-38529EXP

CVE-2026-38529: A Broken Object-Level Authorization (BOLA) in the /Settings/UserController.php endpoint of Webkul Krayin CRM v2.2.x allo

Trending: 51

MEDIUMCVE-2025-65136EXP

CVE-2025-65136: In manikandan580 School-management-system 1.0, a reflected XSS vulnerability exists in /studentms/admin/contact-us.php v

Trending: 50

MEDIUMCVE-2025-65132EXP

CVE-2025-65132: alandsilva26 hotel-management-php 1.0 is vulnerable to Cross Site Scripting (XSS) in /public/admin/edit_room.php which a

Trending: 50

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 14, 2026

Actively Exploited

Apr 14, 2026

Discovered by ZDM

Apr 14, 2026

Updated: description, affectedVersions, severity, activelyExploited

Apr 14, 2026

Version History

Last enriched 7h ago

v2Tier C7h ago

Updated severity to CRITICAL, added vendor and product information, and provided a more detailed description of the vulnerability.

descriptionaffectedVersionsseverityactivelyExploited

via VulDB

v17h ago

Initial creation