—

CVE-2026-31049EXPLOITED

n/a · n/a

CVE-2026-31049: An issue in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to execute arbitrary code and escalate privile

Description

A vulnerability, which was classified as critical, has been found in Hostbill 2025-11-24/2025-12-01. The impacted element is an unknown function of the component Registration Handler. Performing a manipulation results in csv injection.

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a, 2025-11-24, 2025-12-01

References

Related News (1 articles)

Tier C

VulDB4h ago

CVE-2026-31049 | Hostbill 2025-11-24/2025-12-01 Registration csv injection

→ No new info (linked only)

CISA KEV❌ No

Actively exploited✅ Yes

PublishedApr 14, 2026

Last enriched3h agov2

Trending Score49

Source articles1

Independent1

Info Completeness6/14

Missing: cvss, epss, cwe, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2025-63939EXP

CVE-2025-63939: Improper input handling in /Grocery/search_products_itname.php, in anirudhkannan Grocery Store Management System 1.0, al

Trending: 50

CRITICALCVE-2025-65135EXP

CVE-2025-65135: In manikandan580 School-management-system 1.0, a time-based blind SQL injection vulnerability exists in /studentms/admin

Trending: 50

CRITICALCVE-2025-65133EXP

CVE-2025-65133: A SQL injection vulnerability exists in the School Management System (version 1.0) by manikandan580. An unauthenticated

Trending: 50

HIGHCVE-2026-38528EXP

CVE-2026-38528: Krayin CRM v2.2.x was discovered to contain a SQL injection vulnerability via the rotten_lead parameter at /Lead/LeadDat

Trending: 50

HIGHCVE-2026-38529EXP

CVE-2026-38529: A Broken Object-Level Authorization (BOLA) in the /Settings/UserController.php endpoint of Webkul Krayin CRM v2.2.x allo

Trending: 50

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 14, 2026

Actively Exploited

Apr 14, 2026

Discovered by ZDM

Apr 14, 2026

Updated: description, affectedVersions, severity, activelyExploited

Apr 14, 2026

Version History

Last enriched 3h ago

v2Tier C3h ago

Updated severity to CRITICAL, added vendor and product information, and provided a more detailed description of the vulnerability.

descriptionaffectedVersionsseverityactivelyExploited

via VulDB

v14h ago

Initial creation