| critical |
Hardy Barth Salia EV Charge Controller |
advisory |
cisa-advisories, vendor-blogs |
|
ics, rce |
2026-04-21 |
| critical |
Delta Electronics ASDA-Soft |
advisory |
cisa-advisories, vendor-blogs |
|
zeroday, phishing, ics |
2026-04-16 |
| critical |
Anviz Multiple Products |
advisory |
cisa-advisories, vendor-blogs |
|
ics, rce |
2026-04-16 |
| critical |
CVE-2026-1555 — The WebStack theme for WordPress is vulnerable to arbitrary file uploads due to missing file type va… |
vulnerability |
nvd |
CVE-2026-1555 |
rce |
2026-04-15 |
| critical |
CVE-2026-39842 — OpenRemote is an open-source IoT platform. Versions 1.21.0 and below contain two interrelated expres… |
vulnerability |
nvd |
CVE-2026-39842 |
rce |
2026-04-15 |
| critical |
CVE-2026-3461 — The Visa Acceptance Solutions plugin for WordPress is vulnerable to Authentication Bypass in all ver… |
vulnerability |
nvd |
CVE-2026-3461 |
|
2026-04-15 |
| critical |
CVE-2026-33807 — @fastify/express v4.0.4 and earlier contains a path handling bug in the onRegister function that cau… |
vulnerability |
nvd |
CVE-2026-33807 |
|
2026-04-15 |
| critical |
CVE-2026-4682 — Certain HP DeskJet All in One devices may be vulnerable to remote code execution caused by a buffer… |
vulnerability |
nvd |
CVE-2026-4682 |
rce |
2026-04-15 |
| critical |
CVE-2026-30625 — Upsonic 0.71.6 contains a remote code execution vulnerability in its MCP server/task creation functi… |
vulnerability |
nvd |
CVE-2026-30625 |
rce |
2026-04-15 |
| critical |
CVE-2026-20147 — A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to exec… |
vulnerability |
nvd |
CVE-2026-20147 |
|
2026-04-15 |
| critical |
CVE-2026-20180 — A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacke… |
vulnerability |
nvd |
CVE-2026-20180, CVE-2026-20186 |
|
2026-04-15 |
| critical |
CVE-2026-20184 — A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services… |
vulnerability |
nvd |
CVE-2026-20184 |
|
2026-04-15 |
| critical |
CVE-2026-30993 — Slah CMS v1.5.0 and below was discovered to contain a remote code execution (RCE) vulnerability in t… |
vulnerability |
nvd |
CVE-2026-30993 |
rce |
2026-04-15 |
| critical |
CVE-2025-41118 — Pyroscope is an open-source continuous profiling database. The database supports various storage bac… |
vulnerability |
nvd |
CVE-2025-41118 |
|
2026-04-15 |
| critical |
CVE-2026-6296 — Heap buffer overflow in ANGLE in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to… |
vulnerability |
nvd |
CVE-2026-6296 |
|
2026-04-15 |
| critical |
CVE-2026-40173 — Dgraph is an open source distributed GraphQL database. Versions 25.3.1 and prior contain an unauthen… |
vulnerability |
nvd |
CVE-2026-40173 |
|
2026-04-15 |
| critical |
CVE-2026-6388 — A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions to… |
vulnerability |
nvd |
CVE-2026-6388 |
|
2026-04-15 |
| critical |
CVE-2026-4880 — The Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale)… |
vulnerability |
nvd |
CVE-2026-4880 |
|
2026-04-16 |
| critical |
CVE-2026-40959 — Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod. |
vulnerability |
nvd |
CVE-2026-40959 |
|
2026-04-16 |
| critical |
CVE-2026-40504 — Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravity_vm_exec f… |
vulnerability |
nvd |
CVE-2026-40504 |
|
2026-04-16 |
| critical |
CVE-2026-6350 — MailGates/MailAudit developed by Openfind has a Stack-based Buffer Overflow vulnerability, allowing… |
vulnerability |
nvd |
CVE-2026-6350 |
|
2026-04-16 |
| critical |
CVE-2026-3596 — The Riaxe Product Customizer plugin for WordPress is vulnerable to Privilege Escalation in all versi… |
vulnerability |
nvd |
CVE-2026-3596 |
|
2026-04-16 |
| critical |
CVE-2026-31843 — The goodoneuz/pay-uz Laravel package (<= 2.2.24) contains a critical vulnerability in the /payment/a… |
vulnerability |
nvd |
CVE-2026-31843 |
rce |
2026-04-16 |
| critical |
CVE-2026-6270 — @fastify/middie versions 9.3.1 and earlier do not register inherited middleware directly on child pl… |
vulnerability |
nvd |
CVE-2026-6270 |
|
2026-04-16 |
| critical |
CVE-2026-37336 — SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /… |
vulnerability |
nvd |
CVE-2026-37336, CVE-2026-37337, CVE-2026-37338, CVE-2026-37339, CVE-2026-37340 |
|
2026-04-16 |
| critical |
CVE-2026-37341 — SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the fil… |
vulnerability |
nvd |
CVE-2026-37341, CVE-2026-37342, CVE-2026-37343, CVE-2026-37344, CVE-2026-37345 |
|
2026-04-16 |
| critical |
CVE-2026-37346 — SourceCodester Payroll Management and Information System v1.0 is vulnerable to SQL Injection in the… |
vulnerability |
nvd |
CVE-2026-37346, CVE-2026-37347 |
|
2026-04-16 |
| critical |
CVE-2026-33082 — DataEase is an open source data visualization analysis tool. Versions 2.10.20 and below contain a SQ… |
vulnerability |
nvd |
CVE-2026-33082 |
|
2026-04-16 |
| critical |
CVE-2026-33083 — DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below con… |
vulnerability |
nvd |
CVE-2026-33083, CVE-2026-33084, CVE-2026-33121, CVE-2026-33122, CVE-2026-33207, CVE-2026-40899, CVE-2026-40900 |
|
2026-04-16 |
| critical |
CVE-2026-40322 — SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, Mermaid… |
vulnerability |
nvd |
CVE-2026-40322 |
|
2026-04-16 |
| critical |
CVE-2026-34018 — An SQL injection vulnerability exists in CubeCart prior to 6.6.0, which may allow an attacker to exe… |
vulnerability |
nvd |
CVE-2026-34018 |
|
2026-04-17 |
| critical |
CVE-2026-6443 — All plugins by Essentialplugin for WordPress are vulnerable to an injected backdoor in various versi… |
vulnerability |
nvd |
CVE-2026-6443 |
|
2026-04-17 |
| critical |
CVE-2026-37749 — A SQL injection vulnerability in CodeAstro Simple Attendance Management System v1.0 allows remote un… |
vulnerability |
nvd |
CVE-2026-37749 |
|
2026-04-17 |
| critical |
CVE-2026-6284 — An attacker with network access to the PLC is able to brute force discover passwords to gain unautho… |
vulnerability |
nvd |
CVE-2026-6284 |
ics |
2026-04-17 |
| critical |
CVE-2026-27890 — Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7… |
vulnerability |
nvd |
CVE-2026-27890, CVE-2026-28214, CVE-2026-28224, CVE-2026-33337, CVE-2026-34232, CVE-2026-35215, CVE-2026-40342 |
|
2026-04-17 |
| critical |
CVE-2026-40525 — OpenViking prior to version 0.3.9 contains an authentication bypass vulnerability in the VikingBot O… |
vulnerability |
nvd |
CVE-2026-40525 |
|
2026-04-17 |
| critical |
CVE-2026-32623 — xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vuln… |
vulnerability |
nvd |
CVE-2026-32623, CVE-2026-32624 |
rce |
2026-04-17 |
| critical |
CVE-2026-35546 — Anviz CX2 Lite and CX7 are vulnerable to unauthenticated firmware uploads. This causes crafted archi… |
vulnerability |
nvd |
CVE-2026-35546 |
|
2026-04-17 |
| critical |
CVE-2026-23500 — Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) softwar… |
vulnerability |
nvd |
CVE-2026-23500 |
rce |
2026-04-17 |
| critical |
CVE-2026-35512 — xrdp is an open source RDP server. Versions through 0.10.5 have a heap-based buffer overflow in the… |
vulnerability |
nvd |
CVE-2026-35512 |
rce |
2026-04-17 |
| critical |
CVE-2026-40258 — The Gramps Web API is a Python REST API for the genealogical research software Gramps. Versions 1.6.… |
vulnerability |
nvd |
CVE-2026-40258 |
|
2026-04-17 |
| critical |
CVE-2026-40351 — FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password-based login en… |
vulnerability |
nvd |
CVE-2026-40351 |
|
2026-04-17 |
| critical |
CVE-2026-40477 — Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.… |
vulnerability |
nvd |
CVE-2026-40477, CVE-2026-40478 |
|
2026-04-17 |
| critical |
CVE-2026-40324 — Hot Chocolate is an open-source GraphQL server. Prior to versions 12.22.7, 13.9.16, 14.3.1, and 15.1… |
vulnerability |
nvd |
CVE-2026-40324 |
|
2026-04-18 |
| critical |
CVE-2026-40484 — ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the database backu… |
vulnerability |
nvd |
CVE-2026-40484 |
rce |
2026-04-18 |
| critical |
CVE-2026-40317 — NovumOS is a custom 32-bit operating system written in Zig and x86 Assembly. In versions prior to 0.… |
vulnerability |
nvd |
CVE-2026-40317, CVE-2026-40572 |
|
2026-04-18 |
| critical |
CVE-2026-40492 — SAIL is a cross-platform library for loading and saving images with support for animation, metadata,… |
vulnerability |
nvd |
CVE-2026-40492, CVE-2026-40493, CVE-2026-40494 |
|
2026-04-18 |
| critical |
CVE-2026-32956 — SD-330AC and AMC Manager provided by silex technology, Inc. contain a heap-based buffer overflow vul… |
vulnerability |
nvd |
CVE-2026-32956, CVE-2026-32961 |
|
2026-04-20 |
| critical |
CVE-2026-6643 — A stack-based buffer overflow vulnerability was found in the VPN Clients on the ADM. The issue stems… |
vulnerability |
nvd |
CVE-2026-6643 |
|
2026-04-20 |
| critical |
CVE-2026-6644 — A command injection vulnerability was found in the PPTP VPN Clients on the ADM. The vulnerability al… |
vulnerability |
nvd |
CVE-2026-6644 |
rce |
2026-04-20 |
| critical |
CVE-2026-5963 — EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remot… |
vulnerability |
nvd |
CVE-2026-5963, CVE-2026-5964 |
|
2026-04-20 |
| critical |
CVE-2026-33557 — A possible security vulnerability has been identified in Apache Kafka. By default, the broker proper… |
vulnerability |
nvd |
CVE-2026-33557 |
|
2026-04-20 |
| critical |
CVE-2026-5760 — SGLang's reranking endpoint (/v1/rerank) achieves Remote Code Execution (RCE) when a model file cont… |
vulnerability |
nvd |
CVE-2026-5760 |
rce |
2026-04-20 |
| critical |
CVE-2026-24467 — OpenAEV is an open source platform allowing organizations to plan, schedule and conduct cyber advers… |
vulnerability |
nvd |
CVE-2026-24467, CVE-2026-24468 |
|
2026-04-20 |
| critical |
CVE-2026-39918 — Vvveb prior to 1.0.8.1 contains a code injection vulnerability in the installation endpoint where th… |
vulnerability |
nvd |
CVE-2026-39918 |
rce |
2026-04-20 |
| critical |
CVE-2026-30269 — Improper access control in Doorman v0.1.0 and v1.0.2 allows any authenticated user to update their o… |
vulnerability |
nvd |
CVE-2026-30269 |
|
2026-04-20 |
| critical |
CVE-2026-39109 — SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management Sy… |
vulnerability |
nvd |
CVE-2026-39109, CVE-2026-39110, CVE-2026-39111 |
|
2026-04-20 |
| critical |
CVE-2026-29649 — NEMU contains an implementation flaw in its RISC-V Hypervisor CSR handling where henvcfg[7:4] (CBIE/… |
vulnerability |
nvd |
CVE-2026-29649 |
|
2026-04-20 |
| critical |
CVE-2026-6257 — Vvveb CMS v1.0.8 contains a remote code execution vulnerability in its media management functionalit… |
vulnerability |
nvd |
CVE-2026-6257 |
rce |
2026-04-20 |
| critical |
CVE-2026-29646 — In OpenXiangShan NEMU prior to 55295c4, when running with RVH (Hypervisor extension) enabled, a VS-m… |
vulnerability |
nvd |
CVE-2026-29646 |
|
2026-04-20 |
| critical |
CVE-2026-32604 — Spinnaker is an open source, multi-cloud continuous delivery platform. In versions prior to 2026.1.0… |
vulnerability |
nvd |
CVE-2026-32604 |
|
2026-04-20 |
| critical |
CVE-2026-32613 — Spinnaker is an open source, multi-cloud continuous delivery platform. Echo like some other services… |
vulnerability |
nvd |
CVE-2026-32613 |
|
2026-04-20 |
| critical |
CVE-2026-5450 — Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library ver… |
vulnerability |
nvd |
CVE-2026-5450 |
|
2026-04-20 |
| critical |
CVE-2026-41329 — OpenClaw before 2026.3.31 contains a sandbox bypass vulnerability allowing attackers to escalate pri… |
vulnerability |
nvd |
CVE-2026-41329 |
|
2026-04-21 |
| critical |
CVE-2026-5965 — NewSoftOA developed by NewSoft has an OS Command Injection vulnerability, allowing unauthenticated l… |
vulnerability |
nvd |
CVE-2026-5965 |
|
2026-04-21 |
| critical |
CVE-2026-41036 — This vulnerability exists in Quantum Networks router due to inadequate sanitization of user-supplied… |
vulnerability |
nvd |
CVE-2026-41036 |
rce |
2026-04-21 |
| critical |
CVE-2026-6748 — Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firef… |
vulnerability |
nvd |
CVE-2026-6748, CVE-2026-6751 |
|
2026-04-21 |
| critical |
CVE-2026-6760 — Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150… |
vulnerability |
nvd |
CVE-2026-6760, CVE-2026-6768 |
|
2026-04-21 |
| critical |
CVE-2026-6771 — Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150, Firef… |
vulnerability |
nvd |
CVE-2026-6771 |
|
2026-04-21 |
| critical |
CVE-2025-15638 — Net::Dropbear versions before 0.14 for Perl contains a vulnerable version of libtomcrypt. Net::Dropb… |
vulnerability |
nvd |
CVE-2025-15638 |
|
2026-04-21 |
| critical |
CVE-2026-21571 — This Critical severity OS Command Injection vulnerability was introduced in versions 9.6.0, 10.0.0,… |
vulnerability |
nvd |
CVE-2026-21571 |
rce |
2026-04-21 |
| critical |
CVE-2026-40050 — CrowdStrike has released security updates to address a critical unauthenticated path traversal vulne… |
vulnerability |
nvd |
CVE-2026-40050 |
|
2026-04-21 |
| critical |
CVE-2026-40569 — FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a mass… |
vulnerability |
nvd |
CVE-2026-40569 |
ransomware, phishing |
2026-04-21 |
| critical |
CVE-2026-40576 — excel-mcp-server is a Model Context Protocol server for Excel file manipulation. A path traversal vu… |
vulnerability |
nvd |
CVE-2026-40576 |
|
2026-04-21 |
| critical |
CVE-2026-40584 — RansomLook is a tool to monitor Ransomware groups and markets and extract their victims. Prior to 1.… |
vulnerability |
nvd |
CVE-2026-40584 |
ransomware |
2026-04-21 |
| critical |
CVE-2026-5652 — An insecure direct object reference vulnerability in the Users API component of Crafty Controller al… |
vulnerability |
nvd |
CVE-2026-5652 |
|
2026-04-21 |
| critical |
CVE-2026-41193 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, FreeScout's… |
vulnerability |
nvd |
CVE-2026-41193 |
|
2026-04-21 |
| critical |
CVE-2026-40372 — Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to… |
vulnerability |
nvd |
CVE-2026-40372 |
|
2026-04-21 |
| critical |
CVE-2026-40884 — goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs contains an SFTP authenticat… |
vulnerability |
nvd |
CVE-2026-40884 |
|
2026-04-21 |
| critical |
CVE-2026-40885 — goshs is a SimpleHTTPServer written in Go. From 2.0.0-beta.4 to 2.0.0-beta.5, goshs leaks file-based… |
vulnerability |
nvd |
CVE-2026-40885 |
ransomware |
2026-04-21 |
| critical |
CVE-2026-40887 — Vendure is an open-source headless commerce platform. Starting in version 1.7.4 and prior to version… |
vulnerability |
nvd |
CVE-2026-40887 |
|
2026-04-21 |
| critical |
CVE-2026-40903 — goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs has an ArtiPACKED vulnerabil… |
vulnerability |
nvd |
CVE-2026-40903 |
|
2026-04-21 |
| critical |
CVE-2026-33518 — An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and… |
vulnerability |
nvd |
CVE-2026-33518 |
|
2026-04-21 |
| critical |
CVE-2026-33519 — An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Win… |
vulnerability |
nvd |
CVE-2026-33519 |
|
2026-04-21 |
| critical |
CVE-2026-34275 — Vulnerability in the Oracle Advanced Inbound Telephony product of Oracle E-Business Suite (component… |
vulnerability |
nvd |
CVE-2026-34275 |
|
2026-04-21 |
| critical |
CVE-2026-34279 — Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (c… |
vulnerability |
nvd |
CVE-2026-34279 |
|
2026-04-21 |
| critical |
CVE-2026-34285 — Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (componen… |
vulnerability |
nvd |
CVE-2026-34285, CVE-2026-34286, CVE-2026-34287, CVE-2026-34288, CVE-2026-34289, CVE-2026-34290, CVE-2026-34294 |
|
2026-04-21 |
| critical |
CVE-2026-40906 — Electric is a Postgres sync engine. From 1.1.12 to before 1.5.0, the order_by parameter in the Elect… |
vulnerability |
nvd |
CVE-2026-40906 |
|
2026-04-21 |
| critical |
CVE-2026-40911 — WWBN AVideo is an open source video platform. In versions 29.0 and prior, the YPTSocket plugin's Web… |
vulnerability |
nvd |
CVE-2026-40911 |
|
2026-04-21 |
| critical |
CVE-2026-40933 — Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.… |
vulnerability |
nvd |
CVE-2026-40933 |
|
2026-04-21 |
| critical |
CVE-2026-40575 — OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0… |
vulnerability |
nvd |
CVE-2026-40575, CVE-2026-41059 |
|
2026-04-22 |
| critical |
CVE-2026-41064 — WWBN AVideo is an open source video platform. In versions up to and including 29.0, an incomplete fi… |
vulnerability |
nvd |
CVE-2026-41064 |
|
2026-04-22 |
| critical |
CVE-2026-41304 — WWBN AVideo is an open source video platform. In versions 29.0 and below, the `cloneServer.json.php`… |
vulnerability |
nvd |
CVE-2026-41304 |
botnet, rce |
2026-04-22 |
| critical |
CVE-2026-4119 — The Create DB Tables plugin for WordPress is vulnerable to authorization bypass in all versions up t… |
vulnerability |
nvd |
CVE-2026-4119 |
|
2026-04-22 |
| critical |
CVE-2026-6235 — The Sendmachine for WordPress plugin for WordPress is vulnerable to authorization bypass via the 'ma… |
vulnerability |
nvd |
CVE-2026-6235 |
|
2026-04-22 |
| critical |
CVE-2026-31460 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: check if ext_ca… |
vulnerability |
nvd |
CVE-2026-31460 |
ransomware |
2026-04-22 |
| critical |
CVE-2026-31461 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix drm_edid le… |
vulnerability |
nvd |
CVE-2026-31461 |
ransomware |
2026-04-22 |
| critical |
CVE-2026-31488 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Do not skip unr… |
vulnerability |
nvd |
CVE-2026-31488 |
ransomware |
2026-04-22 |
| critical |
CVE-2026-21523 GitHub Copilot and Visual Studio Code Remote Code Execution Vulnerability |
advisory |
vendor-blogs |
|
rce |
2026-04-20 |
| critical |
Vect formalizes BreachForums and TeamPCP alliance to push model for industrialized ransomware, scale RaaS operations |
advisory |
vendor-blogs |
|
ransomware |
2026-04-21 |
| critical |
Malicious IP: 88.151.32.168 |
ip-reputation |
abuse-ipdb |
88.151.32.168 |
|
2026-04-22 |
| critical |
Malicious IP: 2.57.122.191 |
ip-reputation |
abuse-ipdb |
2.57.122.191 |
|
2026-04-22 |
| critical |
Malicious IP: 92.118.39.196 |
ip-reputation |
abuse-ipdb |
92.118.39.196 |
|
2026-04-22 |
| critical |
Malicious IP: 211.223.107.86 |
ip-reputation |
abuse-ipdb |
211.223.107.86 |
|
2026-04-22 |
| critical |
Malicious IP: 106.12.18.199 |
ip-reputation |
abuse-ipdb |
106.12.18.199 |
|
2026-04-22 |
| critical |
Malicious IP: 196.189.155.89 |
ip-reputation |
abuse-ipdb |
196.189.155.89 |
|
2026-04-22 |
| critical |
Malicious IP: 102.219.126.124 |
ip-reputation |
abuse-ipdb |
102.219.126.124 |
|
2026-04-22 |
| critical |
Malicious IP: 107.170.38.20 |
ip-reputation |
abuse-ipdb |
107.170.38.20 |
|
2026-04-22 |
| critical |
Malicious IP: 85.29.197.188 |
ip-reputation |
abuse-ipdb |
85.29.197.188 |
|
2026-04-22 |
| critical |
Malicious IP: 2.57.122.177 |
ip-reputation |
abuse-ipdb |
2.57.122.177 |
|
2026-04-22 |
| critical |
Malicious IP: 152.32.213.68 |
ip-reputation |
abuse-ipdb |
152.32.213.68 |
|
2026-04-22 |
| critical |
Malicious IP: 92.118.39.195 |
ip-reputation |
abuse-ipdb |
92.118.39.195 |
|
2026-04-22 |
| critical |
Malicious IP: 103.39.225.73 |
ip-reputation |
abuse-ipdb |
103.39.225.73 |
|
2026-04-22 |
| critical |
Malicious IP: 64.62.197.91 |
ip-reputation |
abuse-ipdb |
64.62.197.91 |
|
2026-04-22 |
| critical |
Malicious IP: 188.127.237.85 |
ip-reputation |
abuse-ipdb |
188.127.237.85 |
|
2026-04-22 |
| critical |
Malicious IP: 87.249.18.170 |
ip-reputation |
abuse-ipdb |
87.249.18.170 |
|
2026-04-22 |
| critical |
Malicious IP: 85.217.149.35 |
ip-reputation |
abuse-ipdb |
85.217.149.35 |
|
2026-04-22 |
| critical |
Malicious IP: 103.143.207.15 |
ip-reputation |
abuse-ipdb |
103.143.207.15 |
|
2026-04-22 |
| critical |
Malicious IP: 195.178.110.30 |
ip-reputation |
abuse-ipdb |
195.178.110.30 |
|
2026-04-22 |
| critical |
Malicious IP: 2.57.122.195 |
ip-reputation |
abuse-ipdb |
2.57.122.195 |
|
2026-04-22 |
| critical |
payload_delivery: undefined |
threat-intel |
threatfox |
|
ClearFake, 22April2026, Commandline, Windows, DarkCloud, ViriBack, CobaltStrike, drb-ra, RAT, ValleyRAT, RedLineStealer, Agentemis, Beacon, Cobalt Strike, cobeacon, Kongtuke, c2, RapidStealer, StrelaStealer, ClickFix, compromised, etherhiding, Polygon, Vidar, WordPress, remcos, Gafgyt, ConnectBack, glassworm, Wave3, wallet-trojan, calendar-c2, infostealer stealer, opiusra, EnmityStealer, 1xxbot, ArechClient, SectopRAT, Stealc, CinaRAT, Quasar RAT, QuasarRAT, Yggdrasil, BotManager, Mirai, MaskGramStealer, 21April2026, conhost-headless, finger-tcp79, fingerfix, win.fingerfix, finger-delivery, AS15169, hak5, AS14618, AS14061, AS9123, SocGholish, cs-watermark-987654321, cs-watermark-100000, Fake Zoom, ScreenConnect, VBScript, Fake Microsoft Teams, Fake Adobe, SSA, ErrTraffic, Lumma, r88vry, XWorm, GDrive, grpc, msi, NodeJS, TOR, darkcomet, NanoCore, dcrat, Steal, RemcosRAT, ExtRat, Xtreme RAT, AS24940, CHAOS, Hetzner Online GmbH, kimwolf, Discord, cs-watermark-666666, macOS, stealer, FrostStealer, etherhide, polygon-contract-stored-c2, 20April2026, Fake-Claude, Nancrat, NanoCore RAT, PureHVNC, PureRAT, AS202412, jarm-cluster, Omegatech, cluster25, sliver, clickfix-cluster, phishing, AS8075, Microsoft Corporation, Supershell, Mozi, EXT, Fake Claude, ACRStealer, OffLoader, AISURU, exe, DGA, valleyrat_s2, REMPROXY, CrystalX, DeepLoad, AS205775, NEON CORE NETWORK LLC, Bot Manager, pw-ryos, DDNS, Fake Adobe Reader, Fake DocuSign, payload, Fake Google Meet, cs-watermark-305419896, cs-watermark-666666666, cs-watermark-391144938, DarkCrystal RAT, 18April2026, AS216084, itystealer, Kerem Uluboy, Access2.IT Network, AS208258, zabbix, AS64439, borz, RocketCloud.ru, honeypot, WebDav, botnet, controller, ssh, Amnesia Panel, Web Panel, NetSupport, asyncrat, garble, go, midie, sideload-asus, AS56971, AS56971 Cloud, UNAM, Amos, asar, atomic, wallet-injection, applescript, keystone-persistence, Loader, Vjw0rm, PhantomGate, SantaStealer, rmm, simplehelp, deerstealer, njrat, a10fsw, SHubStealer, Farfli, APT, kimsuky, DPRK, Lazarus, ESP, geo, GCleaner, SilentNet, 17April2026, KermitRAT, Breut, Fynloski, klovbot, Remvio, Socmer, tofsee, IClickFix, NetSupport RAT, ZigClipper, domain, Lumma Stealer, Mirax, 16April2026, infostealer, AS328543, Sun Network Company Limited, RedTigerStealer, WeedHack, Havoc, d0b0p, Loki, Lorikazz, AS932, XNNET LLC, SmartApeSG, AgingFly, UKR, odiznrio, Patchwork, cs-watermark-1234567890, quasar, dropped-by-vidar, exfil, FlagStealer, SmartLoader, 15April2026, Metateam1337x-afk, apt |
2026-04-22 |
| critical |
Using KATA and KEDR to detect the AdaptixC2 agent |
threat-intel |
otx |
f212fd00d9ffc0f3… |
mgbot, lateral movement, network detection, post-exploitation framework, coolclient, command-and-control, toneshell, vbcloud, cloudatlas, process injection, edr, powershower, credential harvesting, adaptixc2, vbshower, ransomware, apt, phishing, botnet |
2026-04-17 |
| critical |
Uptick in Bomgar RMM Exploitation |
threat-intel |
otx |
CVE-2026-1731, CVE-2024-3400, CVE-2023-33538, CVE-2025-59287, CVE-2025-21042, CVE-2025-55182, CVE-2025-66478, CVE-2025-14847, CVE-2026-1281, CVE-2026-1340, CVE-2025-0921, CVE-2025-23304, CVE-2026-22584 | bc9635dcc3444c18…, e7efe76a253a37e0… |
lockbit, simplehelp, remote access tools, ransomware, byovd, screenconnect, atera, bomgar, rmm exploitation, anydesk, cve-2026-1731, poisonkiller, msp targeting, cve-2023-33538, tp-link routers, iot exploitation, firmware analysis, condi botnet, command injection, wifi routers, mirai, condi, mirai botnet, maritime, nuso, lamporat, ai-enhanced malware, trusted relationship compromise, energy, iranian, cyberespionage, udpgangster, critical infrastructure, blackbeard, phoenix, ghostbackdoor, social engineering, phishing, botnet, rce |
2026-04-17 |
| critical |
Over 1,300 Microsoft SharePoint servers vulnerable to spoofing attacks |
news |
general-news |
|
zeroday |
2026-04-22 |
| critical |
Former ransomware negotiator pleads guilty to BlackCat attacks |
news |
general-news |
|
ransomware |
2026-04-21 |
| critical |
Mustang Panda’s New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles |
news |
general-news |
|
apt, botnet |
2026-04-22 |
| critical |
SystemBC C2 Server Reveals 1,570+ Victims in The Gentlemen Ransomware Operation |
news |
general-news |
|
ransomware, botnet |
2026-04-21 |
| critical |
Ransomware Negotiator Pleads Guilty to Aiding BlackCat Attacks in 2023 |
news |
general-news |
|
ransomware |
2026-04-21 |
| critical |
No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks |
news |
general-news |
|
zeroday, supply-chain |
2026-04-21 |
| critical |
SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files |
news |
general-news |
|
rce |
2026-04-20 |
| critical |
Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain |
news |
general-news |
|
rce, supply-chain |
2026-04-20 |
| critical |
Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched |
news |
general-news |
|
zeroday |
2026-04-17 |
| critical |
Google Blocks 8.3B Policy-Violating Ads in 2025, Launches Android 17 Privacy Overhaul |
news |
general-news |
|
ransomware |
2026-04-17 |
| critical |
ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories |
news |
general-news |
|
zeroday, rce, supply-chain |
2026-04-16 |
| critical |
Ransomware Negotiator Pleads Guilty to BlackCat Scheme |
news |
general-news |
|
ransomware |
2026-04-21 |
| critical |
Surge in Bomgar RMM Exploitation Demonstrates Supply Chain Risk |
news |
general-news |
|
ransomware, rce, supply-chain |
2026-04-21 |
| critical |
Google Fixes Critical RCE Flaw in AI-Based 'Antigravity' Tool |
news |
general-news |
|
rce |
2026-04-21 |
| critical |
Chinese APT Targets Indian Banks, Korean Policy Circles |
news |
general-news |
|
apt |
2026-04-21 |
| critical |
6-Year Ransomware Campaign Targets Turkish Homes & SMBs |
news |
general-news |
|
ransomware |
2026-04-16 |
| critical |
Google Antigravity in Crosshairs of Security Researchers, Cybercriminals |
news |
general-news |
|
rce |
2026-04-22 |
| critical |
Third US Security Expert Admits Helping Ransomware Gang |
news |
general-news |
|
ransomware |
2026-04-21 |
| critical |
Former Ransomware Negotiator Pleads Guilty to Working For BlackCat Cyber Gang |
news |
general-news |
|
ransomware |
2026-04-22 |
| critical |
The Gentlemen Ransomware Expands With Rapid Affiliate Growth |
news |
general-news |
|
ransomware |
2026-04-21 |
| critical |
Cookeville Medical Center Notifies Patients After July 2025 Ransomware Attack |
news |
general-news |
|
ransomware |
2026-04-16 |
| critical |
Automotive Ransomware Attacks Double in a Year |
news |
general-news |
|
ransomware |
2026-04-16 |
| critical |
Former DigitalMint ransomware negotiator pleads guilty to extortion scheme |
news |
general-news |
|
ransomware |
2026-04-21 |
| critical |
Lawmakers ponder terrorism designations, homicide charges over hospital ransomware attacks |
news |
general-news |
|
ransomware |
2026-04-21 |
| critical |
Vuln in Google’s Antigravity AI agent manager could escape sandbox, give attackers remote code execution |
news |
general-news |
|
rce |
2026-04-20 |
| high |
CVE-2026-20122 — Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability |
vulnerability |
cisa-kev |
CVE-2026-20122 |
|
2026-04-20 |
| high |
CVE-2026-20133 — Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability |
vulnerability |
cisa-kev |
CVE-2026-20133 |
|
2026-04-20 |
| high |
CVE-2025-2749 — Kentico Xperience Path Traversal Vulnerability |
vulnerability |
cisa-kev |
CVE-2025-2749 |
|
2026-04-20 |
| high |
CVE-2025-48700 — Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability |
vulnerability |
cisa-kev |
CVE-2025-48700 |
|
2026-04-20 |
| high |
CVE-2026-20128 — Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability |
vulnerability |
cisa-kev |
CVE-2026-20128 |
|
2026-04-20 |
| high |
CVE-2025-32975 — Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability |
vulnerability |
cisa-kev |
CVE-2025-32975 |
|
2026-04-20 |
| high |
CVE-2026-34197 — Apache ActiveMQ Improper Input Validation Vulnerability |
vulnerability |
cisa-kev |
CVE-2026-34197 |
|
2026-04-16 |
| high |
Silex Technology SD-330AC and AMC Manager |
advisory |
cisa-advisories, vendor-blogs |
|
phishing, ics, transport |
2026-04-21 |
| high |
Siemens RUGGEDCOM CROSSBOW Secure Access Manager Primary |
advisory |
cisa-advisories, vendor-blogs |
|
ics |
2026-04-21 |
| high |
Siemens TPM 2.0 |
advisory |
cisa-advisories, vendor-blogs |
|
botnet, ics |
2026-04-21 |
| high |
SenseLive X3050 |
advisory |
cisa-advisories, vendor-blogs |
|
phishing, ics |
2026-04-21 |
| high |
Siemens Analytics Toolkit |
advisory |
cisa-advisories, vendor-blogs |
|
ics |
2026-04-21 |
| high |
Siemens SCALANCE |
advisory |
cisa-advisories, vendor-blogs |
|
ics |
2026-04-21 |
| high |
Siemens SINEC NMS |
advisory |
cisa-advisories, vendor-blogs |
|
ics |
2026-04-21 |
| high |
Zero Motorcycles Firmware |
advisory |
cisa-advisories, vendor-blogs |
|
ics |
2026-04-21 |
| high |
Siemens Industrial Edge Management |
advisory |
cisa-advisories, vendor-blogs |
|
ics |
2026-04-21 |
| high |
Siemens RUGGEDCOM CROSSBOW Station Access Controller (SAC) |
advisory |
cisa-advisories, vendor-blogs |
|
ics |
2026-04-21 |
| high |
Supply Chain Compromise Impacts Axios Node Package Manager |
advisory |
cisa-advisories |
|
phishing, botnet, supply-chain |
2026-04-20 |
| high |
AVEVA Pipeline Simulation |
advisory |
cisa-advisories, vendor-blogs |
|
ics |
2026-04-16 |
| high |
Horner Automation Cscape and XL4, XL7 PLC |
advisory |
cisa-advisories, vendor-blogs |
|
ics |
2026-04-16 |
| high |
CVE-2025-54550 — The example example_xcom that was included in airflow documentation implemented unsafe pattern of re… |
vulnerability |
nvd |
CVE-2025-54550 |
|
2026-04-15 |
| high |
CVE-2026-2834 — The Age Verification & Identity Verification by Token of Trust plugin for WordPress is vulnerable to… |
vulnerability |
nvd |
CVE-2026-2834 |
|
2026-04-15 |
| high |
CVE-2026-33806 — Impact: Fastify applications using schema.body.content for per-content-type body validation can have… |
vulnerability |
nvd |
CVE-2026-33806 |
|
2026-04-15 |
| high |
CVE-2026-39884 — mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Versions… |
vulnerability |
nvd |
CVE-2026-39884 |
|
2026-04-15 |
| high |
CVE-2026-39971 — Serendipity is a PHP-powered weblog engine. In versions 2.6-beta2 and below, the email sending funct… |
vulnerability |
nvd |
CVE-2026-39971 |
|
2026-04-15 |
| high |
CVE-2026-40090 — Zarf is an Airgap Native Packager Manager for Kubernetes. Versions 0.23.0 through 0.74.1 contain an… |
vulnerability |
nvd |
CVE-2026-40090 |
|
2026-04-15 |
| high |
CVE-2026-40104 — XWiki Platform is a generic wiki platform offering runtime services for applications built on top of… |
vulnerability |
nvd |
CVE-2026-40104, CVE-2026-40105 |
|
2026-04-15 |
| high |
CVE-2026-5397 — It has been identified that a vulnerability (CWE-427) exists in the UPS (Uninterruptible Power Suppl… |
vulnerability |
nvd |
CVE-2026-5397 |
|
2026-04-15 |
| high |
CVE-2026-40719 — Deadwood in MaraDNS 3.5.0036 allows attackers to exhaust connection slots via a zone whose authorita… |
vulnerability |
nvd |
CVE-2026-40719 |
|
2026-04-15 |
| high |
CVE-2026-5088 — Apache::API::Password versions through v0.5.2 for Perl can generate insecure random values for salts… |
vulnerability |
nvd |
CVE-2026-5088 |
|
2026-04-15 |
| high |
CVE-2025-40897 — An access control vulnerability was discovered in the Threat Intelligence functionality due to a spe… |
vulnerability |
nvd |
CVE-2025-40897 |
|
2026-04-15 |
| high |
CVE-2025-40899 — A Stored Cross-Site Scripting vulnerability was discovered in the Assets and Nodes functionality due… |
vulnerability |
nvd |
CVE-2025-40899 |
|
2026-04-15 |
| high |
CVE-2026-3643 — The Accessibly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API in… |
vulnerability |
nvd |
CVE-2026-3643 |
|
2026-04-15 |
| high |
CVE-2026-5617 — The Login as User plugin for WordPress is vulnerable to Privilege Escalation in all versions up to,… |
vulnerability |
nvd |
CVE-2026-5617 |
|
2026-04-15 |
| high |
CVE-2026-5694 — The Quick Interest Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the… |
vulnerability |
nvd |
CVE-2026-5694 |
|
2026-04-15 |
| high |
CVE-2026-30778 — The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of M… |
vulnerability |
nvd |
CVE-2026-30778 |
|
2026-04-15 |
| high |
CVE-2026-40744 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i… |
vulnerability |
nvd |
CVE-2026-40744, CVE-2026-40745, CVE-2025-63029 |
|
2026-04-15 |
| high |
CVE-2026-40764 — Cross-Site Request Forgery (CSRF) vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite… |
vulnerability |
nvd |
CVE-2026-40764 |
|
2026-04-15 |
| high |
CVE-2026-40784 — Authorization Bypass Through User-Controlled Key vulnerability in Mahmudul Hasan Arif FluentBoards f… |
vulnerability |
nvd |
CVE-2026-40784 |
|
2026-04-15 |
| high |
CVE-2026-0827 — During an internal security assessment, a potential vulnerability was discovered in Lenovo Diagnosti… |
vulnerability |
nvd |
CVE-2026-0827 |
|
2026-04-15 |
| high |
CVE-2026-4134 — During an internal security assessment, a potential vulnerability was discovered in Lenovo Software… |
vulnerability |
nvd |
CVE-2026-4134, CVE-2026-4135, CVE-2026-4145 |
|
2026-04-15 |
| high |
CVE-2026-30364 — CentSDR commit e40795 was discovered to contain a stack overflow in the "Thread1" function. |
vulnerability |
nvd |
CVE-2026-30364 |
|
2026-04-15 |
| high |
CVE-2025-67841 — Nordic Semiconductor IronSide SE for nRF54H20 before 23.0.2+17 has an Algorithmic complexity issue. |
vulnerability |
nvd |
CVE-2025-67841 |
|
2026-04-15 |
| high |
CVE-2026-20204 — In Splunk Enterprise versions below 10.2.1, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform ve… |
vulnerability |
nvd |
CVE-2026-20204 |
rce |
2026-04-15 |
| high |
CVE-2026-20205 — In Splunk MCP Server app versions below 1.0.3 , a user who holds a role with access to the Splunk `_… |
vulnerability |
nvd |
CVE-2026-20205 |
|
2026-04-15 |
| high |
CVE-2026-30461 — Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE… |
vulnerability |
nvd |
CVE-2026-30461 |
rce |
2026-04-15 |
| high |
CVE-2026-30615 — A prompt injection vulnerability in Windsurf 1.9544.26 allows remote attackers to execute arbitrary… |
vulnerability |
nvd |
CVE-2026-30615 |
|
2026-04-15 |
| high |
CVE-2026-30616 — Jaaz 1.0.30 contains a remote code execution vulnerability in its MCP STDIO command execution handli… |
vulnerability |
nvd |
CVE-2026-30616 |
rce |
2026-04-15 |
| high |
CVE-2026-30617 — LangChain-ChatChat 0.3.1 contains a remote code execution vulnerability in its MCP STDIO server conf… |
vulnerability |
nvd |
CVE-2026-30617 |
rce |
2026-04-15 |
| high |
CVE-2026-30624 — Agent Zero 0.9.8 contains a remote code execution vulnerability in its External MCP Servers configur… |
vulnerability |
nvd |
CVE-2026-30624 |
rce |
2026-04-15 |
| high |
CVE-2026-30994 — Incorrect access control in the config.php component of Slah v1.5.0 and below allows unauthenticated… |
vulnerability |
nvd |
CVE-2026-30994 |
|
2026-04-15 |
| high |
CVE-2026-30995 — Slah CMS v1.5.0 and below was discovered to contain a SQL injection vulnerability via the id paramet… |
vulnerability |
nvd |
CVE-2026-30995 |
|
2026-04-15 |
| high |
CVE-2026-30996 — An issue in the file handling logic of the component download.php of SAC-NFe v2.0.02 allows attacker… |
vulnerability |
nvd |
CVE-2026-30996 |
|
2026-04-15 |
| high |
CVE-2026-6372 — Missing Authorization vulnerability in Plisio Accept Cryptocurrencies with Plisio allows Exploiting… |
vulnerability |
nvd |
CVE-2026-6372 |
|
2026-04-15 |
| high |
CVE-2026-32631 — Git for Windows is the Windows port of Git. Versions prior to 2.53.0.windows.3 do not have protectio… |
vulnerability |
nvd |
CVE-2026-32631 |
|
2026-04-15 |
| high |
CVE-2026-6290 — Velociraptor versions prior to 0.76.3 contain a vulnerability in the query() plugin which allows acc… |
vulnerability |
nvd |
CVE-2026-6290 |
|
2026-04-15 |
| high |
CVE-2026-33435 — Weblate is a web based localization tool. In versions prior to 5.17, the project backup didn't filte… |
vulnerability |
nvd |
CVE-2026-33435 |
rce |
2026-04-15 |
| high |
CVE-2026-33667 — OpenProject is an open-source project management application. In versions prior to 17.3.0, 2FA OTP v… |
vulnerability |
nvd |
CVE-2026-33667 |
|
2026-04-15 |
| high |
CVE-2026-34242 — Weblate is a web based localization tool. In versions prior to 5.17, the ZIP download feature didn't… |
vulnerability |
nvd |
CVE-2026-34242 |
|
2026-04-15 |
| high |
CVE-2026-34393 — Weblate is a web based localization tool. In versions prior to 5.17, the user patching API endpoint… |
vulnerability |
nvd |
CVE-2026-34393 |
|
2026-04-15 |
| high |
CVE-2026-34632 — Adobe Photoshop Installer was affected by an Uncontrolled Search Path Element vulnerability that cou… |
vulnerability |
nvd |
CVE-2026-34632 |
|
2026-04-15 |
| high |
CVE-2026-4857 — IdentityIQ 8.5, all IdentityIQ 8.5 patch levels prior to 8.5p2, IdentityIQ 8.4, and all IdentityIQ 8… |
vulnerability |
nvd |
CVE-2026-4857 |
|
2026-04-15 |
| high |
CVE-2026-33877 — ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain… |
vulnerability |
nvd |
CVE-2026-33877, CVE-2026-33888, CVE-2026-33889, CVE-2026-35569, CVE-2026-39857 |
phishing |
2026-04-15 |
| high |
CVE-2026-6297 — Use after free in Proxy in Google Chrome prior to 147.0.7727.101 allowed an attacker in a privileged… |
vulnerability |
nvd |
CVE-2026-6297 |
|
2026-04-15 |
| high |
CVE-2026-6299 — Use after free in Prerender in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to ex… |
vulnerability |
nvd |
CVE-2026-6299 |
|
2026-04-15 |
| high |
CVE-2026-6300 — Use after free in CSS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute… |
vulnerability |
nvd |
CVE-2026-6300 |
|
2026-04-15 |
| high |
CVE-2026-6301 — Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to exe… |
vulnerability |
nvd |
CVE-2026-6301, CVE-2026-6307 |
|
2026-04-15 |
| high |
CVE-2026-6302 — Use after free in Video in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execut… |
vulnerability |
nvd |
CVE-2026-6302 |
|
2026-04-15 |
| high |
CVE-2026-6303 — Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execu… |
vulnerability |
nvd |
CVE-2026-6303, CVE-2026-6318 |
|
2026-04-15 |
| high |
CVE-2026-6304 — Use after free in Graphite in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who ha… |
vulnerability |
nvd |
CVE-2026-6304 |
|
2026-04-15 |
| high |
CVE-2026-6305 — Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to… |
vulnerability |
nvd |
CVE-2026-6305, CVE-2026-6306 |
|
2026-04-15 |
| high |
CVE-2026-6308 — Out of bounds read in Media in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who c… |
vulnerability |
nvd |
CVE-2026-6308 |
|
2026-04-15 |
| high |
CVE-2026-6309 — Use after free in Viz in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had com… |
vulnerability |
nvd |
CVE-2026-6309 |
|
2026-04-15 |
| high |
CVE-2026-6310 — Use after free in Dawn in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had co… |
vulnerability |
nvd |
CVE-2026-6310 |
|
2026-04-15 |
| high |
CVE-2026-6311 — Uninitialized Use in Accessibility in Google Chrome on Windows prior to 147.0.7727.101 allowed a rem… |
vulnerability |
nvd |
CVE-2026-6311 |
|
2026-04-15 |
| high |
CVE-2026-6314 — Out of bounds write in GPU in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who ha… |
vulnerability |
nvd |
CVE-2026-6314 |
|
2026-04-15 |
| high |
CVE-2026-6315 — Use after free in Permissions in Google Chrome on Android prior to 147.0.7727.101 allowed a remote a… |
vulnerability |
nvd |
CVE-2026-6315 |
|
2026-04-15 |
| high |
CVE-2026-6316 — Use after free in Forms in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execut… |
vulnerability |
nvd |
CVE-2026-6316 |
|
2026-04-15 |
| high |
CVE-2026-6317 — Use after free in Cast in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute… |
vulnerability |
nvd |
CVE-2026-6317 |
|
2026-04-15 |
| high |
CVE-2026-6319 — Use after free in Payments in Google Chrome on Android prior to 147.0.7727.101 allowed a remote atta… |
vulnerability |
nvd |
CVE-2026-6319 |
|
2026-04-15 |
| high |
CVE-2026-6358 — Use after free in XR in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker t… |
vulnerability |
nvd |
CVE-2026-6358 |
|
2026-04-15 |
| high |
CVE-2026-6359 — Use after free in Video in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacke… |
vulnerability |
nvd |
CVE-2026-6359 |
|
2026-04-15 |
| high |
CVE-2026-6360 — Use after free in FileSystem in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to p… |
vulnerability |
nvd |
CVE-2026-6360 |
|
2026-04-15 |
| high |
CVE-2026-6361 — Heap buffer overflow in PDFium in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote… |
vulnerability |
nvd |
CVE-2026-6361 |
|
2026-04-15 |
| high |
CVE-2026-6363 — Type Confusion in V8 in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potential… |
vulnerability |
nvd |
CVE-2026-6363 |
|
2026-04-15 |
| high |
CVE-2026-6384 — A flaw was found in gimp. This buffer overflow vulnerability in the GIF image loading component's `R… |
vulnerability |
nvd |
CVE-2026-6384 |
|
2026-04-15 |
| high |
CVE-2026-22676 — Barracuda RMM versions prior to 2025.2.2 contain a privilege escalation vulnerability that allows lo… |
vulnerability |
nvd |
CVE-2026-22676 |
|
2026-04-15 |
| high |
CVE-2026-40176 — Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain… |
vulnerability |
nvd |
CVE-2026-40176, CVE-2026-40261 |
|
2026-04-15 |
| high |
CVE-2026-40316 — OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git… |
vulnerability |
nvd |
CVE-2026-40316 |
rce, supply-chain |
2026-04-15 |
| high |
CVE-2026-40193 — maddy is a composable, all-in-one mail server. Versions prior to 0.9.3 contain an LDAP injection vul… |
vulnerability |
nvd |
CVE-2026-40193 |
|
2026-04-16 |
| high |
CVE-2026-40245 — Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. Ver… |
vulnerability |
nvd |
CVE-2026-40245 |
|
2026-04-16 |
| high |
CVE-2026-40502 — OpenHarness prior to commit dd1d235 contains a command injection vulnerability that allows remote ga… |
vulnerability |
nvd |
CVE-2026-40502 |
|
2026-04-16 |
| high |
CVE-2026-40960 — Luanti 5 before 5.15.2 sometimes allows unintended access to an insecure environment. If at least on… |
vulnerability |
nvd |
CVE-2026-40960 |
|
2026-04-16 |
| high |
CVE-2026-41015 — radare2 before 9236f44, when configured on UNIX without SSL, allows command injection via a PDB name… |
vulnerability |
nvd |
CVE-2026-41015 |
|
2026-04-16 |
| high |
CVE-2026-6348 — WinMatrix agent developed by Simopro Technology has a Missing Authentication vulnerability, allowing… |
vulnerability |
nvd |
CVE-2026-6348 |
|
2026-04-16 |
| high |
CVE-2026-6351 — MailGates/MailAudit developed by Openfind has a CRLF Injection vulnerability, allowing unauthenticat… |
vulnerability |
nvd |
CVE-2026-6351 |
|
2026-04-16 |
| high |
CVE-2026-22619 — Eaton Intelligent Power Protector (IPP) is affected by insecure library loading in its executable, w… |
vulnerability |
nvd |
CVE-2026-22619 |
|
2026-04-16 |
| high |
CVE-2026-3599 — The Riaxe Product Customizer plugin for WordPress is vulnerable to SQL Injection via the 'options' p… |
vulnerability |
nvd |
CVE-2026-3599 |
|
2026-04-16 |
| high |
CVE-2026-3614 — The AcyMailing plugin for WordPress is vulnerable to privilege escalation in all versions From 9.11.… |
vulnerability |
nvd |
CVE-2026-3614 |
|
2026-04-16 |
| high |
CVE-2026-5050 — The Payment Gateway for Redsys & WooCommerce Lite plugin for WordPress is vulnerable to Improper Ver… |
vulnerability |
nvd |
CVE-2026-5050 |
|
2026-04-16 |
| high |
CVE-2026-1620 — The Livemesh Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all… |
vulnerability |
nvd |
CVE-2026-1620 |
|
2026-04-16 |
| high |
CVE-2026-3876 — The Prismatic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'prismatic_e… |
vulnerability |
nvd |
CVE-2026-3876 |
|
2026-04-16 |
| high |
CVE-2026-41035 — In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call,… |
vulnerability |
nvd |
CVE-2026-41035 |
|
2026-04-16 |
| high |
CVE-2025-14868 — The Career Section plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Path… |
vulnerability |
nvd |
CVE-2025-14868 |
|
2026-04-16 |
| high |
CVE-2026-23772 — Dell Storage Manager - Replay Manager for Microsoft Servers, version(s) 8.0, contain(s) an Improper… |
vulnerability |
nvd |
CVE-2026-23772 |
ransomware |
2026-04-16 |
| high |
CVE-2026-3489 — The DirectoryPress – Business Directory And Classified Ad Listing plugin for WordPress is vulnerable… |
vulnerability |
nvd |
CVE-2026-3489 |
|
2026-04-16 |
| high |
CVE-2026-31987 — JWT Tokens used by tasks were exposed in logs. This could allow UI users to act as Dag Authors. User… |
vulnerability |
nvd |
CVE-2026-31987 |
|
2026-04-16 |
| high |
CVE-2026-5785 — Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions fro… |
vulnerability |
nvd |
CVE-2026-5785 |
|
2026-04-16 |
| high |
CVE-2026-30459 — An issue in the Forgot Password feature of Daylight Studio FuelCMS v1.5.2 allows unauthenticated att… |
vulnerability |
nvd |
CVE-2026-30459 |
|
2026-04-16 |
| high |
CVE-2026-30656 — A NULL pointer dereference vulnerability exists in fio (Flexible I/O Tester) v3.41 when parsing job… |
vulnerability |
nvd |
CVE-2026-30656 |
|
2026-04-16 |
| high |
CVE-2026-33804 — @fastify/middie versions 9.3.1 and earlier are vulnerable to middleware bypass when the deprecated F… |
vulnerability |
nvd |
CVE-2026-33804 |
|
2026-04-16 |
| high |
CVE-2026-3324 — Zohocorp ManageEngine Log360 versions 13000 through 13013 are vulnerable to authentication bypass on… |
vulnerability |
nvd |
CVE-2026-3324 |
|
2026-04-16 |
| high |
CVE-2026-5426 — Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to F… |
vulnerability |
nvd |
CVE-2026-5426 |
rce |
2026-04-16 |
| high |
CVE-2026-41082 — In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach… |
vulnerability |
nvd |
CVE-2026-41082 |
|
2026-04-16 |
| high |
CVE-2026-6442 — Improper validation of bash commands in Snowflake Cortex Code CLI versions prior to 1.0.25 allowed s… |
vulnerability |
nvd |
CVE-2026-6442 |
|
2026-04-16 |
| high |
CVE-2026-40901 — DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below shi… |
vulnerability |
nvd |
CVE-2026-40901 |
rce |
2026-04-16 |
| high |
CVE-2026-40170 — ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2_qlog_par… |
vulnerability |
nvd |
CVE-2026-40170 |
|
2026-04-16 |
| high |
CVE-2026-40246 — free5GC is an open-source implementation of the 5G core network. In versions 1.4.2 and below of the… |
vulnerability |
nvd |
CVE-2026-40246 |
|
2026-04-16 |
| high |
CVE-2026-40247 — free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the… |
vulnerability |
nvd |
CVE-2026-40247, CVE-2026-40248, CVE-2026-40249 |
|
2026-04-16 |
| high |
CVE-2026-41113 — sagredo qmail before 2026.04.07 allows tls_quit remote code execution because of popen in notlshosts… |
vulnerability |
nvd |
CVE-2026-41113 |
rce |
2026-04-16 |
| high |
CVE-2026-40259 — SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, the /api… |
vulnerability |
nvd |
CVE-2026-40259 |
|
2026-04-16 |
| high |
CVE-2026-40318 — SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and prior, the /api… |
vulnerability |
nvd |
CVE-2026-40318 |
|
2026-04-16 |
| high |
CVE-2026-22734 — Cloud Foundry UUA is vulnerable to a bypass that allows an attacker to obtain a token for any user a… |
vulnerability |
nvd |
CVE-2026-22734 |
|
2026-04-17 |
| high |
CVE-2026-40262 — Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the asset deliver… |
vulnerability |
nvd |
CVE-2026-40262 |
|
2026-04-17 |
| high |
CVE-2026-5231 — The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'utm_sou… |
vulnerability |
nvd |
CVE-2026-5231 |
|
2026-04-17 |
| high |
CVE-2026-3605 — An authenticated user with access to a kvv2 path through a policy containing a glob may be able to d… |
vulnerability |
nvd |
CVE-2026-3605 |
|
2026-04-17 |
| high |
CVE-2026-4525 — If a Vault auth mount is configured to pass through the "Authorization" header, and the "Authorizati… |
vulnerability |
nvd |
CVE-2026-4525 |
|
2026-04-17 |
| high |
CVE-2026-5807 — Vault is vulnerable to a denial-of-service condition where an unauthenticated attacker can repeatedl… |
vulnerability |
nvd |
CVE-2026-5807 |
|
2026-04-17 |
| high |
CVE-2026-6421 — A vulnerability has been found in Mobatek MobaXterm Home Edition up to 26.1. This affects an unknown… |
vulnerability |
nvd |
CVE-2026-6421 |
|
2026-04-17 |
| high |
CVE-2026-4659 — The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Arbitrary File Read via t… |
vulnerability |
nvd |
CVE-2026-4659 |
|
2026-04-17 |
| high |
CVE-2026-23853 — Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions… |
vulnerability |
nvd |
CVE-2026-23853, CVE-2026-23778, CVE-2026-23776, CVE-2026-23779, CVE-2025-46605, CVE-2025-46606, CVE-2025-46607, CVE-2025-46641, CVE-2026-23777, CVE-2026-28263, CVE-2026-23774 |
|
2026-04-17 |
| high |
CVE-2026-33392 — In JetBrains YouTrack before 2025.3.131383 high privileged user can achieve RCE via sandbox bypass |
vulnerability |
nvd |
CVE-2026-33392 |
rce |
2026-04-17 |
| high |
CVE-2025-36568 — Dell PowerProtect Data Domain BoostFS for client of Feature Release versions 7.7.1.0 through 8.5, LT… |
vulnerability |
nvd |
CVE-2025-36568 |
|
2026-04-17 |
| high |
CVE-2026-23775 — Dell PowerProtect Data Domain appliances with Data Domain Operating System (DD OS) of Feature Releas… |
vulnerability |
nvd |
CVE-2026-23775 |
|
2026-04-17 |
| high |
CVE-2026-6483 — A vulnerability was found in Wavlink WL-WN530H4 20220721. This vulnerability affects the function st… |
vulnerability |
nvd |
CVE-2026-6483 |
|
2026-04-17 |
| high |
CVE-2026-6507 — A flaw was found in dnsmasq. A remote attacker could exploit an out-of-bounds write vulnerability by… |
vulnerability |
nvd |
CVE-2026-6507 |
|
2026-04-17 |
| high |
CVE-2026-31317 — Craftql v1.3.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attack… |
vulnerability |
nvd |
CVE-2026-31317 |
|
2026-04-17 |
| high |
CVE-2026-40459 — PAC4J is vulnerable to LDAP Injection in multiple methods. A low-privileged remote attacker can inje… |
vulnerability |
nvd |
CVE-2026-40459 |
|
2026-04-17 |
| high |
CVE-2026-6490 — A weakness has been identified in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. Impa… |
vulnerability |
nvd |
CVE-2026-6490 |
|
2026-04-17 |
| high |
CVE-2026-21733 — Software installed and run as a non-privileged user may conduct improper GPU system calls to gain wr… |
vulnerability |
nvd |
CVE-2026-21733 |
|
2026-04-17 |
| high |
CVE-2026-3464 — The WP Customer Area plugin for WordPress is vulnerable to arbitrary file read and deletion due to i… |
vulnerability |
nvd |
CVE-2026-3464 |
rce |
2026-04-17 |
| high |
CVE-2026-40515 — OpenHarness before commit bd4df81 contains a permission bypass vulnerability that allows attackers t… |
vulnerability |
nvd |
CVE-2026-40515 |
|
2026-04-17 |
| high |
CVE-2026-40516 — OpenHarness before commit bd4df81 contains a server-side request forgery vulnerability in the web_fe… |
vulnerability |
nvd |
CVE-2026-40516 |
|
2026-04-17 |
| high |
CVE-2026-40518 — ByteDance DeerFlow before commit 2176b2b contains a path traversal and arbitrary file write vulnerab… |
vulnerability |
nvd |
CVE-2026-40518 |
|
2026-04-17 |
| high |
CVE-2025-65104 — Firebird is an open-source relational database management system. In versions FB3 of the client libr… |
vulnerability |
nvd |
CVE-2025-65104 |
|
2026-04-17 |
| high |
CVE-2026-5710 — The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Path… |
vulnerability |
nvd |
CVE-2026-5710 |
|
2026-04-17 |
| high |
CVE-2026-5718 — The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbi… |
vulnerability |
nvd |
CVE-2026-5718 |
rce |
2026-04-17 |
| high |
CVE-2026-28212 — Firebird is an open-source relational database management system. In versions prior to 6.0.0, 5.0.4,… |
vulnerability |
nvd |
CVE-2026-28212 |
|
2026-04-17 |
| high |
CVE-2026-32107 — xrdp is an open source RDP server. In versions through 0.10.5, the session execution component did n… |
vulnerability |
nvd |
CVE-2026-32107 |
|
2026-04-17 |
| high |
CVE-2026-32324 — Anviz CX7 Firmware is vulnerable because the application embeds reusable certificate/key material, e… |
vulnerability |
nvd |
CVE-2026-32324 |
|
2026-04-17 |
| high |
CVE-2026-32650 — Anviz CrossChex Standard is vulnerable when an attacker manipulates the TDS7 PreLogin to disable enc… |
vulnerability |
nvd |
CVE-2026-32650 |
|
2026-04-17 |
| high |
CVE-2026-35682 — Anviz CX2 Lite is vulnerable to an authenticated command injection via a filename parameter that ena… |
vulnerability |
nvd |
CVE-2026-35682 |
|
2026-04-17 |
| high |
CVE-2026-40066 — Anviz CX2 Lite and CX7 are vulnerable to unverified update packages that can be uploaded. The device… |
vulnerability |
nvd |
CVE-2026-40066 |
|
2026-04-17 |
| high |
CVE-2026-40283 — WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site… |
vulnerability |
nvd |
CVE-2026-40283, CVE-2026-40282, CVE-2026-40284, CVE-2026-40286 |
|
2026-04-17 |
| high |
CVE-2026-40434 — Anviz CrossChex Standard lacks source verification in the client/server channel, enabling TCP packet… |
vulnerability |
nvd |
CVE-2026-40434 |
|
2026-04-17 |
| high |
CVE-2026-40461 — Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug settings (e… |
vulnerability |
nvd |
CVE-2026-40461 |
|
2026-04-17 |
| high |
CVE-2026-40196 — HomeBox is a home inventory and organization system. Versions prior to 0.25.0 contain a vulnerabilit… |
vulnerability |
nvd |
CVE-2026-40196 |
|
2026-04-17 |
| high |
CVE-2026-40285 — WeGIA is a web manager for charitable institutions. Versions prior to 3.6.10 contain a SQL injection… |
vulnerability |
nvd |
CVE-2026-40285 |
|
2026-04-17 |
| high |
CVE-2026-40303 — zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, end… |
vulnerability |
nvd |
CVE-2026-40303 |
|
2026-04-17 |
| high |
CVE-2026-40527 — radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command… |
vulnerability |
nvd |
CVE-2026-40527 |
|
2026-04-17 |
| high |
CVE-2026-40305 — DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft e… |
vulnerability |
nvd |
CVE-2026-40305, CVE-2026-40306, CVE-2026-40321 |
|
2026-04-17 |
| high |
CVE-2026-40352 — FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password change endpoin… |
vulnerability |
nvd |
CVE-2026-40352 |
|
2026-04-17 |
| high |
CVE-2026-40474 — wger is a free, open-source workout and fitness manager. In versions 2.5 and below, the GymConfigUpd… |
vulnerability |
nvd |
CVE-2026-40474 |
|
2026-04-17 |
| high |
CVE-2026-2262 — The Easy Appointments plugin for WordPress is vulnerable to Sensitive Information Exposure in all ve… |
vulnerability |
nvd |
CVE-2026-2262 |
|
2026-04-18 |
| high |
CVE-2026-40348 — Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1,… |
vulnerability |
nvd |
CVE-2026-40348, CVE-2026-40349, CVE-2026-40350 |
|
2026-04-18 |
| high |
CVE-2026-40581 — ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the family record… |
vulnerability |
nvd |
CVE-2026-40581 |
|
2026-04-18 |
| high |
CVE-2026-35465 — SecureDrop Client is a desktop app for journalists to securely communicate with sources and handle s… |
vulnerability |
nvd |
CVE-2026-35465 |
|
2026-04-18 |
| high |
CVE-2026-35582 — Emissary is a P2P based data-driven workflow engine. In versions 8.42.0 and below, Executrix.getComm… |
vulnerability |
nvd |
CVE-2026-35582 |
|
2026-04-18 |
| high |
CVE-2026-40487 — Postiz is an AI social media scheduling tool. Prior to version 2.21.6, a file upload validation bypa… |
vulnerability |
nvd |
CVE-2026-40487 |
|
2026-04-18 |
| high |
CVE-2026-6518 — The CMP – Coming Soon & Maintenance Plugin by NiteoThemes plugin for WordPress is vulnerable to arbi… |
vulnerability |
nvd |
CVE-2026-6518 |
rce |
2026-04-18 |
| high |
CVE-2026-25917 — Dag Authors, who normally should not be able to execute code in the webserver context could craft XC… |
vulnerability |
nvd |
CVE-2026-25917 |
|
2026-04-18 |
| high |
CVE-2026-30898 — An example of BashOperator in Airflow documentation suggested a way of passing dag_run.conf in the w… |
vulnerability |
nvd |
CVE-2026-30898 |
|
2026-04-18 |
| high |
CVE-2026-30912 — In case of SQL errors, exception/stack trace of errors was exposed in API even if "api/expose_stack_… |
vulnerability |
nvd |
CVE-2026-30912 |
|
2026-04-18 |
| high |
CVE-2026-32228 — UI / API User with asset materialize permission could trigger dags they had no access to. Users are… |
vulnerability |
nvd |
CVE-2026-32228 |
|
2026-04-18 |
| high |
CVE-2026-6560 — A security vulnerability has been detected in H3C Magic B0 up to 100R002. This vulnerability affects… |
vulnerability |
nvd |
CVE-2026-6560 |
|
2026-04-19 |
| high |
CVE-2026-6562 — A flaw has been found in dameng100 muucmf 1.9.5.20260309. Impacted is the function getListByPage of… |
vulnerability |
nvd |
CVE-2026-6562 |
|
2026-04-19 |
| high |
CVE-2026-6563 — A vulnerability has been found in H3C Magic B1 up to 100R004. The affected element is the function S… |
vulnerability |
nvd |
CVE-2026-6563 |
|
2026-04-19 |
| high |
CVE-2026-6568 — A vulnerability was determined in kodcloud KodExplorer up to 4.52. This affects the function share.c… |
vulnerability |
nvd |
CVE-2026-6568 |
|
2026-04-19 |
| high |
CVE-2026-6569 — A vulnerability was identified in kodcloud KodExplorer up to 4.52. This impacts the function fileGet… |
vulnerability |
nvd |
CVE-2026-6569 |
|
2026-04-19 |
| high |
CVE-2026-6574 — A vulnerability has been found in osuuu LightPicture up to 1.2.2. This issue affects some unknown pr… |
vulnerability |
nvd |
CVE-2026-6574 |
|
2026-04-19 |
| high |
CVE-2026-6577 — A vulnerability was identified in liangliangyy DjangoBlog up to 2.1.0.0. The impacted element is an… |
vulnerability |
nvd |
CVE-2026-6577 |
|
2026-04-19 |
| high |
CVE-2026-6580 — A security vulnerability has been detected in liangliangyy DjangoBlog up to 2.1.0.0. Affected is an… |
vulnerability |
nvd |
CVE-2026-6580 |
|
2026-04-19 |
| high |
CVE-2026-6581 — A vulnerability was detected in H3C Magic B1 up to 100R004. Affected by this vulnerability is the fu… |
vulnerability |
nvd |
CVE-2026-6581 |
|
2026-04-19 |
| high |
CVE-2026-6582 — A flaw has been found in TransformerOptimus SuperAGI up to 0.0.14. Affected by this issue is the fun… |
vulnerability |
nvd |
CVE-2026-6582 |
|
2026-04-19 |
| high |
CVE-2026-6594 — A vulnerability was determined in brikcss merge up to 1.3.0. This affects an unknown part. Executing… |
vulnerability |
nvd |
CVE-2026-6594 |
|
2026-04-20 |
| high |
CVE-2026-6595 — A vulnerability was identified in ProjectsAndPrograms School Management System up to 6b6fae5426044f8… |
vulnerability |
nvd |
CVE-2026-6595 |
|
2026-04-20 |
| high |
CVE-2026-6596 — A security flaw has been discovered in langflow-ai langflow up to 1.1.0. This issue affects the func… |
vulnerability |
nvd |
CVE-2026-6596 |
|
2026-04-20 |
| high |
CVE-2026-32955 — SD-330AC and AMC Manager provided by silex technology, Inc. contain a stack-based buffer overflow vu… |
vulnerability |
nvd |
CVE-2026-32955 |
|
2026-04-20 |
| high |
CVE-2026-32965 — Initialization of a resource with an insecure default vulnerability exists in SD-330AC and AMC Manag… |
vulnerability |
nvd |
CVE-2026-32965 |
|
2026-04-20 |
| high |
CVE-2026-6602 — A vulnerability was found in rickxy Hospital Management System up to 88a4290d957dc5bdde8a56e5ad451ad… |
vulnerability |
nvd |
CVE-2026-6602 |
|
2026-04-20 |
| high |
CVE-2026-6603 — A vulnerability was determined in modelscope agentscope up to 1.0.18. Affected by this vulnerability… |
vulnerability |
nvd |
CVE-2026-6603 |
|
2026-04-20 |
| high |
CVE-2026-6604 — A vulnerability was identified in modelscope agentscope up to 1.0.18. Affected by this issue is the… |
vulnerability |
nvd |
CVE-2026-6604 |
|
2026-04-20 |
| high |
CVE-2026-6605 — A security flaw has been discovered in modelscope agentscope up to 1.0.18. This affects the function… |
vulnerability |
nvd |
CVE-2026-6605 |
|
2026-04-20 |
| high |
CVE-2026-6606 — A weakness has been identified in modelscope agentscope up to 1.0.18. This vulnerability affects the… |
vulnerability |
nvd |
CVE-2026-6606 |
|
2026-04-20 |
| high |
CVE-2026-5966 — ThreatSonar Anti-Ransomware developed by TeamT5 has an Arbitrary File Deletion vulnerability. Authen… |
vulnerability |
nvd |
CVE-2026-5966 |
ransomware |
2026-04-20 |
| high |
CVE-2026-6615 — A weakness has been identified in TransformerOptimus SuperAGI up to 0.0.14. Affected by this issue i… |
vulnerability |
nvd |
CVE-2026-6615 |
|
2026-04-20 |
| high |
CVE-2026-5967 — ThreatSonar Anti-Ransomware developed by TeamT5 has an Privilege Escalation vulnerability. Authentic… |
vulnerability |
nvd |
CVE-2026-5967 |
ransomware |
2026-04-20 |
| high |
CVE-2026-6621 — A vulnerability was determined in 1024bit extend-deep up to 0.1.6. The impacted element is an unknow… |
vulnerability |
nvd |
CVE-2026-6621 |
|
2026-04-20 |
| high |
CVE-2026-6625 — A security vulnerability has been detected in moxi624 Mogu Blog v2 up to 5.2. Affected by this vulne… |
vulnerability |
nvd |
CVE-2026-6625 |
|
2026-04-20 |
| high |
CVE-2026-6629 — A vulnerability has been found in Metasoft 美特软件 MetaCRM up to 6.4.0. This vulnerability affects the… |
vulnerability |
nvd |
CVE-2026-6629 |
|
2026-04-20 |
| high |
CVE-2026-6630 — A vulnerability was found in Tenda F451 1.0.0.7_cn_svn7958. This issue affects the function fromGstD… |
vulnerability |
nvd |
CVE-2026-6630 |
|
2026-04-20 |
| high |
CVE-2026-6631 — A vulnerability was determined in Tenda F451 1.0.0.7_cn_svn7958. Impacted is the function fromwebExc… |
vulnerability |
nvd |
CVE-2026-6631 |
|
2026-04-20 |
| high |
CVE-2026-6632 — A vulnerability was identified in Tenda F451 1.0.0.7_cn_svn7958. The affected element is the functio… |
vulnerability |
nvd |
CVE-2026-6632 |
|
2026-04-20 |
| high |
CVE-2026-6635 — A security vulnerability has been detected in rowboatlabs rowboat up to 0.1.67. This impacts the fun… |
vulnerability |
nvd |
CVE-2026-6635 |
|
2026-04-20 |
| high |
CVE-2026-3517 — OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an a… |
vulnerability |
nvd |
CVE-2026-3517, CVE-2026-3518, CVE-2026-3519 |
rce |
2026-04-20 |
| high |
CVE-2026-4048 — OS Command Injection Remote Code Execution Vulnerability in UI in Progress ADC Products allows an au… |
vulnerability |
nvd |
CVE-2026-4048 |
rce |
2026-04-20 |
| high |
CVE-2026-25058 — Vexa is an open-source, self-hostable meeting bot API and meeting transcription API. Prior to 0.10.0… |
vulnerability |
nvd |
CVE-2026-25058, CVE-2026-25883 |
|
2026-04-20 |
| high |
CVE-2026-26944 — Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through… |
vulnerability |
nvd |
CVE-2026-26944, CVE-2026-24504, CVE-2026-24506, CVE-2026-26943, CVE-2026-26951 |
|
2026-04-20 |
| high |
CVE-2026-34427 — Vvveb prior to 1.0.8.1 contains a privilege escalation vulnerability in the admin user profile save… |
vulnerability |
nvd |
CVE-2026-34427 |
rce |
2026-04-20 |
| high |
CVE-2026-34428 — Vvveb prior to 1.0.8.1 contains a server-side request forgery vulnerability in the oEmbedProxy actio… |
vulnerability |
nvd |
CVE-2026-34428 |
|
2026-04-20 |
| high |
CVE-2026-6066 — ConnectWise has released a security update for ConnectWise Automate™ that addresses a behavior in th… |
vulnerability |
nvd |
CVE-2026-6066 |
|
2026-04-20 |
| high |
CVE-2026-24505 — Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain an improper input validation vulnera… |
vulnerability |
nvd |
CVE-2026-24505 |
|
2026-04-20 |
| high |
CVE-2026-25524 — Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative t… |
vulnerability |
nvd |
CVE-2026-25524, CVE-2026-25525, CVE-2026-40098, CVE-2026-40488 |
|
2026-04-20 |
| high |
CVE-2026-30266 — Insecure Permissions vulnerability in DeepCool DeepCreative v.1.2.7 and before allows a local attack… |
vulnerability |
nvd |
CVE-2026-30266 |
|
2026-04-20 |
| high |
CVE-2026-41445 — KissFFT before commit 8a8e66e contains an integer overflow vulnerability in the kiss_fftndr_alloc()… |
vulnerability |
nvd |
CVE-2026-41445 |
|
2026-04-20 |
| high |
CVE-2026-6662 — A vulnerability was found in ericc-ch copilot-api up to 0.7.0. The impacted element is the function… |
vulnerability |
nvd |
CVE-2026-6662 |
|
2026-04-20 |
| high |
CVE-2026-6248 — The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and… |
vulnerability |
nvd |
CVE-2026-6248 |
rce |
2026-04-20 |
| high |
CVE-2026-29645 — NEMU (OpenXiangShan/NEMU) before v2025.12.r2 contains an improper instruction-validation flaw in its… |
vulnerability |
nvd |
CVE-2026-29645 |
|
2026-04-20 |
| high |
CVE-2026-5478 — The Everest Forms plugin for WordPress is vulnerable to Arbitrary File Read and Deletion in all vers… |
vulnerability |
nvd |
CVE-2026-5478 |
|
2026-04-20 |
| high |
CVE-2026-6249 — Vvveb CMS 1.0.8 contains a remote code execution vulnerability in its media upload handler that allo… |
vulnerability |
nvd |
CVE-2026-6249 |
rce |
2026-04-20 |
| high |
CVE-2026-29642 — A local attacker who can execute privileged CSR operations (or can induce firmware to do so) perform… |
vulnerability |
nvd |
CVE-2026-29642 |
|
2026-04-20 |
| high |
CVE-2026-29648 — In OpenXiangShan NEMU, when Smstateen is enabled, clearing mstateen0.ENVCFG does not correctly restr… |
vulnerability |
nvd |
CVE-2026-29648 |
|
2026-04-20 |
| high |
CVE-2026-33626 — LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior… |
vulnerability |
nvd |
CVE-2026-33626 |
|
2026-04-20 |
| high |
CVE-2026-5928 — Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that h… |
vulnerability |
nvd |
CVE-2026-5928 |
|
2026-04-20 |
| high |
CVE-2026-29643 — XiangShan (Open-source high-performance RISC-V processor) commit edb1dfaf7d290ae99724594507dc46c2c21… |
vulnerability |
nvd |
CVE-2026-29643, CVE-2026-29644 |
botnet |
2026-04-20 |
| high |
CVE-2026-35570 — OpenClaude is an open-source coding-agent command line interface for cloud and local model providers… |
vulnerability |
nvd |
CVE-2026-35570 |
|
2026-04-21 |
| high |
CVE-2026-41294 — OpenClaw before 2026.3.28 loads the current working directory .env file before trusted state-dir con… |
vulnerability |
nvd |
CVE-2026-41294 |
|
2026-04-21 |
| high |
CVE-2026-41295 — OpenClaw before 2026.4.2 contains an improper trust boundary vulnerability allowing untrusted worksp… |
vulnerability |
nvd |
CVE-2026-41295 |
|
2026-04-21 |
| high |
CVE-2026-41296 — OpenClaw before 2026.3.31 contains a time-of-check-time-of-use race condition in the remote filesyst… |
vulnerability |
nvd |
CVE-2026-41296 |
|
2026-04-21 |
| high |
CVE-2026-41297 — OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace pl… |
vulnerability |
nvd |
CVE-2026-41297, CVE-2026-41302 |
|
2026-04-21 |
| high |
CVE-2026-41299 — OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in the chat.send gateway me… |
vulnerability |
nvd |
CVE-2026-41299 |
|
2026-04-21 |
| high |
CVE-2026-41303 — OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in Discord text approval co… |
vulnerability |
nvd |
CVE-2026-41303 |
|
2026-04-21 |
| high |
CVE-2026-39320 — Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.25… |
vulnerability |
nvd |
CVE-2026-39320 |
|
2026-04-21 |
| high |
CVE-2026-39386 — Neko is a a self-hosted virtual browser that runs in Docker and uses WebRTC In versions 3.0.0 throug… |
vulnerability |
nvd |
CVE-2026-39386 |
|
2026-04-21 |
| high |
CVE-2026-39973 — Apktool is a tool for reverse engineering Android APK files. In versions 3.0.0 and 3.0.1, a path tra… |
vulnerability |
nvd |
CVE-2026-39973 |
rce |
2026-04-21 |
| high |
CVE-2026-40497 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, FreeScout's… |
vulnerability |
nvd |
CVE-2026-40497, CVE-2026-40565 |
|
2026-04-21 |
| high |
CVE-2026-31368 — AiAssistant is affected by type privilege bypass, successful exploitation of this vulnerability may… |
vulnerability |
nvd |
CVE-2026-31368 |
|
2026-04-21 |
| high |
CVE-2026-39467 — Deserialization of Untrusted Data vulnerability in MetaSlider Responsive Slider by MetaSlider allows… |
vulnerability |
nvd |
CVE-2026-39467 |
|
2026-04-21 |
| high |
CVE-2026-40520 — FreePBX api module version 17.0.8 and prior contain a command injection vulnerability in the initiat… |
vulnerability |
nvd |
CVE-2026-40520 |
|
2026-04-21 |
| high |
CVE-2026-6746 — Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firef… |
vulnerability |
nvd |
CVE-2026-6746 |
|
2026-04-21 |
| high |
CVE-2026-6747 — Use-after-free in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140… |
vulnerability |
nvd |
CVE-2026-6747 |
|
2026-04-21 |
| high |
CVE-2026-6749 — Information disclosure due to uninitialized memory in the Graphics: Canvas2D component. This vulnera… |
vulnerability |
nvd |
CVE-2026-6749 |
|
2026-04-21 |
| high |
CVE-2026-6750 — Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 1… |
vulnerability |
nvd |
CVE-2026-6750 |
|
2026-04-21 |
| high |
CVE-2026-6752 — Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150,… |
vulnerability |
nvd |
CVE-2026-6752, CVE-2026-6753 |
|
2026-04-21 |
| high |
CVE-2026-6754 — Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 150, Fire… |
vulnerability |
nvd |
CVE-2026-6754 |
|
2026-04-21 |
| high |
CVE-2026-6758 — Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150… |
vulnerability |
nvd |
CVE-2026-6758 |
|
2026-04-21 |
| high |
CVE-2026-6759 — Use-after-free in the Widget: Cocoa component. This vulnerability was fixed in Firefox 150, Firefox… |
vulnerability |
nvd |
CVE-2026-6759 |
|
2026-04-21 |
| high |
CVE-2026-6761 — Privilege escalation in the Networking component. This vulnerability was fixed in Firefox 150, Firef… |
vulnerability |
nvd |
CVE-2026-6761 |
|
2026-04-21 |
| high |
CVE-2026-6766 — Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Fir… |
vulnerability |
nvd |
CVE-2026-6766, CVE-2026-6772 |
|
2026-04-21 |
| high |
CVE-2026-6769 — Privilege escalation in the Debugger component. This vulnerability was fixed in Firefox 150, Firefox… |
vulnerability |
nvd |
CVE-2026-6769 |
|
2026-04-21 |
| high |
CVE-2026-6773 — Denial-of-service due to integer overflow in the Graphics: WebGPU component. This vulnerability was… |
vulnerability |
nvd |
CVE-2026-6773 |
|
2026-04-21 |
| high |
CVE-2026-6776 — Incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in F… |
vulnerability |
nvd |
CVE-2026-6776 |
|
2026-04-21 |
| high |
CVE-2026-6780 — Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 15… |
vulnerability |
nvd |
CVE-2026-6780, CVE-2026-6781 |
ransomware |
2026-04-21 |
| high |
CVE-2026-6782 — Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 150 a… |
vulnerability |
nvd |
CVE-2026-6782 |
|
2026-04-21 |
| high |
CVE-2026-6784 — Memory safety bugs present in Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of… |
vulnerability |
nvd |
CVE-2026-6784 |
|
2026-04-21 |
| high |
CVE-2025-14362 — The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if th… |
vulnerability |
nvd |
CVE-2025-14362, CVE-2026-0972 |
|
2026-04-21 |
| high |
CVE-2026-31018 — In Dolibarr ERP & CRM <= 22.0.4, PHP code detection and editing permission enforcement in the Websit… |
vulnerability |
nvd |
CVE-2026-31018 |
|
2026-04-21 |
| high |
CVE-2026-31019 — In the Website module of Dolibarr ERP & CRM 22.0.4 and below, the application uses blacklist-based f… |
vulnerability |
nvd |
CVE-2026-31019 |
rce |
2026-04-21 |
| high |
CVE-2026-37748 — Visitor Management System 1.0 by sanjay1313 is vulnerable to Unrestricted File Upload in vms/php/adm… |
vulnerability |
nvd |
CVE-2026-37748 |
rce |
2026-04-21 |
| high |
CVE-2026-24177 — NVIDIA KAI Scheduler contains a vulnerability where an attacker could access API endpoints without a… |
vulnerability |
nvd |
CVE-2026-24177 |
|
2026-04-21 |
| high |
CVE-2026-24189 — NVIDIA CUDA-Q contains a vulnerability in an endpoint, where an unauthenticated attacker could cause… |
vulnerability |
nvd |
CVE-2026-24189 |
|
2026-04-21 |
| high |
CVE-2026-38834 — Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the do_ping_ac… |
vulnerability |
nvd |
CVE-2026-38834 |
|
2026-04-21 |
| high |
CVE-2026-40161 — Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. From 1.0.… |
vulnerability |
nvd |
CVE-2026-40161, CVE-2026-40938 |
|
2026-04-21 |
| high |
CVE-2026-40568 — FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a store… |
vulnerability |
nvd |
CVE-2026-40568 |
phishing |
2026-04-21 |
| high |
CVE-2026-40585 — blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, when a password reset is ini… |
vulnerability |
nvd |
CVE-2026-40585 |
|
2026-04-21 |
| high |
CVE-2026-40586 — blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, the login form handler perfo… |
vulnerability |
nvd |
CVE-2026-40586 |
|
2026-04-21 |
| high |
CVE-2026-40589 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, a low-privil… |
vulnerability |
nvd |
CVE-2026-40589 |
|
2026-04-21 |
| high |
CVE-2026-40591 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the phone-co… |
vulnerability |
nvd |
CVE-2026-40591 |
|
2026-04-21 |
| high |
CVE-2026-41189 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, customer-thr… |
vulnerability |
nvd |
CVE-2026-41189 |
|
2026-04-21 |
| high |
CVE-2026-41190 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, when `APP_SH… |
vulnerability |
nvd |
CVE-2026-41190 |
|
2026-04-21 |
| high |
CVE-2026-41191 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, `MailboxesCo… |
vulnerability |
nvd |
CVE-2026-41191 |
|
2026-04-21 |
| high |
CVE-2026-40588 — blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, the password change form at… |
vulnerability |
nvd |
CVE-2026-40588 |
|
2026-04-21 |
| high |
CVE-2026-40611 — Let's Encrypt client and ACME library written in Go (Lego). Prior to 4.34.0, the webroot HTTP-01 cha… |
vulnerability |
nvd |
CVE-2026-40611 |
|
2026-04-21 |
| high |
CVE-2026-41192 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the reply an… |
vulnerability |
nvd |
CVE-2026-41192 |
ransomware |
2026-04-21 |
| high |
CVE-2026-40613 — Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.10.0, the STUN/TURN… |
vulnerability |
nvd |
CVE-2026-40613 |
|
2026-04-21 |
| high |
CVE-2026-40868 — Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to 1.16.4, ky… |
vulnerability |
nvd |
CVE-2026-40868 |
|
2026-04-21 |
| high |
CVE-2026-40869 — Decidim is a participatory democracy framework. Starting in version 0.19.0 and prior to versions 0.3… |
vulnerability |
nvd |
CVE-2026-40869 |
|
2026-04-21 |
| high |
CVE-2026-40870 — Decidim is a participatory democracy framework. Starting in version 0.0.1 and prior to versions 0.30… |
vulnerability |
nvd |
CVE-2026-40870 |
|
2026-04-21 |
| high |
CVE-2026-40871 — mailcow: dockerized is an open source groupware/email suite based on docker. Versions prior to 2026-… |
vulnerability |
nvd |
CVE-2026-40871 |
|
2026-04-21 |
| high |
CVE-2026-40879 — Nest is a framework for building scalable Node.js server-side applications. Prior to 11.1.19, when a… |
vulnerability |
nvd |
CVE-2026-40879 |
|
2026-04-21 |
| high |
CVE-2026-40890 — The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering… |
vulnerability |
nvd |
CVE-2026-40890 |
|
2026-04-21 |
| high |
CVE-2026-40909 — WWBN AVideo is an open source video platform. In versions 29.0 and prior, the locale save endpoint (… |
vulnerability |
nvd |
CVE-2026-40909 |
botnet, rce |
2026-04-21 |
| high |
CVE-2026-6819 — HKUDS OpenHarness prior to PR #156 remediation exposes plugin lifecycle commands including /plugin i… |
vulnerability |
nvd |
CVE-2026-6819 |
|
2026-04-21 |
| high |
CVE-2026-21997 — Vulnerability in the Oracle Life Sciences Empirica Signal product of Oracle Life Science Application… |
vulnerability |
nvd |
CVE-2026-21997 |
|
2026-04-21 |
| high |
CVE-2026-22007 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition produ… |
vulnerability |
nvd |
CVE-2026-22007, CVE-2026-22013, CVE-2026-22016, CVE-2026-22018, CVE-2026-22021, CVE-2026-34268, CVE-2026-34282 |
|
2026-04-21 |
| high |
CVE-2026-22010 — Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Ora… |
vulnerability |
nvd |
CVE-2026-22010, CVE-2026-34310, CVE-2026-34313, CVE-2026-34314, CVE-2026-34321, CVE-2026-34325 |
|
2026-04-21 |
| high |
CVE-2026-22011 — Vulnerability in the Oracle Applications DBA product of Oracle E-Business Suite (component: ADPatch)… |
vulnerability |
nvd |
CVE-2026-22011 |
|
2026-04-21 |
| high |
CVE-2026-34291 — Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Core). Suppo… |
vulnerability |
nvd |
CVE-2026-34291 |
|
2026-04-21 |
| high |
CVE-2026-34292 — Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). S… |
vulnerability |
nvd |
CVE-2026-34292 |
|
2026-04-21 |
| high |
CVE-2026-34297 — Vulnerability in the Oracle HCM Common Architecture product of Oracle E-Business Suite (component: K… |
vulnerability |
nvd |
CVE-2026-34297 |
|
2026-04-21 |
| high |
CVE-2026-34305 — Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Serv… |
vulnerability |
nvd |
CVE-2026-34305, CVE-2026-34315 |
|
2026-04-21 |
| high |
CVE-2026-34309 — Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Secu… |
vulnerability |
nvd |
CVE-2026-34309 |
|
2026-04-21 |
| high |
CVE-2026-34320 — Vulnerability in the Oracle Financial Services Customer Screening product of Oracle Financial Servic… |
vulnerability |
nvd |
CVE-2026-34320 |
|
2026-04-21 |
| high |
CVE-2026-35229 — Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affect… |
vulnerability |
nvd |
CVE-2026-35229 |
|
2026-04-21 |
| high |
CVE-2026-35230 — Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The su… |
vulnerability |
nvd |
CVE-2026-35230, CVE-2026-35242, CVE-2026-35245, CVE-2026-35246, CVE-2026-35247, CVE-2026-35248, CVE-2026-35249, CVE-2026-35250, CVE-2026-35251 |
|
2026-04-21 |
| high |
CVE-2026-35231 — Vulnerability in the Oracle Financial Services Transaction Filtering product of Oracle Financial Ser… |
vulnerability |
nvd |
CVE-2026-35231 |
|
2026-04-21 |
| high |
CVE-2026-35243 — Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middlew… |
vulnerability |
nvd |
CVE-2026-35243 |
|
2026-04-21 |
| high |
CVE-2026-40905 — LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, a password reset poisonin… |
vulnerability |
nvd |
CVE-2026-40905 |
|
2026-04-21 |
| high |
CVE-2026-40925 — WWBN AVideo is an open source video platform. In versions 29.0 and prior, `objects/configurationUpda… |
vulnerability |
nvd |
CVE-2026-40925 |
|
2026-04-21 |
| high |
CVE-2026-6823 — HKUDS OpenHarness prior to PR #147 remediation contains an insecure default configuration vulnerabil… |
vulnerability |
nvd |
CVE-2026-6823 |
|
2026-04-21 |
| high |
CVE-2026-40706 — In NTFS-3G 2022.10.3 before 2026.2.25, a heap buffer overflow exists in ntfs_build_permissions_posix… |
vulnerability |
nvd |
CVE-2026-40706 |
|
2026-04-21 |
| high |
CVE-2026-40931 — Compressing is a compressing and uncompressing lib for node. Prior to 2.1.1 and 1.10.5, the patch fo… |
vulnerability |
nvd |
CVE-2026-40931 |
|
2026-04-21 |
| high |
CVE-2026-6832 — Hermes WebUI contains an arbitrary file deletion vulnerability in the /api/session/delete endpoint t… |
vulnerability |
nvd |
CVE-2026-6832 |
|
2026-04-21 |
| high |
CVE-2026-40926 — WWBN AVideo is an open source video platform. In versions 29.0 and prior, three admin-only JSON endp… |
vulnerability |
nvd |
CVE-2026-40926 |
|
2026-04-21 |
| high |
CVE-2026-41055 — WWBN AVideo is an open source video platform. In versions 29.0 and below, an incomplete SSRF fix in… |
vulnerability |
nvd |
CVE-2026-41055 |
|
2026-04-21 |
| high |
CVE-2026-41056 — WWBN AVideo is an open source video platform. In versions 29.0 and below, the `allowOrigin($allowAll… |
vulnerability |
nvd |
CVE-2026-41056 |
|
2026-04-21 |
| high |
CVE-2026-41057 — WWBN AVideo is an open source video platform. In versions 29.0 and below, the CORS origin validation… |
vulnerability |
nvd |
CVE-2026-41057 |
botnet |
2026-04-21 |
| high |
CVE-2026-41058 — WWBN AVideo is an open source video platform. In versions 29.0 and below, the incomplete fix for AVi… |
vulnerability |
nvd |
CVE-2026-41058 |
botnet |
2026-04-21 |
| high |
CVE-2026-41060 — WWBN AVideo is an open source video platform. In versions 29.0 and below, the `isSSRFSafeURL()` func… |
vulnerability |
nvd |
CVE-2026-41060 |
|
2026-04-21 |
| high |
CVE-2026-41133 — pyLoad is a free and open-source download manager written in Python. Versions up to and including 0.… |
vulnerability |
nvd |
CVE-2026-41133 |
|
2026-04-22 |
| high |
CVE-2026-41135 — free5GC UDR is the Policy Control Function (PCF) for free5GC, an an open-source project for 5th gene… |
vulnerability |
nvd |
CVE-2026-41135 |
|
2026-04-22 |
| high |
CVE-2026-22753 — Vulnerability in Spring Spring Security. If an application is using securityMatchers(String) and a P… |
vulnerability |
nvd |
CVE-2026-22753 |
|
2026-04-22 |
| high |
CVE-2026-22754 — Vulnerability in Spring Spring Security. If an application uses <sec:intercept-url servlet-path="/se… |
vulnerability |
nvd |
CVE-2026-22754 |
|
2026-04-22 |
| high |
CVE-2026-6022 — In Progress® Telerik® UI for AJAX prior to 2026.1.421, RadAsyncUpload contains an uncontrolled resou… |
vulnerability |
nvd |
CVE-2026-6022 |
|
2026-04-22 |
| high |
CVE-2026-6023 — In Progress® Telerik® UI for AJAX versions 2024.4.1114 through 2026.1.421, the RadFilter control is… |
vulnerability |
nvd |
CVE-2026-6023 |
rce |
2026-04-22 |
| high |
CVE-2026-4132 — The HTTP Headers plugin for WordPress is vulnerable to External Control of File Name or Path leading… |
vulnerability |
nvd |
CVE-2026-4132 |
rce |
2026-04-22 |
| high |
CVE-2026-6846 — A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a speciall… |
vulnerability |
nvd |
CVE-2026-6846 |
|
2026-04-22 |
| high |
CVE-2026-6855 — A flaw was found in InstructLab. A local attacker could exploit a path traversal vulnerability in th… |
vulnerability |
nvd |
CVE-2026-6855 |
|
2026-04-22 |
| high |
CVE-2026-6857 — A flaw was found in camel-infinispan. This vulnerability involves unsafe deserialization in the Prot… |
vulnerability |
nvd |
CVE-2026-6857 |
|
2026-04-22 |
| high |
CVE-2026-31450 — In the Linux kernel, the following vulnerability has been resolved: ext4: publish jinode after initi… |
vulnerability |
nvd |
CVE-2026-31450 |
botnet |
2026-04-22 |
| high |
CVE-2026-31456 — In the Linux kernel, the following vulnerability has been resolved: mm/pagewalk: fix race between co… |
vulnerability |
nvd |
CVE-2026-31456 |
botnet |
2026-04-22 |
| high |
CVE-2026-31479 — In the Linux kernel, the following vulnerability has been resolved: drm/xe: always keep track of rem… |
vulnerability |
nvd |
CVE-2026-31479 |
botnet |
2026-04-22 |
| high |
CVE-2026-31510 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix null-ptr-d… |
vulnerability |
nvd |
CVE-2026-31510 |
botnet |
2026-04-22 |
| high |
CVE-2026-33593 — A client can trigger a divide by zero error leading to crash by sending a crafted DNSCrypt query. |
vulnerability |
nvd |
CVE-2026-33593 |
|
2026-04-22 |
| high |
CVE-2026-33608 — An attacker can send a notify request that causes a new secondary domain to be added to the bind bac… |
vulnerability |
nvd |
CVE-2026-33608 |
|
2026-04-22 |
| high |
CVE-2026-41651 — PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way us… |
vulnerability |
nvd |
CVE-2026-41651 |
|
2026-04-22 |
| high |
CVE-2026-6859 — A flaw was found in InstructLab. The `linux_train.py` script hardcodes `trust_remote_code=True` when… |
vulnerability |
nvd |
CVE-2026-6859 |
|
2026-04-22 |
| high |
PowMix botnet targets Czech workforce |
advisory |
vendor-blogs |
|
botnet |
2026-04-16 |
| high |
Darktrace identifies ZionSiphon malware engineered for OT disruption in Israeli water sector environments |
advisory |
vendor-blogs |
|
ics |
2026-04-21 |
| high |
CISA warns organizations of supply chain compromise in Axios npm package delivering remote access trojan |
advisory |
vendor-blogs |
|
supply-chain |
2026-04-21 |
| high |
HSCC warns AI-driven supply chains are outpacing healthcare cybersecurity defenses and oversight models |
advisory |
vendor-blogs |
|
supply-chain |
2026-04-20 |
| high |
967486f372064f8edc8695c91660fe436dadb2cd848a251268c8002fccd4f45c |
malware |
malware-bazaar |
967486f372064f8e…, 177cb7e200e19e8a… |
83-142-209-204, exe |
2026-04-22 |
| high |
3e65e72b82055d6897cde37c80e4bf9fa04a14a88a8a59233fe6688486a1a31d.ps1 |
malware |
malware-bazaar |
3e65e72b82055d68…, 51d9788d36bd5197… |
83-142-209-204, ps1 |
2026-04-22 |
| high |
286640beb0eae8359a4c78ac95b293392943088c60823f7fc269a4488316d885.ps1 |
malware |
malware-bazaar |
286640beb0eae835…, 83c0c504b4d2ca6d… |
83-142-209-204, ps1, botnet |
2026-04-22 |
| high |
04d05978fdb111358073ab0524e5c1fafc0826615c206987618416b8bd8a4747.zip |
malware |
malware-bazaar |
1feea0fb9e74f08c…, d22d0f4b9e9f1c86… |
83-142-209-204, stego, zip, botnet |
2026-04-22 |
| high |
update.ps1 |
malware |
malware-bazaar |
b95f31100a5e8a33…, 4ea1d81fa5a11e17… |
107-173-143-107, ps1 |
2026-04-22 |
| high |
archive0331.zip |
malware |
malware-bazaar |
44671d56654521eb…, 1d23a84bbde85808… |
lauderdale-dollar-mar-forgot-trycloudflare-com, zip |
2026-04-22 |
| high |
Order List.js |
malware |
malware-bazaar |
8c4758e6736950e0…, 3adeb1a915fa0151… |
107-173-143-107, js |
2026-04-22 |
| high |
69f215a8744582fdd7f1643be8fd8587cd6edb18834de.exe |
malware |
malware-bazaar |
69f215a8744582fd…, 73d0fe59ff15619d… |
exe, RAT, ValleyRAT |
2026-04-22 |
| high |
1aa21baefecada61d25cf01cd1eb681b.exe |
malware |
malware-bazaar |
f64ccc637b29a400…, 1aa21baefecada61… |
exe, RedLineStealer, infostealer |
2026-04-22 |
| high |
最新版收菜软件【内部版】.exe |
malware |
malware-bazaar |
26d67030c87fe261…, 9c256ee0d49b6d3d… |
exe, XRed, XRedRAT |
2026-04-22 |
| high |
商家版.exe |
malware |
malware-bazaar |
16f75af75110e7a9…, cb2d702aeb37410e… |
exe, XRed, XRedRAT |
2026-04-22 |
| high |
inst.880233900b.exe |
malware |
malware-bazaar |
6326aadda1ea3106…, f5836b923aa05cfc… |
exe, SilverFox, Trojan/SilverFox.bm[lddel], ValleyRAT |
2026-04-22 |
| high |
Chormex33.exe |
malware |
malware-bazaar |
2cae0bd8e9fc6d05…, 35956895c3e0e955… |
exe, SilverFox, ValleyRAT |
2026-04-22 |
| high |
ps.ps1 |
malware |
malware-bazaar |
5c11f39ef919cbe0…, cc60ac8abcd3a80e… |
booking, lkgkdsjd-com, ps1, pulse-srvc-com |
2026-04-22 |
| high |
21c07c68a32d37b4dfcdcf4d321e26105f7f41a079d7a6e9c66867737409a935.html |
malware |
malware-bazaar |
21c07c68a32d37b4…, 338bbb92eac94516… |
booking, html, lkgkdsjd-com, pulse-srvc-com |
2026-04-22 |
| high |
addae6c82dd407f54d8c0fe9ee223d69011dd2f03cb3428de7ff411924a30f98.dll |
malware |
malware-bazaar |
addae6c82dd407f5…, 5b6ec12d8988d81a… |
exe, invalid-signature |
2026-04-22 |
| high |
buffer.zip |
malware |
malware-bazaar |
6b829c2e656f8129…, 3e02a9db64f30f77… |
booking, HijackLoader, lkgkdsjd-com, pulse-srvc-com, shadowladder, zip |
2026-04-22 |
| high |
Same packet, different magic: Hits India's banking sector and Korea geopolitics |
threat-intel |
otx |
172.81.60.97 | cc0ff7e25ea68617…, 5abac6560eeb77f7… |
espionage, chm files, backdoor, south korea diplomacy, lotuslite, dll sideloading, india banking, javascript loader, botnet |
2026-04-22 |
| high |
Mach-O Man Malware: What CISOs Need to Know |
threat-intel |
otx |
172.86.113.102 | a73ce18952b40fd6… |
mach-o man, browser stealing, pylangghostrat, social engineering, macos, mach-o binaries, telegram exfiltration, credential theft, clickfix, fintech targeting, apt, phishing |
2026-04-22 |
| high |
Void Dokkaebi Uses Fake Job Interview Lure to Spread Malware via Code Repositories |
threat-intel |
otx |
166.88.4.2, 85.239.62.36, 23.27.20.143, 23.27.202.27, 23.27.120.142, 154.91.0.196, 198.105.127.210, 83.168.68.219 | 834a92277f1bd82d…, a12957e7627cb19f… |
dev#popper rat, omnistealer, git history tampering, vs code exploitation, worm propagation, supply chain attack, fake job interview, blockchain infrastructure, invisibleferret, repository poisoning, north korea, developer targeting, beavertail, ottercookie, supply-chain |
2026-04-21 |
| high |
The Gentlemen & SystemBC: A Sneak Peek Behind the Proxy |
threat-intel |
otx |
fe1033335a045c69…, c9d004384de06bbc… |
cobalt-strike, domain-compromise, the gentlemen, psexec, systembc, esxi-encryption, lateral-movement, cobalt strike, anydesk, ransomware-as-a-service, mimikatz, group-policy-deployment, ransomware, botnet |
2026-04-20 |
| high |
Iranian APT Seedworm Targets Global Organizations via Microsoft Teams |
threat-intel |
otx |
ddf75e118db8a561…, f8560b9a893eeb21… |
muddywater infrastructure, in-memory execution, seedworm, microsoft teams, dindoor, social engineering, dindoor backdoor, iran apt, deno runtime, dinodance, apt, phishing, botnet |
2026-04-17 |
| high |
An Overview of The Gentlemen's TTPs |
threat-intel |
otx |
CVE-2023-27532, CVE-2024-37085, CVE-2024-55591, CVE-2025-32463 | 2834114ff7e487c4…, efd5366eb7473d6f… |
vasa locker, medusa, cve-2024-37085, raas, fortios, data-exfiltration, cve-2025-32463, lockbit 5.0, defense-evasion, babyk, ransomware, cve-2024-55591, the gentlemen, cve-2023-27532, babuk, exploit, lateral-movement, qilin, credential-theft |
2026-03-20 |
| high |
Takes Aim at the Ransomware Throne |
threat-intel |
otx |
d68ce82e82801cd4… |
aes encryption, blackbasta affiliates, edr evasion, blackbasta, spam bombing, direct system calls, payouts king, quick assist, microsoft teams, cactus, rsa encryption, ransomware, phishing |
2026-04-17 |
| high |
Dissecting macOS intrusion from lure to compromise |
threat-intel |
otx |
83.136.209.22, 188.227.196.252, 104.145.210.107, 83.136.208.246, 83.136.208.48, 83.136.210.180 | a05400000843fbad… |
social engineering, north korea, systemupdate.app, tcc bypass, com.google.chromes.updaters, applescript, services, softwareupdate.app, cryptocurrency theft, com.apple.cli, macos, sapphire sleet, credential harvesting, icloudz, phishing |
2026-04-17 |
| high |
The n8n n8mare: How threat actors are misusing AI workflow automation |
threat-intel |
otx |
93a09e54e607930d…, 629ce6eb0387a8f7… |
datto rmm, phishing campaign, n8n, webhook abuse, lucidrook, phishing |
2026-04-15 |
| high |
New npm supply-chain attack self-spreads to steal auth tokens |
news |
general-news |
|
supply-chain |
2026-04-22 |
| high |
Researchers Detect ZionSiphon Malware Targeting Israeli Water, Desalination OT Systems |
news |
general-news |
|
ics |
2026-04-20 |
| high |
Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic |
news |
general-news |
|
botnet |
2026-04-16 |
| high |
Navigating the Unique Security Risks of Asia's Digital Supply Chain |
news |
general-news |
|
supply-chain |
2026-04-15 |
| high |
Mirai Botnet Targets Flaw in Discontinued D-Link Routers |
news |
general-news |
|
botnet |
2026-04-22 |
| high |
Are SBOMs Failing? Supply Chain Attacks Rise as Security Teams Struggle With SBOM Data |
news |
general-news |
|
supply-chain |
2026-04-22 |
| high |
ZionSiphon Malware Targets Water Infrastructure Systems |
news |
general-news |
|
ics |
2026-04-20 |
| high |
Attackers Exploit DVR Command Injection Flaw to Deploy Mirai-Based Botnet |
news |
general-news |
|
botnet |
2026-04-20 |
| high |
Why the Axios attack proves AI is mandatory for supply chain security |
news |
general-news |
|
supply-chain |
2026-04-20 |
| medium |
CVE-2025-15470 — The Eleganzo theme for WordPress is vulnerable to arbitrary directory deletion due to insufficient p… |
vulnerability |
nvd |
CVE-2025-15470 |
|
2026-04-15 |
| medium |
CVE-2026-1314 — The 3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery plugin for WordPress is… |
vulnerability |
nvd |
CVE-2026-1314 |
|
2026-04-15 |
| medium |
CVE-2026-1509 — The Avada (Fusion) Builder plugin for WordPress is vulnerable to Arbitrary WordPress Action Executio… |
vulnerability |
nvd |
CVE-2026-1509 |
|
2026-04-15 |
| medium |
CVE-2026-1541 — The Avada (Fusion) Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in a… |
vulnerability |
nvd |
CVE-2026-1541 |
|
2026-04-15 |
| medium |
CVE-2026-2396 — The List View Google Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via… |
vulnerability |
nvd |
CVE-2026-2396 |
|
2026-04-15 |
| medium |
CVE-2026-39963 — Serendipity is a PHP-powered weblog engine. In versions 2.6-beta2 and below, the serendipity_setCook… |
vulnerability |
nvd |
CVE-2026-39963 |
|
2026-04-15 |
| medium |
CVE-2026-39984 — Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Versions 2.0.5 and below… |
vulnerability |
nvd |
CVE-2026-39984 |
transport |
2026-04-15 |
| medium |
CVE-2026-40091 — SpiceDB is an open source database system for creating and managing security-critical application pe… |
vulnerability |
nvd |
CVE-2026-40091 |
|
2026-04-15 |
| medium |
CVE-2026-40096 — immich is a high performance self-hosted photo and video management solution. Versions prior to 2.7.… |
vulnerability |
nvd |
CVE-2026-40096 |
phishing |
2026-04-15 |
| medium |
CVE-2026-4812 — The Advanced Custom Fields (ACF) plugin for WordPress is vulnerable to Missing Authorization to Arbi… |
vulnerability |
nvd |
CVE-2026-4812 |
|
2026-04-15 |
| medium |
CVE-2026-5160 — Versions of the package github.com/yuin/goldmark/renderer/html before 1.7.17 are vulnerable to Cross… |
vulnerability |
nvd |
CVE-2026-5160 |
|
2026-04-15 |
| medium |
CVE-2026-6293 — The Inquiry Form to Posts or Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery… |
vulnerability |
nvd |
CVE-2026-6293 |
|
2026-04-15 |
| medium |
CVE-2026-1782 — The MetForm Pro plugin for WordPress is vulnerable to Improper Input Validation in all versions up t… |
vulnerability |
nvd |
CVE-2026-1782 |
|
2026-04-15 |
| medium |
CVE-2026-3642 — The e-shot™ form builder plugin for WordPress is vulnerable to Missing Authorization in all versions… |
vulnerability |
nvd |
CVE-2026-3642 |
ransomware |
2026-04-15 |
| medium |
CVE-2026-3649 — The Katalogportal PDF Sync plugin for WordPress is vulnerable to Missing Authorization in all versio… |
vulnerability |
nvd |
CVE-2026-3649 |
|
2026-04-15 |
| medium |
CVE-2026-3659 — The WP Circliful plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shor… |
vulnerability |
nvd |
CVE-2026-3659 |
|
2026-04-15 |
| medium |
CVE-2026-3998 — The WM JqMath plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' shor… |
vulnerability |
nvd |
CVE-2026-3998 |
|
2026-04-15 |
| medium |
CVE-2026-4002 — The Petje.af plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to… |
vulnerability |
nvd |
CVE-2026-4002 |
|
2026-04-15 |
| medium |
CVE-2026-4005 — The Coachific Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'u… |
vulnerability |
nvd |
CVE-2026-4005 |
|
2026-04-15 |
| medium |
CVE-2026-4011 — The Power Charts Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id'… |
vulnerability |
nvd |
CVE-2026-4011 |
|
2026-04-15 |
| medium |
CVE-2026-4091 — The OPEN-BRAIN plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up t… |
vulnerability |
nvd |
CVE-2026-4091 |
|
2026-04-15 |
| medium |
CVE-2026-5717 — The VI: Include Post By plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'c… |
vulnerability |
nvd |
CVE-2026-5717 |
|
2026-04-15 |
| medium |
CVE-2026-28741 — Mattermost versions 10.11.x <= 10.11.12, 11.5.x <= 11.5.0, 11.4.x <= 11.4.2, 11.3.x <= 11.3.2 fail t… |
vulnerability |
nvd |
CVE-2026-28741, CVE-2026-3590 |
|
2026-04-15 |
| medium |
CVE-2026-40728 — Missing Authorization vulnerability in BlockArt Magazine Blocks magazine-blocks allows Exploiting In… |
vulnerability |
nvd |
CVE-2026-40728 |
|
2026-04-15 |
| medium |
CVE-2026-40729 — Missing Authorization vulnerability in bPlugins 3D viewer – Embed 3D Models 3d-viewer allows Exploit… |
vulnerability |
nvd |
CVE-2026-40729 |
|
2026-04-15 |
| medium |
CVE-2026-40730 — Missing Authorization vulnerability in ThemeGrill ThemeGrill Demo Importer themegrill-demo-importer… |
vulnerability |
nvd |
CVE-2026-40730 |
|
2026-04-15 |
| medium |
CVE-2026-40734 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i… |
vulnerability |
nvd |
CVE-2026-40734, CVE-2025-15636, CVE-2026-6370 |
|
2026-04-15 |
| medium |
CVE-2026-40737 — Authorization Bypass Through User-Controlled Key vulnerability in VillaTheme COMPE compe-woo-compare… |
vulnerability |
nvd |
CVE-2026-40737 |
|
2026-04-15 |
| medium |
CVE-2026-40740 — Missing Authorization vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configu… |
vulnerability |
nvd |
CVE-2026-40740 |
|
2026-04-15 |
| medium |
CVE-2026-40742 — Missing Authorization vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Explo… |
vulnerability |
nvd |
CVE-2026-40742 |
|
2026-04-15 |
| medium |
CVE-2026-40763 — Missing Authorization vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows… |
vulnerability |
nvd |
CVE-2026-40763 |
ransomware |
2026-04-15 |
| medium |
CVE-2026-40778 — Missing Authorization vulnerability in Majestic Support Majestic Support majestic-support allows Exp… |
vulnerability |
nvd |
CVE-2026-40778 |
|
2026-04-15 |
| medium |
CVE-2026-40786 — Missing Authorization vulnerability in Long Watch Studio MyRewards woorewards allows Exploiting Inco… |
vulnerability |
nvd |
CVE-2026-40786 |
|
2026-04-15 |
| medium |
CVE-2026-1852 — The Product Pricing Table by WooBeWoo plugin for WordPress is vulnerable to Cross-Site Request Forge… |
vulnerability |
nvd |
CVE-2026-1852 |
|
2026-04-15 |
| medium |
CVE-2026-1636 — A potential DLL hijacking vulnerability was reported in Lenovo Service Bridge that, under certain co… |
vulnerability |
nvd |
CVE-2026-1636 |
|
2026-04-15 |
| medium |
CVE-2026-25219 — The `access_key` and `connection_string` connection properties were not marked as sensitive names in… |
vulnerability |
nvd |
CVE-2026-25219 |
|
2026-04-15 |
| medium |
CVE-2025-12141 — In Grafana's alerting system, users with edit permissions for a contact point, specifically the perm… |
vulnerability |
nvd |
CVE-2025-12141 |
|
2026-04-15 |
| medium |
CVE-2025-53444 — Cross-Site Request Forgery (CSRF) vulnerability in DeluxeThemes Userpro allows Cross Site Request Fo… |
vulnerability |
nvd |
CVE-2025-53444 |
|
2026-04-15 |
| medium |
CVE-2026-20202 — In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform ve… |
vulnerability |
nvd |
CVE-2026-20202, CVE-2026-20203 |
|
2026-04-15 |
| medium |
CVE-2025-15635 — Cross-Site Request Forgery (CSRF) vulnerability in Zaytech Smart Online Order for Clover allows Cros… |
vulnerability |
nvd |
CVE-2025-15635 |
|
2026-04-15 |
| medium |
CVE-2026-20059 — A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unaut… |
vulnerability |
nvd |
CVE-2026-20059, CVE-2026-20060 |
|
2026-04-15 |
| medium |
CVE-2026-20061 — A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authe… |
vulnerability |
nvd |
CVE-2026-20061 |
|
2026-04-15 |
| medium |
CVE-2026-20078 — Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker&nbs… |
vulnerability |
nvd |
CVE-2026-20078, CVE-2026-20081 |
|
2026-04-15 |
| medium |
CVE-2026-20132 — Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (IS… |
vulnerability |
nvd |
CVE-2026-20132 |
|
2026-04-15 |
| medium |
CVE-2026-20136 — A vulnerability in the CLI of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identi… |
vulnerability |
nvd |
CVE-2026-20136 |
|
2026-04-15 |
| medium |
CVE-2026-20148 — A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to perf… |
vulnerability |
nvd |
CVE-2026-20148 |
|
2026-04-15 |
| medium |
CVE-2026-20152 — A vulnerability in the authentication service feature of Cisco AsyncOS Software for Cisco Secure Web… |
vulnerability |
nvd |
CVE-2026-20152 |
|
2026-04-15 |
| medium |
CVE-2026-20161 — A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent could allow an authenticated, loca… |
vulnerability |
nvd |
CVE-2026-20161 |
|
2026-04-15 |
| medium |
CVE-2026-20170 — A vulnerability in the Desktop Agent functionality of Cisco Webex Contact Center could have allowed… |
vulnerability |
nvd |
CVE-2026-20170 |
|
2026-04-15 |
| medium |
CVE-2026-33214 — Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API expo… |
vulnerability |
nvd |
CVE-2026-33214, CVE-2026-33220 |
|
2026-04-15 |
| medium |
CVE-2026-5758 — JavaScript is vulnerable to prototype pollution in Mafintosh's protocol-buffers-schema Version 3.6.0… |
vulnerability |
nvd |
CVE-2026-5758 |
rce |
2026-04-15 |
| medium |
CVE-2026-33440 — Weblate is a web based localization tool. In versions prior to 5.17, the ALLOWED_ASSET_DOMAINS setti… |
vulnerability |
nvd |
CVE-2026-33440 |
|
2026-04-15 |
| medium |
CVE-2026-34244 — Weblate is a web based localization tool. In versions prior to 5.17, a user with the project.edit pe… |
vulnerability |
nvd |
CVE-2026-34244 |
|
2026-04-15 |
| medium |
CVE-2026-39845 — Weblate is a web based localization tool. In versions prior to 5.17, the webhook add-on did not util… |
vulnerability |
nvd |
CVE-2026-39845 |
|
2026-04-15 |
| medium |
CVE-2026-40256 — Weblate is a web based localization tool. In versions prior to 5.17, repository-boundary validation… |
vulnerability |
nvd |
CVE-2026-40256 |
|
2026-04-15 |
| medium |
CVE-2026-6245 — A flaw was found in the System Security Services Daemon (SSSD). The pam_passkey_child_read_data() fu… |
vulnerability |
nvd |
CVE-2026-6245 |
|
2026-04-15 |
| medium |
CVE-2026-6383 — A flaw was found in KubeVirt's Role-Based Access Control (RBAC) evaluation logic. The authorization… |
vulnerability |
nvd |
CVE-2026-6383 |
|
2026-04-15 |
| medium |
CVE-2026-21726 — The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single… |
vulnerability |
nvd |
CVE-2026-21726 |
|
2026-04-15 |
| medium |
CVE-2026-40915 — A flaw was found in GIMP. A remote attacker could exploit an integer overflow vulnerability in the F… |
vulnerability |
nvd |
CVE-2026-40915 |
|
2026-04-15 |
| medium |
CVE-2026-40916 — A flaw was found in GIMP. A stack buffer overflow vulnerability in the TIM image loader's 4BPP decod… |
vulnerability |
nvd |
CVE-2026-40916 |
|
2026-04-15 |
| medium |
CVE-2026-40917 — A flaw was found in GIMP. This vulnerability, a heap buffer over-read in the `icns_slurp()` function… |
vulnerability |
nvd |
CVE-2026-40917 |
|
2026-04-15 |
| medium |
CVE-2026-40918 — A flaw was found in GIMP. Processing a specially crafted PVR image file with large dimensions can le… |
vulnerability |
nvd |
CVE-2026-40918 |
|
2026-04-15 |
| medium |
CVE-2026-40919 — A flaw was found in GIMP. This vulnerability, a buffer overflow in the `file-seattle-filmworks` plug… |
vulnerability |
nvd |
CVE-2026-40919 |
|
2026-04-15 |
| medium |
CVE-2026-6298 — Heap buffer overflow in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to o… |
vulnerability |
nvd |
CVE-2026-6298 |
|
2026-04-15 |
| medium |
CVE-2026-6362 — Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to poten… |
vulnerability |
nvd |
CVE-2026-6362 |
|
2026-04-15 |
| medium |
CVE-2026-6364 — Out of bounds read in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to obt… |
vulnerability |
nvd |
CVE-2026-6364 |
|
2026-04-15 |
| medium |
CVE-2026-6385 — A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specia… |
vulnerability |
nvd |
CVE-2026-6385 |
|
2026-04-15 |
| medium |
CVE-2026-40186 — ApostropheCMS is an open-source Node.js content management system. A regression introduced in commit… |
vulnerability |
nvd |
CVE-2026-40186 |
|
2026-04-15 |
| medium |
CVE-2026-40500 — ProcessWire CMS version 3.0.255 and prior contain a server-side request forgery vulnerability in the… |
vulnerability |
nvd |
CVE-2026-40500 |
|
2026-04-15 |
| medium |
CVE-2026-39350 — Istio is an open platform to connect, manage, and secure microservices. In versions 1.25.0 through 1… |
vulnerability |
nvd |
CVE-2026-39350 |
|
2026-04-15 |
| medium |
CVE-2026-4949 — The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict C… |
vulnerability |
nvd |
CVE-2026-4949 |
|
2026-04-15 |
| medium |
CVE-2026-40503 — OpenHarness prior to commit dd1d235 contains a path traversal vulnerability that allows remote gatew… |
vulnerability |
nvd |
CVE-2026-40503 |
|
2026-04-16 |
| medium |
CVE-2026-3299 — The WP YouTube Lyte plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin… |
vulnerability |
nvd |
CVE-2026-3299 |
|
2026-04-16 |
| medium |
CVE-2026-40962 — FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC (Common Encrypt… |
vulnerability |
nvd |
CVE-2026-40962 |
|
2026-04-16 |
| medium |
CVE-2026-3885 — The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Si… |
vulnerability |
nvd |
CVE-2026-3885 |
|
2026-04-16 |
| medium |
CVE-2026-3878 — The WP Docs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpdocs_option… |
vulnerability |
nvd |
CVE-2026-3878 |
|
2026-04-16 |
| medium |
CVE-2026-4032 — The CodeColorer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' pa… |
vulnerability |
nvd |
CVE-2026-4032 |
|
2026-04-16 |
| medium |
CVE-2026-5070 — The Vantage theme for WordPress is vulnerable to Stored Cross-Site Scripting via Gallery block text… |
vulnerability |
nvd |
CVE-2026-5070 |
|
2026-04-16 |
| medium |
CVE-2026-22615 — Due to improper input validation in one of the Eaton Intelligent Power Protector (IPP) XML, it is po… |
vulnerability |
nvd |
CVE-2026-22615 |
|
2026-04-16 |
| medium |
CVE-2026-22616 — Eaton Intelligent Power Protector (IPP) software allows repeated authentication attempts against the… |
vulnerability |
nvd |
CVE-2026-22616 |
|
2026-04-16 |
| medium |
CVE-2026-22617 — Eaton Intelligent Power Protector (IPP) uses an insecure cookie configuration, which could allow a n… |
vulnerability |
nvd |
CVE-2026-22617 |
|
2026-04-16 |
| medium |
CVE-2026-22618 — A security misconfiguration was identified in Eaton Intelligent Power Protector (IPP), where an HTTP… |
vulnerability |
nvd |
CVE-2026-22618 |
|
2026-04-16 |
| medium |
CVE-2026-3551 — The Custom New User Notification plugin for WordPress is vulnerable to Stored Cross-Site Scripting v… |
vulnerability |
nvd |
CVE-2026-3551 |
|
2026-04-16 |
| medium |
CVE-2026-3581 — The Basic Google Maps Placemarks plugin for WordPress is vulnerable to authorization bypass in versi… |
vulnerability |
nvd |
CVE-2026-3581 |
|
2026-04-16 |
| medium |
CVE-2026-3595 — The Riaxe Product Customizer plugin for WordPress is vulnerable to authorization bypass in all versi… |
vulnerability |
nvd |
CVE-2026-3595 |
|
2026-04-16 |
| medium |
CVE-2026-3773 — The Accessibility Suite by Ability, Inc plugin for WordPress is vulnerable to SQL Injection via the… |
vulnerability |
nvd |
CVE-2026-3773 |
|
2026-04-16 |
| medium |
CVE-2025-13364 — The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for… |
vulnerability |
nvd |
CVE-2025-13364 |
|
2026-04-16 |
| medium |
CVE-2026-1572 — The Livemesh Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of… |
vulnerability |
nvd |
CVE-2026-1572 |
|
2026-04-16 |
| medium |
CVE-2026-3355 — The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scri… |
vulnerability |
nvd |
CVE-2026-3355 |
|
2026-04-16 |
| medium |
CVE-2026-3861 — LINE client for iOS versions prior to 26.3.0 contains a vulnerability in the in-app browser where op… |
vulnerability |
nvd |
CVE-2026-3861 |
|
2026-04-16 |
| medium |
CVE-2026-3875 — The BetterDocs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'betterdocs… |
vulnerability |
nvd |
CVE-2026-3875 |
|
2026-04-16 |
| medium |
CVE-2026-3995 — The OPEN-BRAIN plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'API Key' s… |
vulnerability |
nvd |
CVE-2026-3995 |
|
2026-04-16 |
| medium |
CVE-2026-41030 — In ONLYOFFICE DesktopEditors before 9.3.0, the update service allows attackers to perform actions on… |
vulnerability |
nvd |
CVE-2026-41030 |
|
2026-04-16 |
| medium |
CVE-2026-41034 — ONLYOFFICE DocumentServer before 9.3.0 has an untrusted pointer dereference in XLS processing/conver… |
vulnerability |
nvd |
CVE-2026-41034 |
|
2026-04-16 |
| medium |
CVE-2026-0718 — The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vu… |
vulnerability |
nvd |
CVE-2026-0718 |
|
2026-04-16 |
| medium |
CVE-2025-6024 — The authentication endpoint fails to encode user-supplied input before rendering it in the web page,… |
vulnerability |
nvd |
CVE-2025-6024 |
|
2026-04-16 |
| medium |
CVE-2025-12624 — Active access tokens are not revoked or invalidated when a user account is locked within WSO2 Identi… |
vulnerability |
nvd |
CVE-2025-12624 |
|
2026-04-16 |
| medium |
CVE-2026-3369 — The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to Stored Cr… |
vulnerability |
nvd |
CVE-2026-3369 |
|
2026-04-16 |
| medium |
CVE-2026-6414 — @fastify/static versions 8.0.0 through 9.1.0 decode percent-encoded path separators (%2F) before fil… |
vulnerability |
nvd |
CVE-2026-6414 |
|
2026-04-16 |
| medium |
CVE-2026-4160 — The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin fo… |
vulnerability |
nvd |
CVE-2026-4160 |
|
2026-04-16 |
| medium |
CVE-2026-6410 — @fastify/static versions 8.0.0 through 9.1.0 allow path traversal when directory listing is enabled… |
vulnerability |
nvd |
CVE-2026-6410 |
|
2026-04-16 |
| medium |
CVE-2026-2840 — The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to… |
vulnerability |
nvd |
CVE-2026-2840 |
|
2026-04-16 |
| medium |
CVE-2026-37100 — An issue in the Bluetooth Low Energy (BLE) control interface of the Yamaha SR-B30A sound bar firmwar… |
vulnerability |
nvd |
CVE-2026-37100 |
|
2026-04-16 |
| medium |
CVE-2025-36579 — Dell Client Platform BIOS contains a Weak Password Recovery Mechanism vulnerability. An unauthentica… |
vulnerability |
nvd |
CVE-2025-36579 |
|
2026-04-16 |
| medium |
CVE-2025-43883 — Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper check for unusual or excepti… |
vulnerability |
nvd |
CVE-2025-43883 |
|
2026-04-16 |
| medium |
CVE-2026-24749 — The Silverstripe Assets Module is a required component of Silverstripe Framework. In versions prior… |
vulnerability |
nvd |
CVE-2026-24749 |
|
2026-04-16 |
| medium |
CVE-2025-43935 — Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper resource shutdown or release… |
vulnerability |
nvd |
CVE-2025-43935 |
|
2026-04-16 |
| medium |
CVE-2025-43937 — Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an insertion of sensitive information in… |
vulnerability |
nvd |
CVE-2025-43937 |
|
2026-04-16 |
| medium |
CVE-2026-33472 — Cryptomator is an open-source client-side encryption application for cloud storage. Version 1.19.1 c… |
vulnerability |
nvd |
CVE-2026-33472 |
|
2026-04-16 |
| medium |
CVE-2026-34164 — Valtimo is an open-source business process automation platform. In versions 13.0.0 through 13.21.0,… |
vulnerability |
nvd |
CVE-2026-34164 |
|
2026-04-16 |
| medium |
CVE-2026-40253 — openCryptoki is a PKCS#11 library and provides tooling for Linux and AIX. In versions 3.26.0 and bel… |
vulnerability |
nvd |
CVE-2026-40253 |
|
2026-04-16 |
| medium |
CVE-2026-40255 — AdonisJS HTTP Server is a package for handling HTTP requests in the AdonisJS framework. In @adonisjs… |
vulnerability |
nvd |
CVE-2026-40255 |
|
2026-04-16 |
| medium |
CVE-2026-40265 — Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the asset downloa… |
vulnerability |
nvd |
CVE-2026-40265 |
|
2026-04-17 |
| medium |
CVE-2026-40922 — SiYuan is an open-source personal knowledge management system. In versions 3.6.1 through 3.6.3, a pr… |
vulnerability |
nvd |
CVE-2026-40922 |
|
2026-04-17 |
| medium |
CVE-2026-3488 — The WP Statistics plugin for WordPress is vulnerable to Missing Authorization in all versions up to,… |
vulnerability |
nvd |
CVE-2026-3488 |
|
2026-04-17 |
| medium |
CVE-2026-4817 — The MasterStudy LMS WordPress Plugin for Online Courses and Education plugin for WordPress is vulner… |
vulnerability |
nvd |
CVE-2026-4817 |
|
2026-04-17 |
| medium |
CVE-2026-5162 — The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via… |
vulnerability |
nvd |
CVE-2026-5162 |
ransomware |
2026-04-17 |
| medium |
CVE-2026-4666 — The wpForo Forum plugin for WordPress is vulnerable to unauthorized modification of data due to the… |
vulnerability |
nvd |
CVE-2026-4666 |
|
2026-04-17 |
| medium |
CVE-2026-5052 — Vault’s PKI engine’s ACME validation did not reject local targets when issuing http-01 and tls-alpn-… |
vulnerability |
nvd |
CVE-2026-5052 |
|
2026-04-17 |
| medium |
CVE-2026-3330 — The Form Maker by 10Web plugin for WordPress is vulnerable to SQL Injection via the 'ip_search', 'st… |
vulnerability |
nvd |
CVE-2026-3330 |
ransomware |
2026-04-17 |
| medium |
CVE-2026-4853 — The JetBackup – Backup, Restore & Migrate plugin for WordPress is vulnerable to Path Traversal leadi… |
vulnerability |
nvd |
CVE-2026-4853 |
|
2026-04-17 |
| medium |
CVE-2026-5234 — The LatePoint plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions… |
vulnerability |
nvd |
CVE-2026-5234 |
|
2026-04-17 |
| medium |
CVE-2026-5427 — The Kubio plugin for WordPress is vulnerable to Arbitrary File Upload in versions up to and includin… |
vulnerability |
nvd |
CVE-2026-5427 |
|
2026-04-17 |
| medium |
CVE-2026-5502 — The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthori… |
vulnerability |
nvd |
CVE-2026-5502 |
|
2026-04-17 |
| medium |
CVE-2026-6080 — The Tutor LMS plugin for WordPress is vulnerable to SQL Injection in versions up to and including 3.… |
vulnerability |
nvd |
CVE-2026-6080 |
|
2026-04-17 |
| medium |
CVE-2026-5797 — The Quiz And Survey Master plugin for WordPress is vulnerable to Arbitrary Shortcode Execution in ve… |
vulnerability |
nvd |
CVE-2026-5797 |
ransomware |
2026-04-17 |
| medium |
CVE-2026-6441 — The Canto plugin for WordPress is vulnerable to Missing Authorization in versions up to and includin… |
vulnerability |
nvd |
CVE-2026-6441 |
|
2026-04-17 |
| medium |
CVE-2026-40002 — Red Magic 11 Pro (NX809J) contains a vulnerability that allows non-privileged applications to trigge… |
vulnerability |
nvd |
CVE-2026-40002 |
|
2026-04-17 |
| medium |
CVE-2026-6451 — The cms-fuer-motorrad-werkstaetten plugin for WordPress is vulnerable to Cross-Site Request Forgery… |
vulnerability |
nvd |
CVE-2026-6451 |
|
2026-04-17 |
| medium |
CVE-2026-6439 — The VideoZen plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and… |
vulnerability |
nvd |
CVE-2026-6439 |
|
2026-04-17 |
| medium |
CVE-2026-6494 — A flaw was found in the AAP MCP server. An unauthenticated remote attacker can exploit a log injecti… |
vulnerability |
nvd |
CVE-2026-6494 |
phishing |
2026-04-17 |
| medium |
CVE-2026-35072 — Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 th… |
vulnerability |
nvd |
CVE-2026-35072, CVE-2026-35073, CVE-2026-35074, CVE-2026-35153 |
|
2026-04-17 |
| medium |
CVE-2026-6487 — A flaw has been found in Qihui jtbc5 CMS 5.0.3.6. Affected is an unknown function of the file /dev/c… |
vulnerability |
nvd |
CVE-2026-6487 |
|
2026-04-17 |
| medium |
CVE-2026-6488 — A vulnerability was identified in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. This… |
vulnerability |
nvd |
CVE-2026-6488 |
|
2026-04-17 |
| medium |
CVE-2026-6489 — A security flaw has been discovered in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593.… |
vulnerability |
nvd |
CVE-2026-6489 |
|
2026-04-17 |
| medium |
CVE-2025-70795 — STProcessMonitor 11.11.4.0, part of the Safetica Application suite, allows an admin-privileged user… |
vulnerability |
nvd |
CVE-2025-70795 |
|
2026-04-17 |
| medium |
CVE-2026-40458 — PAC4J is vulnerable to Cross-Site Request Forgery (CSRF). A malicious attacker can craft a specially… |
vulnerability |
nvd |
CVE-2026-40458 |
|
2026-04-17 |
| medium |
CVE-2026-6491 — A security vulnerability has been detected in libvips up to 8.18.2. The affected element is the func… |
vulnerability |
nvd |
CVE-2026-6491 |
|
2026-04-17 |
| medium |
CVE-2026-6492 — A vulnerability was detected in arnobt78 Hotel Booking Management System up to f8922d0e0f6ac1cc76197… |
vulnerability |
nvd |
CVE-2026-6492 |
botnet |
2026-04-17 |
| medium |
CVE-2026-41153 — In JetBrains Junie before 252.549.29 command execution was possible via malicious project file |
vulnerability |
nvd |
CVE-2026-41153 |
|
2026-04-17 |
| medium |
CVE-2026-6496 — A vulnerability was found in prasathmani TinyFileManager up to 2.6. Affected is an unknown function… |
vulnerability |
nvd |
CVE-2026-6496 |
|
2026-04-17 |
| medium |
CVE-2026-21709 — A vulnerability allowing a local attacker with administrator privileges to bypass Windows Driver Sig… |
vulnerability |
nvd |
CVE-2026-21709 |
|
2026-04-17 |
| medium |
CVE-2026-6497 — A vulnerability was determined in prasathmani TinyFileManager up to 2.6. Affected by this vulnerabil… |
vulnerability |
nvd |
CVE-2026-6497 |
|
2026-04-17 |
| medium |
CVE-2026-6437 — Improper neutralization of argument delimiters in the volume handling component in AWS EFS CSI Drive… |
vulnerability |
nvd |
CVE-2026-6437 |
|
2026-04-17 |
| medium |
CVE-2026-31927 — Anviz CX7 Firmware is vulnerable to an authenticated CSV upload which allows path traversal to overw… |
vulnerability |
nvd |
CVE-2026-31927 |
|
2026-04-17 |
| medium |
CVE-2026-32648 — Anviz CX2 Lite and CX7 are vulnerable to unauthenticated access that discloses debug configuration d… |
vulnerability |
nvd |
CVE-2026-32648 |
|
2026-04-17 |
| medium |
CVE-2026-33093 — Anviz CX7 Firmware is vulnerable to an unauthenticated POST to the device that captures a photo with… |
vulnerability |
nvd |
CVE-2026-33093 |
|
2026-04-17 |
| medium |
CVE-2026-33569 — Anviz CX2 Lite and CX7 administrative sessions occur over HTTP, enabling on‑path attackers to sniff… |
vulnerability |
nvd |
CVE-2026-33569 |
|
2026-04-17 |
| medium |
CVE-2026-35061 — Anviz CX7 Firmware is vulnerable to the most recently captured test photo that can be retrieved with… |
vulnerability |
nvd |
CVE-2026-35061 |
|
2026-04-17 |
| medium |
CVE-2026-33145 — xrdp is an open source RDP server. Versions through 0.10.5 allow an authenticated remote user to exe… |
vulnerability |
nvd |
CVE-2026-33145 |
|
2026-04-17 |
| medium |
CVE-2026-40155 — The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. In… |
vulnerability |
nvd |
CVE-2026-40155 |
|
2026-04-17 |
| medium |
CVE-2026-40293 — OpenFGA is an authorization/permission engine built for developers. In versions 0.1.4 through 1.13.1… |
vulnerability |
nvd |
CVE-2026-40293 |
ransomware |
2026-04-17 |
| medium |
CVE-2026-40301 — DOMSanitizer is a DOM/SVG/MathML Sanitizer for PHP 7.3+. Prior to version 1.0.10, DOMSanitizer::sani… |
vulnerability |
nvd |
CVE-2026-40301 |
|
2026-04-17 |
| medium |
CVE-2026-40302 — zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, the… |
vulnerability |
nvd |
CVE-2026-40302, CVE-2026-40304 |
|
2026-04-17 |
| medium |
CVE-2026-2434 — The Pz-LinkCard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blogcard'… |
vulnerability |
nvd |
CVE-2026-2434 |
|
2026-04-17 |
| medium |
CVE-2026-40479 — Kimai is an open-source time tracking application. In versions 1.16.3 through 2.52.0, the escapeForH… |
vulnerability |
nvd |
CVE-2026-40479 |
|
2026-04-17 |
| medium |
CVE-2026-40486 — Kimai is an open-source time tracking application. In versions 2.52.0 and below, the User Preference… |
vulnerability |
nvd |
CVE-2026-40486 |
|
2026-04-17 |
| medium |
CVE-2026-40333 — libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, two funct… |
vulnerability |
nvd |
CVE-2026-40333 |
botnet |
2026-04-18 |
| medium |
CVE-2026-40335 — libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-o… |
vulnerability |
nvd |
CVE-2026-40335, CVE-2026-40338, CVE-2026-40339, CVE-2026-40340 |
|
2026-04-18 |
| medium |
CVE-2026-40337 — The Sentry kernel is a high security level micro-kernel implementation made for high security embedd… |
vulnerability |
nvd |
CVE-2026-40337 |
|
2026-04-18 |
| medium |
CVE-2026-40347 — Python-Multipart is a streaming multipart parser for Python. Versions prior to 0.0.26 have a denial… |
vulnerability |
nvd |
CVE-2026-40347 |
|
2026-04-18 |
| medium |
CVE-2026-40483 — ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the Pledge Editor… |
vulnerability |
nvd |
CVE-2026-40483 |
|
2026-04-18 |
| medium |
CVE-2026-40485 — ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the public API log… |
vulnerability |
nvd |
CVE-2026-40485 |
|
2026-04-18 |
| medium |
CVE-2026-40593 — ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the User Editor (U… |
vulnerability |
nvd |
CVE-2026-40593 |
|
2026-04-18 |
| medium |
CVE-2026-1559 — The Youzify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'checkin_place… |
vulnerability |
nvd |
CVE-2026-1559 |
|
2026-04-18 |
| medium |
CVE-2026-1838 — The Hostel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shortcode_i… |
vulnerability |
nvd |
CVE-2026-1838 |
|
2026-04-18 |
| medium |
CVE-2026-40490 — The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and async… |
vulnerability |
nvd |
CVE-2026-40490 |
|
2026-04-18 |
| medium |
CVE-2026-40491 — gdown is a Google Drive public file/folder downloader. Versions prior to 5.2.2 are vulnerable to a P… |
vulnerability |
nvd |
CVE-2026-40491 |
rce |
2026-04-18 |
| medium |
CVE-2026-4801 — The Page Builder Gutenberg Blocks – CoBlocks plugin for WordPress is vulnerable to Stored Cross-Site… |
vulnerability |
nvd |
CVE-2026-4801 |
|
2026-04-18 |
| medium |
CVE-2026-6048 — The Flipbox Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting vi… |
vulnerability |
nvd |
CVE-2026-6048 |
|
2026-04-18 |
| medium |
CVE-2026-41253 — In iTerm2 through 3.6.9, displaying a .txt file can cause code execution via DCS 2000p and OSC 135 d… |
vulnerability |
nvd |
CVE-2026-41253 |
ransomware |
2026-04-18 |
| medium |
CVE-2026-41254 — Little CMS (lcms2) through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow… |
vulnerability |
nvd |
CVE-2026-41254 |
|
2026-04-18 |
| medium |
CVE-2026-0894 — The Content Blocks (Custom Post Widget) plugin for WordPress is vulnerable to Stored Cross-Site Scri… |
vulnerability |
nvd |
CVE-2026-0894 |
|
2026-04-18 |
| medium |
CVE-2026-2505 — The Categories Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions… |
vulnerability |
nvd |
CVE-2026-2505 |
|
2026-04-18 |
| medium |
CVE-2026-2986 — The Contextual Related Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via t… |
vulnerability |
nvd |
CVE-2026-2986 |
|
2026-04-18 |
| medium |
CVE-2026-40948 — The Keycloak authentication manager in `apache-airflow-providers-keycloak` did not generate or valid… |
vulnerability |
nvd |
CVE-2026-40948 |
|
2026-04-18 |
| medium |
CVE-2026-0868 — The EMC – Easily Embed Calendly Scheduling Features plugin for WordPress is vulnerable to Stored Cro… |
vulnerability |
nvd |
CVE-2026-0868 |
|
2026-04-19 |
| medium |
CVE-2026-6559 — A weakness has been identified in Wavlink WL-WN579A3 220323. This affects the function sub_401F80 of… |
vulnerability |
nvd |
CVE-2026-6559 |
|
2026-04-19 |
| medium |
CVE-2026-6561 — A vulnerability was detected in EyouCMS up to 1.7.1. This issue affects the function edit_adminlogo… |
vulnerability |
nvd |
CVE-2026-6561 |
|
2026-04-19 |
| medium |
CVE-2026-6564 — A vulnerability was found in EMQ EMQX Enterprise up to 6.1.0. The impacted element is an unknown fun… |
vulnerability |
nvd |
CVE-2026-6564 |
|
2026-04-19 |
| medium |
CVE-2026-6571 — A weakness has been identified in kodcloud KodExplorer up to 4.52. Affected by this vulnerability is… |
vulnerability |
nvd |
CVE-2026-6571 |
|
2026-04-19 |
| medium |
CVE-2026-6572 — A security vulnerability has been detected in Collabora KodExplorer up to 4.52. Affected by this iss… |
vulnerability |
nvd |
CVE-2026-6572 |
|
2026-04-19 |
| medium |
CVE-2026-6573 — A vulnerability was detected in PHPEMS 11.0. This affects the function temppage of the file /app/exa… |
vulnerability |
nvd |
CVE-2026-6573 |
|
2026-04-19 |
| medium |
CVE-2026-6576 — A vulnerability was determined in liangliangyy DjangoBlog up to 2.1.0.0. The affected element is the… |
vulnerability |
nvd |
CVE-2026-6576 |
|
2026-04-19 |
| medium |
CVE-2026-6578 — A security flaw has been discovered in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknow… |
vulnerability |
nvd |
CVE-2026-6578 |
|
2026-04-19 |
| medium |
CVE-2026-6579 — A weakness has been identified in liangliangyy DjangoBlog up to 2.1.0.0. This impacts an unknown fun… |
vulnerability |
nvd |
CVE-2026-6579 |
|
2026-04-19 |
| medium |
CVE-2026-6583 — A vulnerability has been found in TransformerOptimus SuperAGI up to 0.0.14. This affects the functio… |
vulnerability |
nvd |
CVE-2026-6583 |
|
2026-04-19 |
| medium |
CVE-2026-6584 — A vulnerability was found in TransformerOptimus SuperAGI up to 0.0.14. This vulnerability affects th… |
vulnerability |
nvd |
CVE-2026-6584 |
|
2026-04-20 |
| medium |
CVE-2026-6585 — A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This issue affects the f… |
vulnerability |
nvd |
CVE-2026-6585 |
|
2026-04-20 |
| medium |
CVE-2026-6586 — A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Impacted is the function… |
vulnerability |
nvd |
CVE-2026-6586 |
|
2026-04-20 |
| medium |
CVE-2026-6587 — A security flaw has been discovered in vibrantlabsai RAGAS up to 0.4.3. The affected element is the… |
vulnerability |
nvd |
CVE-2026-6587 |
|
2026-04-20 |
| medium |
CVE-2026-6588 — A weakness has been identified in serge-chat serge up to 1.4TB. The impacted element is the function… |
vulnerability |
nvd |
CVE-2026-6588 |
|
2026-04-20 |
| medium |
CVE-2026-6589 — A security vulnerability has been detected in ComfyUI up to 0.13.0. This affects the function create… |
vulnerability |
nvd |
CVE-2026-6589 |
|
2026-04-20 |
| medium |
CVE-2026-6590 — A vulnerability was detected in ComfyUI up to 0.13.0. This impacts the function get_model_preview of… |
vulnerability |
nvd |
CVE-2026-6590 |
|
2026-04-20 |
| medium |
CVE-2026-6591 — A flaw has been found in ComfyUI up to 0.13.0. Affected is the function folder_paths.get_annotated_f… |
vulnerability |
nvd |
CVE-2026-6591 |
|
2026-04-20 |
| medium |
CVE-2026-32957 — SD-330AC and AMC Manager provided by silex technology, Inc. contain a missing authentication for cri… |
vulnerability |
nvd |
CVE-2026-32957, CVE-2026-32962 |
|
2026-04-20 |
| medium |
CVE-2026-32958 — SD-330AC and AMC Manager provided by silex technology, Inc. use a hard-coded cryptographic key. An a… |
vulnerability |
nvd |
CVE-2026-32958 |
|
2026-04-20 |
| medium |
CVE-2026-32959 — SD-330AC and AMC Manager provided by silex technology, Inc. contain an issue with a use of a broken… |
vulnerability |
nvd |
CVE-2026-32959 |
|
2026-04-20 |
| medium |
CVE-2026-32960 — SD-330AC and AMC Manager provided by silex technology, Inc. contain an issue with a sensitive inform… |
vulnerability |
nvd |
CVE-2026-32960 |
|
2026-04-20 |
| medium |
CVE-2026-32964 — SD-330AC and AMC Manager provided by silex technology, Inc. contain an improper neutralization of CR… |
vulnerability |
nvd |
CVE-2026-32964 |
|
2026-04-20 |
| medium |
CVE-2026-6598 — A security vulnerability has been detected in langflow-ai langflow up to 1.8.3. The affected element… |
vulnerability |
nvd |
CVE-2026-6598 |
|
2026-04-20 |
| medium |
CVE-2026-6599 — A vulnerability was detected in langflow-ai langflow up to 1.8.3. The impacted element is the functi… |
vulnerability |
nvd |
CVE-2026-6599 |
|
2026-04-20 |
| medium |
CVE-2026-6601 — A vulnerability has been found in Lagom WHMCS Template up to 2.4.2. This impacts an unknown function… |
vulnerability |
nvd |
CVE-2026-6601 |
|
2026-04-20 |
| medium |
CVE-2026-6607 — A security vulnerability has been detected in lm-sys fastchat up to 0.2.36. This issue affects the f… |
vulnerability |
nvd |
CVE-2026-6607 |
botnet |
2026-04-20 |
| medium |
CVE-2026-6608 — A vulnerability was detected in lm-sys fastchat up to 0.2.36. Impacted is the function add_text of t… |
vulnerability |
nvd |
CVE-2026-6608 |
|
2026-04-20 |
| medium |
CVE-2026-6609 — A flaw has been found in liangliangyy DjangoBlog up to 2.1.0.0. The affected element is the function… |
vulnerability |
nvd |
CVE-2026-6609 |
|
2026-04-20 |
| medium |
CVE-2026-6612 — A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This impacts the functio… |
vulnerability |
nvd |
CVE-2026-6612 |
|
2026-04-20 |
| medium |
CVE-2026-6613 — A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Affected is the function… |
vulnerability |
nvd |
CVE-2026-6613 |
|
2026-04-20 |
| medium |
CVE-2026-6614 — A security flaw has been discovered in TransformerOptimus SuperAGI up to 0.0.14. Affected by this vu… |
vulnerability |
nvd |
CVE-2026-6614 |
|
2026-04-20 |
| medium |
CVE-2026-41282 — ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL expression injection. This affects use of -env-var… |
vulnerability |
nvd |
CVE-2026-41282 |
|
2026-04-20 |
| medium |
CVE-2026-6616 — A security vulnerability has been detected in TransformerOptimus SuperAGI up to 0.0.14. This affects… |
vulnerability |
nvd |
CVE-2026-6616 |
|
2026-04-20 |
| medium |
CVE-2026-6617 — A vulnerability was detected in langgenius dify up to 0.6.9. This vulnerability affects the function… |
vulnerability |
nvd |
CVE-2026-6617 |
|
2026-04-20 |
| medium |
CVE-2026-6618 — A flaw has been found in langgenius dify up to 1.13.3. This issue affects the function parse_openai_… |
vulnerability |
nvd |
CVE-2026-6618 |
|
2026-04-20 |
| medium |
CVE-2026-6620 — A vulnerability was found in SonicCloudOrg sonic-server up to 2.0.0. The affected element is the fun… |
vulnerability |
nvd |
CVE-2026-6620 |
|
2026-04-20 |
| medium |
CVE-2026-6626 — A vulnerability was detected in Cockpit-HQ Cockpit up to 2.13.5. Affected by this issue is some unkn… |
vulnerability |
nvd |
CVE-2026-6626 |
|
2026-04-20 |
| medium |
CVE-2026-6628 — A flaw has been found in phili67 Ecclesia CRM up to 8.0.0. This affects the function ValidateInput o… |
vulnerability |
nvd |
CVE-2026-6628 |
|
2026-04-20 |
| medium |
CVE-2026-6654 — Double-Free / Use-After-Free (UAF) in the `IntoIter::drop` and `ThinVec::clear` functions in the thi… |
vulnerability |
nvd |
CVE-2026-6654 |
|
2026-04-20 |
| medium |
CVE-2026-6634 — A weakness has been identified in usememos memos up to 0.22.1. This affects the function memos_acces… |
vulnerability |
nvd |
CVE-2026-6634 |
|
2026-04-20 |
| medium |
CVE-2026-6636 — A vulnerability was detected in p2r3 convert up to 6998584ace3e11db66dff0b423612a5cf91de75b. Affecte… |
vulnerability |
nvd |
CVE-2026-6636 |
|
2026-04-20 |
| medium |
CVE-2025-66335 — Apache Doris MCP Server versions earlier than 0.6.1 are affected by an improper neutralization flaw… |
vulnerability |
nvd |
CVE-2025-66335 |
|
2026-04-20 |
| medium |
CVE-2026-33558 — Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component… |
vulnerability |
nvd |
CVE-2026-33558 |
|
2026-04-20 |
| medium |
CVE-2026-6649 — A vulnerability was determined in Qibo CMS 1.0. Affected by this issue is some unknown functionality… |
vulnerability |
nvd |
CVE-2026-6649 |
|
2026-04-20 |
| medium |
CVE-2026-34429 — Vvveb prior to 1.0.8.1 contains a stored cross-site scripting vulnerability that allows authenticate… |
vulnerability |
nvd |
CVE-2026-34429 |
rce |
2026-04-20 |
| medium |
CVE-2026-40896 — OpenProject is open-source, web-based project management software. Prior to version 17.3.0, a user w… |
vulnerability |
nvd |
CVE-2026-40896 |
|
2026-04-20 |
| medium |
CVE-2026-41245 — Junrar is an open source java RAR archive library. Prior to version 7.5.10, a path traversal vulnera… |
vulnerability |
nvd |
CVE-2026-41245 |
|
2026-04-20 |
| medium |
CVE-2026-6650 — A vulnerability was identified in Z-BlogPHP 1.7.5. This affects the function App::UnPack of the file… |
vulnerability |
nvd |
CVE-2026-6650 |
|
2026-04-20 |
| medium |
CVE-2026-6652 — A weakness has been identified in Pagekit CMS up to 1.0.18. This issue affects the function evaluate… |
vulnerability |
nvd |
CVE-2026-6652 |
|
2026-04-20 |
| medium |
CVE-2025-66954 — A vulnerability exists in the Buffalo Link Station version 1.85-0.01 that allows unauthenticated or… |
vulnerability |
nvd |
CVE-2025-66954 |
|
2026-04-20 |
| medium |
CVE-2026-22761 — Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain a command injection vulnerability. A… |
vulnerability |
nvd |
CVE-2026-22761 |
|
2026-04-20 |
| medium |
CVE-2026-26942 — Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain(s) an Improper Neutralization of Spe… |
vulnerability |
nvd |
CVE-2026-26942 |
|
2026-04-20 |
| medium |
CVE-2026-28684 — python-dotenv reads key-value pairs from a .env file and can set them as environment variables. Prio… |
vulnerability |
nvd |
CVE-2026-28684 |
|
2026-04-20 |
| medium |
CVE-2026-35154 — Dell PowerProtect Data Domain appliances, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions… |
vulnerability |
nvd |
CVE-2026-35154 |
|
2026-04-20 |
| medium |
CVE-2026-23752 — GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the template grou… |
vulnerability |
nvd |
CVE-2026-23752 |
|
2026-04-20 |
| medium |
CVE-2026-23753 — GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the language mana… |
vulnerability |
nvd |
CVE-2026-23753 |
|
2026-04-20 |
| medium |
CVE-2026-23756 — GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the Troubleshoote… |
vulnerability |
nvd |
CVE-2026-23756 |
|
2026-04-20 |
| medium |
CVE-2026-23757 — GFI HelpDesk before 4.99.10 contains a stored cross-site scripting vulnerability in the Reports modu… |
vulnerability |
nvd |
CVE-2026-23757 |
|
2026-04-20 |
| medium |
CVE-2026-26399 — A stack-use-after-return issue exists in the Arduino_Core_STM32 library prior to version 1.7.0. The… |
vulnerability |
nvd |
CVE-2026-26399 |
|
2026-04-20 |
| medium |
CVE-2026-39112 — Cross Site Scripting vulnerability in Apartment Visitors Management System Apartment Visitors Manage… |
vulnerability |
nvd |
CVE-2026-39112 |
|
2026-04-20 |
| medium |
CVE-2026-41389 — OpenClaw versions 2026.4.7 before 2026.4.15 fail to enforce local-root containment on tool-result me… |
vulnerability |
nvd |
CVE-2026-41389 |
|
2026-04-20 |
| medium |
CVE-2026-6060 — A vulnerability in the SQL Box in the admin interface of OTRS leads to an uncontrolled resource cons… |
vulnerability |
nvd |
CVE-2026-6060 |
|
2026-04-20 |
| medium |
CVE-2026-6550 — Cryptographic algorithm downgrade in the caching layer of Amazon AWS Encryption SDK for Python befor… |
vulnerability |
nvd |
CVE-2026-6550 |
|
2026-04-20 |
| medium |
CVE-2026-29647 — In OpenXiangShan NEMU, insufficient Smstateen permission enforcement allows lower-privileged code to… |
vulnerability |
nvd |
CVE-2026-29647 |
|
2026-04-20 |
| medium |
CVE-2026-4852 — The Image Source Control Lite – Show Image Credits and Captions plugin for WordPress is vulnerable t… |
vulnerability |
nvd |
CVE-2026-4852 |
|
2026-04-20 |
| medium |
CVE-2026-6729 — HKUDS OpenHarness prior to PR #159 remediation contains a session key derivation vulnerability that… |
vulnerability |
nvd |
CVE-2026-6729 |
|
2026-04-20 |
| medium |
CVE-2026-5721 — The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress i… |
vulnerability |
nvd |
CVE-2026-5721 |
|
2026-04-20 |
| medium |
CVE-2026-35588 — Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Cassand… |
vulnerability |
nvd |
CVE-2026-35588 |
|
2026-04-21 |
| medium |
CVE-2026-40045 — OpenClaw before 2026.4.2 accepts non-loopback cleartext ws:// gateway endpoints and transmits stored… |
vulnerability |
nvd |
CVE-2026-40045 |
|
2026-04-21 |
| medium |
CVE-2026-41285 — In OpenBSD through 7.8, the slaacd and rad daemons have an infinite loop when they receive a crafted… |
vulnerability |
nvd |
CVE-2026-41285 |
|
2026-04-21 |
| medium |
CVE-2026-41298 — OpenClaw before 2026.4.2 fails to enforce write scopes on the POST /sessions/:sessionKey/kill endpoi… |
vulnerability |
nvd |
CVE-2026-41298 |
|
2026-04-21 |
| medium |
CVE-2026-41300 — OpenClaw before 2026.3.31 contains a trust-decline vulnerability that preserves attacker-discovered… |
vulnerability |
nvd |
CVE-2026-41300 |
|
2026-04-21 |
| medium |
CVE-2026-41301 — OpenClaw versions 2026.3.22 before 2026.3.31 contain a signature verification bypass vulnerability i… |
vulnerability |
nvd |
CVE-2026-41301 |
|
2026-04-21 |
| medium |
CVE-2026-41330 — OpenClaw before 2026.3.31 contains an environment variable override vulnerability in host exec polic… |
vulnerability |
nvd |
CVE-2026-41330 |
|
2026-04-21 |
| medium |
CVE-2026-41331 — OpenClaw before 2026.3.31 contains a resource consumption vulnerability in Telegram audio preflight… |
vulnerability |
nvd |
CVE-2026-41331 |
|
2026-04-21 |
| medium |
CVE-2026-39377 — The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja… |
vulnerability |
nvd |
CVE-2026-39377, CVE-2026-39378 |
|
2026-04-21 |
| medium |
CVE-2026-39886 — OpenEXR provides the specification and reference implementation of the EXR file format, an image sto… |
vulnerability |
nvd |
CVE-2026-39886, CVE-2026-40244, CVE-2026-40250 |
|
2026-04-21 |
| medium |
CVE-2026-6058 — ** UNSUPPORTED WHEN ASSIGNED ** An improper encoding or escaping vulnerability in the CGI program of… |
vulnerability |
nvd |
CVE-2026-6058 |
|
2026-04-21 |
| medium |
CVE-2026-6674 — The Plugin: CMS für Motorrad Werkstätten plugin for WordPress is vulnerable to SQL Injection via the… |
vulnerability |
nvd |
CVE-2026-6674 |
|
2026-04-21 |
| medium |
CVE-2026-6675 — The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to Una… |
vulnerability |
nvd |
CVE-2026-6675, CVE-2026-6703 |
|
2026-04-21 |
| medium |
CVE-2026-31370 — Honor E APP is affected by information leak vulnerability, successful exploitation of this vulnerabi… |
vulnerability |
nvd |
CVE-2026-31370 |
|
2026-04-21 |
| medium |
CVE-2026-6711 — The Website LLMs.txt plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 't… |
vulnerability |
nvd |
CVE-2026-6711 |
|
2026-04-21 |
| medium |
CVE-2026-6712 — The Website LLMs.txt plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin set… |
vulnerability |
nvd |
CVE-2026-6712 |
|
2026-04-21 |
| medium |
CVE-2026-6755 — Mitigation bypass in the DOM: postMessage component. This vulnerability was fixed in Firefox 150 and… |
vulnerability |
nvd |
CVE-2026-6755 |
|
2026-04-21 |
| medium |
CVE-2026-6763 — Mitigation bypass in the File Handling component. This vulnerability was fixed in Firefox 150, Firef… |
vulnerability |
nvd |
CVE-2026-6763 |
|
2026-04-21 |
| medium |
CVE-2026-6764 — Incorrect boundary conditions in the DOM: Device Interfaces component. This vulnerability was fixed… |
vulnerability |
nvd |
CVE-2026-6764 |
|
2026-04-21 |
| medium |
CVE-2026-6765 — Information disclosure in the Form Autofill component. This vulnerability was fixed in Firefox 150,… |
vulnerability |
nvd |
CVE-2026-6765 |
|
2026-04-21 |
| medium |
CVE-2026-6767 — Other issue in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox… |
vulnerability |
nvd |
CVE-2026-6767 |
|
2026-04-21 |
| medium |
CVE-2026-6770 — Other issue in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 150, Firefo… |
vulnerability |
nvd |
CVE-2026-6770 |
|
2026-04-21 |
| medium |
CVE-2026-6774 — Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150 and Th… |
vulnerability |
nvd |
CVE-2026-6774 |
|
2026-04-21 |
| medium |
CVE-2026-6775 — Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150 a… |
vulnerability |
nvd |
CVE-2026-6775 |
|
2026-04-21 |
| medium |
CVE-2026-6777 — Other issue in the Networking: DNS component. This vulnerability was fixed in Firefox 150 and Thunde… |
vulnerability |
nvd |
CVE-2026-6777 |
|
2026-04-21 |
| medium |
CVE-2026-6778 — Invalid pointer in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150… |
vulnerability |
nvd |
CVE-2026-6778 |
ransomware |
2026-04-21 |
| medium |
CVE-2026-6779 — Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150 and Thun… |
vulnerability |
nvd |
CVE-2026-6779 |
|
2026-04-21 |
| medium |
CVE-2026-6783 — Incorrect boundary conditions, integer overflow in the Audio/Video: Playback component. This vulnera… |
vulnerability |
nvd |
CVE-2026-6783 |
ransomware |
2026-04-21 |
| medium |
CVE-2025-1241 — Encrypted values in Fortra's GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior to v… |
vulnerability |
nvd |
CVE-2025-1241 |
|
2026-04-21 |
| medium |
CVE-2025-31981 — HCL BigFix Service Management (SM) Discovery is vulnerable to unenforced encryption due to port 80 (… |
vulnerability |
nvd |
CVE-2025-31981 |
|
2026-04-21 |
| medium |
CVE-2026-0971 — An improper session timeout issue in Fortra's GoAnywhere MFT prior to version 7.10.0 results in SAML… |
vulnerability |
nvd |
CVE-2026-0971 |
|
2026-04-21 |
| medium |
CVE-2026-1089 — User‑Controlled HTTP Header in Fortra's GoAnywhere MFT prior to version 7.10.0 allows attackers to t… |
vulnerability |
nvd |
CVE-2026-1089 |
|
2026-04-21 |
| medium |
CVE-2026-31013 — Dovestones Softwares ADPhonebook <4.0.1.1 has a reflected cross-site scripting (XSS) vulnerability i… |
vulnerability |
nvd |
CVE-2026-31013 |
|
2026-04-21 |
| medium |
CVE-2026-31014 — Dovestones Softwares AD Self Update <4.0.0.5 is vulnerable to Cross Site Request Forgery (CSRF). The… |
vulnerability |
nvd |
CVE-2026-31014 |
|
2026-04-21 |
| medium |
CVE-2026-40498 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthent… |
vulnerability |
nvd |
CVE-2026-40498, CVE-2026-40567 |
|
2026-04-21 |
| medium |
CVE-2026-24176 — NVIDIA KAI Scheduler contains a vulnerability where an attacker could cause improper authorization t… |
vulnerability |
nvd |
CVE-2026-24176 |
|
2026-04-21 |
| medium |
CVE-2026-25542 — Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. From 0.43… |
vulnerability |
nvd |
CVE-2026-25542 |
|
2026-04-21 |
| medium |
CVE-2026-26067 — October is a Content Management System (CMS) and web platform. Prior to 3.7.14 and 4.1.10, a server-… |
vulnerability |
nvd |
CVE-2026-26067 |
|
2026-04-21 |
| medium |
CVE-2026-26274 — October is a Content Management System (CMS) and web platform. Prior to 3.7.14 and 4.1.10, a vulnera… |
vulnerability |
nvd |
CVE-2026-26274 |
|
2026-04-21 |
| medium |
CVE-2026-35451 — Twenty is an open source CRM. Prior to 1.20.6, a Stored Cross-Site Scripting (XSS) vulnerability exi… |
vulnerability |
nvd |
CVE-2026-35451 |
|
2026-04-21 |
| medium |
CVE-2026-40566 — FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a Serve… |
vulnerability |
nvd |
CVE-2026-40566 |
|
2026-04-21 |
| medium |
CVE-2026-40574 — OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Prior to 7.15.2… |
vulnerability |
nvd |
CVE-2026-40574 |
|
2026-04-21 |
| medium |
CVE-2026-40590 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the Change C… |
vulnerability |
nvd |
CVE-2026-40590 |
|
2026-04-21 |
| medium |
CVE-2026-40592 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the undo-sen… |
vulnerability |
nvd |
CVE-2026-40592 |
|
2026-04-21 |
| medium |
CVE-2026-41183 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the assigned… |
vulnerability |
nvd |
CVE-2026-41183 |
|
2026-04-21 |
| medium |
CVE-2026-40587 — blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, when a user changes their pa… |
vulnerability |
nvd |
CVE-2026-40587 |
|
2026-04-21 |
| medium |
CVE-2026-40594 — pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev98, the set… |
vulnerability |
nvd |
CVE-2026-40594 |
|
2026-04-21 |
| medium |
CVE-2026-40602 — The Home Assistant Command-line interface (hass-cli) is a command-line tool for Home Assistant. Up t… |
vulnerability |
nvd |
CVE-2026-40602 |
|
2026-04-21 |
| medium |
CVE-2026-40606 — mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software… |
vulnerability |
nvd |
CVE-2026-40606 |
|
2026-04-21 |
| medium |
CVE-2026-40608 — Next AI Draw.io is a next.js web application that integrates AI capabilities with draw.io diagrams.… |
vulnerability |
nvd |
CVE-2026-40608 |
|
2026-04-21 |
| medium |
CVE-2026-41194 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the mailbox… |
vulnerability |
nvd |
CVE-2026-41194 |
|
2026-04-21 |
| medium |
CVE-2026-22751 — Vulnerability in Spring Spring Security. Applications that explicitly configure One-Time Token login… |
vulnerability |
nvd |
CVE-2026-22751 |
|
2026-04-21 |
| medium |
CVE-2026-6744 — A vulnerability was found in Bagisto up to 2.3.15. Affected is the function copy of the component Do… |
vulnerability |
nvd |
CVE-2026-6744 |
|
2026-04-21 |
| medium |
CVE-2026-33812 — Parsing a malicious font file can cause excessive memory allocation. |
vulnerability |
nvd |
CVE-2026-33812 |
|
2026-04-21 |
| medium |
CVE-2026-40889 — Frappe HR is an open-source human resources management solution (HRMS). Prior to versions 15.58.2 an… |
vulnerability |
nvd |
CVE-2026-40889 |
|
2026-04-21 |
| medium |
CVE-2026-40907 — WWBN AVideo is an open source video platform. In versions 29.0 and prior, the endpoint `plugin/Live/… |
vulnerability |
nvd |
CVE-2026-40907 |
|
2026-04-21 |
| medium |
CVE-2026-40908 — WWBN AVideo is an open source video platform. In versions 29.0 and prior, the file `git.json.php` at… |
vulnerability |
nvd |
CVE-2026-40908 |
|
2026-04-21 |
| medium |
CVE-2026-41320 — Frappe HR is an open-source human resources management solution (HRMS). Prior to versions 15.54.0 an… |
vulnerability |
nvd |
CVE-2026-41320 |
|
2026-04-21 |
| medium |
CVE-2026-21998 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported… |
vulnerability |
nvd |
CVE-2026-21998, CVE-2026-22002, CVE-2026-22005, CVE-2026-22009, CVE-2026-22017, CVE-2026-34267, CVE-2026-34272, CVE-2026-34278, CVE-2026-34303, CVE-2026-35240 |
|
2026-04-21 |
| medium |
CVE-2026-21999 — Vulnerability in the XML Database component of Oracle Database Server. Supported versions that are a… |
vulnerability |
nvd |
CVE-2026-21999 |
|
2026-04-21 |
| medium |
CVE-2026-22001 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). S… |
vulnerability |
nvd |
CVE-2026-22001, CVE-2026-22015 |
|
2026-04-21 |
| medium |
CVE-2026-22003 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co… |
vulnerability |
nvd |
CVE-2026-22003 |
|
2026-04-21 |
| medium |
CVE-2026-22004 — Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions th… |
vulnerability |
nvd |
CVE-2026-22004, CVE-2026-34304, CVE-2026-35236, CVE-2026-35237, CVE-2026-35238 |
|
2026-04-21 |
| medium |
CVE-2026-22006 — Vulnerability in the PeopleSoft Enterprise HCM Human Resources product of Oracle PeopleSoft (compone… |
vulnerability |
nvd |
CVE-2026-22006, CVE-2026-34280 |
|
2026-04-21 |
| medium |
CVE-2026-22019 — Vulnerability in the PeopleSoft Enterprise HCM Shared Components product of Oracle PeopleSoft (compo… |
vulnerability |
nvd |
CVE-2026-22019 |
|
2026-04-21 |
| medium |
CVE-2026-34266 — Vulnerability in the PeopleSoft Enterprise HCM Absence Management product of Oracle PeopleSoft (comp… |
vulnerability |
nvd |
CVE-2026-34266 |
|
2026-04-21 |
| medium |
CVE-2026-34269 — Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Port… |
vulnerability |
nvd |
CVE-2026-34269 |
|
2026-04-21 |
| medium |
CVE-2026-34270 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plug… |
vulnerability |
nvd |
CVE-2026-34270, CVE-2026-34271, CVE-2026-34276 |
|
2026-04-21 |
| medium |
CVE-2026-34273 — Vulnerability in Oracle GoldenGate (component: Libraries). Supported versions that are affected are… |
vulnerability |
nvd |
CVE-2026-34273 |
|
2026-04-21 |
| medium |
CVE-2026-34274 — Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: User Interfa… |
vulnerability |
nvd |
CVE-2026-34274 |
|
2026-04-21 |
| medium |
CVE-2026-34277 — Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Flui… |
vulnerability |
nvd |
CVE-2026-34277 |
|
2026-04-21 |
| medium |
CVE-2026-34281 — Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported ver… |
vulnerability |
nvd |
CVE-2026-34281 |
|
2026-04-21 |
| medium |
CVE-2026-34283 — Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: Identit… |
vulnerability |
nvd |
CVE-2026-34283 |
|
2026-04-21 |
| medium |
CVE-2026-34284 — Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware (c… |
vulnerability |
nvd |
CVE-2026-34284 |
|
2026-04-21 |
| medium |
CVE-2026-34293 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versio… |
vulnerability |
nvd |
CVE-2026-34293, CVE-2026-35239 |
|
2026-04-21 |
| medium |
CVE-2026-34295 — Vulnerability in the PeopleSoft Enterprise SCM Purchasing product of Oracle PeopleSoft (component: P… |
vulnerability |
nvd |
CVE-2026-34295 |
|
2026-04-21 |
| medium |
CVE-2026-34296 — Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply… |
vulnerability |
nvd |
CVE-2026-34296 |
supply-chain |
2026-04-21 |
| medium |
CVE-2026-34298 — Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Pe… |
vulnerability |
nvd |
CVE-2026-34298 |
|
2026-04-21 |
| medium |
CVE-2026-34299 — Vulnerability in the PeopleSoft Enterprise FIN Maintenance Management product of Oracle PeopleSoft (… |
vulnerability |
nvd |
CVE-2026-34299, CVE-2026-34301 |
|
2026-04-21 |
| medium |
CVE-2026-34300 — Vulnerability in the PeopleSoft Enterprise FIN Contracts product of Oracle PeopleSoft (component: Co… |
vulnerability |
nvd |
CVE-2026-34300 |
|
2026-04-21 |
| medium |
CVE-2026-34302 — Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Workflow Loader)… |
vulnerability |
nvd |
CVE-2026-34302 |
|
2026-04-21 |
| medium |
CVE-2026-34306 — Vulnerability in the PeopleSoft Enterprise FIN Project Costing product of Oracle PeopleSoft (compone… |
vulnerability |
nvd |
CVE-2026-34306 |
|
2026-04-21 |
| medium |
CVE-2026-34307 — Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Work… |
vulnerability |
nvd |
CVE-2026-34307 |
|
2026-04-21 |
| medium |
CVE-2026-34308 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: JSON). Supported versi… |
vulnerability |
nvd |
CVE-2026-34308 |
|
2026-04-21 |
| medium |
CVE-2026-34317 — Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client). Supported… |
vulnerability |
nvd |
CVE-2026-34317, CVE-2026-34318, CVE-2026-34319 |
|
2026-04-21 |
| medium |
CVE-2026-34323 — Vulnerability in the Oracle Life Sciences InForm product of Oracle Life Science Applications (compon… |
vulnerability |
nvd |
CVE-2026-34323, CVE-2026-34324 |
|
2026-04-21 |
| medium |
CVE-2026-35232 — Vulnerability in Oracle Fusion Middleware (component: Dynamic Monitoring Service). Supported version… |
vulnerability |
nvd |
CVE-2026-35232 |
|
2026-04-21 |
| medium |
CVE-2026-35234 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported… |
vulnerability |
nvd |
CVE-2026-35234 |
|
2026-04-21 |
| medium |
CVE-2026-35235 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Supported versio… |
vulnerability |
nvd |
CVE-2026-35235 |
|
2026-04-21 |
| medium |
CVE-2026-35241 — Vulnerability in the PeopleSoft Enterprise CS Student Records product of Oracle PeopleSoft (componen… |
vulnerability |
nvd |
CVE-2026-35241 |
|
2026-04-21 |
| medium |
CVE-2026-35244 — Vulnerability in the Oracle Hyperion Infrastructure Technology product of Oracle Hyperion (component… |
vulnerability |
nvd |
CVE-2026-35244 |
|
2026-04-21 |
| medium |
CVE-2026-35252 — Vulnerability in the Oracle Security Service product of Oracle Fusion Middleware (component: C Oracl… |
vulnerability |
nvd |
CVE-2026-35252 |
|
2026-04-21 |
| medium |
CVE-2026-40910 — frp is a fast reverse proxy. From 0.43.0 to 0.68.0, frp contains an authentication bypass in the HTT… |
vulnerability |
nvd |
CVE-2026-40910 |
|
2026-04-21 |
| medium |
CVE-2026-40923 — Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Prior to… |
vulnerability |
nvd |
CVE-2026-40923, CVE-2026-40924 |
|
2026-04-21 |
| medium |
CVE-2026-40927 — Docmost is open-source collaborative wiki and documentation software. Prior to 0.80.0, when leaving… |
vulnerability |
nvd |
CVE-2026-40927 |
|
2026-04-21 |
| medium |
CVE-2026-6796 — A vulnerability was determined in Sanluan PublicCMS up to 6.202506.d. Affected is the function log_l… |
vulnerability |
nvd |
CVE-2026-6796 |
|
2026-04-21 |
| medium |
CVE-2026-6797 — A vulnerability was identified in Sanluan PublicCMS up to 6.202506.d. Affected by this vulnerability… |
vulnerability |
nvd |
CVE-2026-6797 |
|
2026-04-21 |
| medium |
CVE-2026-1354 — Zero Motorcycles firmware versions 44 and prior enable an attacker to forcibly pair a device with th… |
vulnerability |
nvd |
CVE-2026-1354 |
|
2026-04-21 |
| medium |
CVE-2026-41527 — KDE Kleopatra before 26.08.0 on Windows allows local users to obtain the privileges of a Kleopatra u… |
vulnerability |
nvd |
CVE-2026-41527 |
|
2026-04-21 |
| medium |
CVE-2026-6799 — A security flaw has been discovered in Comfast CF-N1-S 2.6.0.1. Affected by this issue is some unkno… |
vulnerability |
nvd |
CVE-2026-6799 |
|
2026-04-21 |
| medium |
CVE-2026-6829 — nesquena hermes-webui contains a trust-boundary failure vulnerability that allows authenticated atta… |
vulnerability |
nvd |
CVE-2026-6829 |
|
2026-04-21 |
| medium |
CVE-2026-40928 — WWBN AVideo is an open source video platform. In versions 29.0 and prior, multiple AVideo JSON endpo… |
vulnerability |
nvd |
CVE-2026-40928 |
|
2026-04-21 |
| medium |
CVE-2026-40929 — WWBN AVideo is an open source video platform. In versions 29.0 and prior, `objects/commentDelete.jso… |
vulnerability |
nvd |
CVE-2026-40929 |
ransomware |
2026-04-21 |
| medium |
CVE-2026-40935 — WWBN AVideo is an open source video platform. In versions 29.0 and prior, `objects/getCaptcha.php` a… |
vulnerability |
nvd |
CVE-2026-40935 |
|
2026-04-21 |
| medium |
CVE-2026-41061 — WWBN AVideo is an open source video platform. In versions 29.0 and below, the `isValidDuration()` re… |
vulnerability |
nvd |
CVE-2026-41061 |
ransomware |
2026-04-21 |
| medium |
CVE-2026-41062 — WWBN AVideo is an open source video platform. In versions 29.0 and below, the directory traversal fi… |
vulnerability |
nvd |
CVE-2026-41062 |
|
2026-04-21 |
| medium |
CVE-2026-41063 — WWBN AVideo is an open source video platform. In versions 29.0 and below, an incomplete XSS fix in A… |
vulnerability |
nvd |
CVE-2026-41063 |
|
2026-04-21 |
| medium |
CVE-2026-41126 — BigBlueButton is an open-source virtual classroom. Versions prior to 3.0.24 have an Open Redirect th… |
vulnerability |
nvd |
CVE-2026-41126 |
|
2026-04-22 |
| medium |
CVE-2026-41127 — BigBlueButton is an open-source virtual classroom. Versions prior to 3.0.24 have a missing authoriza… |
vulnerability |
nvd |
CVE-2026-41127 |
|
2026-04-22 |
| medium |
CVE-2026-41131 — OpenFGA is an authorization/permission engine built for developers. Prior to version 1.14.1, in spec… |
vulnerability |
nvd |
CVE-2026-41131 |
|
2026-04-22 |
| medium |
CVE-2026-6833 — The a+HRD developed by aEnrich has a SQL Injection vulnerability, allowing authenticated remote atta… |
vulnerability |
nvd |
CVE-2026-6833 |
|
2026-04-22 |
| medium |
CVE-2026-6834 — The a+HRD developed by aEnrich has a Missing Authorization vulnerability, allowing authenticated rem… |
vulnerability |
nvd |
CVE-2026-6834 |
|
2026-04-22 |
| medium |
CVE-2026-6835 — The a+HCM developed by aEnrich has an Arbitrary File Upload vulnerability, allowing unauthenticated… |
vulnerability |
nvd |
CVE-2026-6835 |
|
2026-04-22 |
| medium |
CVE-2026-22747 — Vulnerability in Spring Spring Security. SubjectX500PrincipalExtractor does not correctly handle cer… |
vulnerability |
nvd |
CVE-2026-22747 |
|
2026-04-22 |
| medium |
CVE-2026-22748 — Vulnerability in Spring Spring Security. When an application configures JWT decoding with NimbusJwtD… |
vulnerability |
nvd |
CVE-2026-22748 |
|
2026-04-22 |
| medium |
CVE-2026-40448 — Potential Integer overflow in tensor allocation size calculation could lead to insufficient memory a… |
vulnerability |
nvd |
CVE-2026-40448 |
|
2026-04-22 |
| medium |
CVE-2026-40449 — Integer overflow in buffer size calculation could result in out of bounds memory access when handlin… |
vulnerability |
nvd |
CVE-2026-40449 |
|
2026-04-22 |
| medium |
CVE-2026-40450 — Integer overflow in output tensor copy size calculation in Samsung Open Source ONE could cause incor… |
vulnerability |
nvd |
CVE-2026-40450 |
|
2026-04-22 |
| medium |
CVE-2026-41664 — Integer overflow in memory copy size calculation in Samsung Open Source ONE could lead to invalid me… |
vulnerability |
nvd |
CVE-2026-41664 |
|
2026-04-22 |
| medium |
CVE-2026-41665 — Integer overflow in scratch buffer initialization size calculation in Samsung Open Source ONE cause… |
vulnerability |
nvd |
CVE-2026-41665 |
|
2026-04-22 |
| medium |
CVE-2026-41666 — Integer overflow in tensor copy size calculation in Samsung Open Source ONE could lead to out of bou… |
vulnerability |
nvd |
CVE-2026-41666 |
|
2026-04-22 |
| medium |
CVE-2026-41667 — Integer overflow in constant tensor data size calculation in Samsung Open Source ONE could cause inc… |
vulnerability |
nvd |
CVE-2026-41667 |
|
2026-04-22 |
| medium |
CVE-2026-6839 — Improper validation of STRING tensor offsets could allows malformed string metadata to trigger out o… |
vulnerability |
nvd |
CVE-2026-6839 |
|
2026-04-22 |
| medium |
CVE-2026-6840 — Missing bounds validation for operator could allow out of range operator-code lookup during model lo… |
vulnerability |
nvd |
CVE-2026-6840 |
|
2026-04-22 |
| medium |
CVE-2026-1379 — The HTTP Headers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin setting… |
vulnerability |
nvd |
CVE-2026-1379 |
|
2026-04-22 |
| medium |
CVE-2026-1845 — The Real Estate Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin sett… |
vulnerability |
nvd |
CVE-2026-1845 |
|
2026-04-22 |
| medium |
CVE-2026-2714 — The Institute Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '… |
vulnerability |
nvd |
CVE-2026-2714 |
|
2026-04-22 |
| medium |
CVE-2026-2717 — The HTTP Headers plugin for WordPress is vulnerable to CRLF Injection in all versions up to, and inc… |
vulnerability |
nvd |
CVE-2026-2717 |
|
2026-04-22 |
| medium |
CVE-2026-2719 — The Private WP suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Exce… |
vulnerability |
nvd |
CVE-2026-2719 |
|
2026-04-22 |
| medium |
CVE-2026-3362 — The Short Comment Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '… |
vulnerability |
nvd |
CVE-2026-3362 |
|
2026-04-22 |
| medium |
CVE-2026-4074 — The Quran Live Multilanguage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via t… |
vulnerability |
nvd |
CVE-2026-4074 |
|
2026-04-22 |
| medium |
CVE-2026-4076 — The Slider Bootstrap Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via… |
vulnerability |
nvd |
CVE-2026-4076 |
|
2026-04-22 |
| medium |
CVE-2026-4082 — The ER Swiffy Insert plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the [swif… |
vulnerability |
nvd |
CVE-2026-4082 |
|
2026-04-22 |
| medium |
CVE-2026-4085 — The Easy Social Photos Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via… |
vulnerability |
nvd |
CVE-2026-4085 |
|
2026-04-22 |
| medium |
CVE-2026-4088 — The Switch CTA Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wppw_c… |
vulnerability |
nvd |
CVE-2026-4088 |
|
2026-04-22 |
| medium |
CVE-2026-4089 — The Twittee Text Tweet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id… |
vulnerability |
nvd |
CVE-2026-4089 |
|
2026-04-22 |
| medium |
CVE-2026-4090 — The Inquiry Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up… |
vulnerability |
nvd |
CVE-2026-4090 |
|
2026-04-22 |
| medium |
CVE-2026-4117 — The CalJ plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and incl… |
vulnerability |
nvd |
CVE-2026-4117 |
|
2026-04-22 |
| medium |
CVE-2026-4118 — The Call To Action Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all ve… |
vulnerability |
nvd |
CVE-2026-4118 |
|
2026-04-22 |
| medium |
CVE-2026-4121 — The Kcaptcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to… |
vulnerability |
nvd |
CVE-2026-4121 |
|
2026-04-22 |
| medium |
CVE-2026-4125 — The WPMK Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' sho… |
vulnerability |
nvd |
CVE-2026-4125 |
|
2026-04-22 |
| medium |
CVE-2026-4126 — The Table Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versio… |
vulnerability |
nvd |
CVE-2026-4126 |
|
2026-04-22 |
| medium |
CVE-2026-4128 — The TP Restore Categories And Taxonomies plugin for WordPress is vulnerable to Missing Authorization… |
vulnerability |
nvd |
CVE-2026-4128 |
|
2026-04-22 |
| medium |
CVE-2026-4131 — The WP Responsive Popup + Optin plugin for WordPress is vulnerable to Cross-Site Request Forgery in… |
vulnerability |
nvd |
CVE-2026-4131 |
|
2026-04-22 |
| medium |
CVE-2026-4133 — The TextP2P Texting Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all v… |
vulnerability |
nvd |
CVE-2026-4133 |
|
2026-04-22 |
| medium |
CVE-2026-4138 — The DX Unanswered Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all v… |
vulnerability |
nvd |
CVE-2026-4138 |
|
2026-04-22 |
| medium |
CVE-2026-4139 — The mCatFilter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up t… |
vulnerability |
nvd |
CVE-2026-4139 |
|
2026-04-22 |
| medium |
CVE-2026-4140 — The Ni WooCommerce Order Export plugin for WordPress is vulnerable to Cross-Site Request Forgery in… |
vulnerability |
nvd |
CVE-2026-4140 |
|
2026-04-22 |
| medium |
CVE-2026-4142 — The Sentence To SEO (keywords, description and tags) plugin for WordPress is vulnerable to Stored Cr… |
vulnerability |
nvd |
CVE-2026-4142 |
|
2026-04-22 |
| medium |
CVE-2026-4279 — The Bread & Butter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'breadb… |
vulnerability |
nvd |
CVE-2026-4279 |
|
2026-04-22 |
| medium |
CVE-2026-4280 — The Breaking News WP plugin for WordPress is vulnerable to Local File Inclusion in all versions up t… |
vulnerability |
nvd |
CVE-2026-4280 |
|
2026-04-22 |
| medium |
CVE-2026-4353 — The CI HUB Connector plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id'… |
vulnerability |
nvd |
CVE-2026-4353 |
|
2026-04-22 |
| medium |
CVE-2026-5748 — The Text Snippets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's… |
vulnerability |
nvd |
CVE-2026-5748 |
|
2026-04-22 |
| medium |
CVE-2026-5767 — The SlideShowPro SC plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin… |
vulnerability |
nvd |
CVE-2026-5767 |
|
2026-04-22 |
| medium |
CVE-2026-5820 — The Zypento Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table o… |
vulnerability |
nvd |
CVE-2026-5820 |
|
2026-04-22 |
| medium |
CVE-2026-6041 — The Buzz Comments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Custom… |
vulnerability |
nvd |
CVE-2026-6041 |
|
2026-04-22 |
| medium |
CVE-2026-6236 — The Posts map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' short… |
vulnerability |
nvd |
CVE-2026-6236 |
|
2026-04-22 |
| medium |
CVE-2026-6246 — The Simple Random Posts Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting… |
vulnerability |
nvd |
CVE-2026-6246 |
|
2026-04-22 |
| medium |
CVE-2026-6294 — The Google PageRank Display plugin for WordPress is vulnerable to Cross-Site Request Forgery in vers… |
vulnerability |
nvd |
CVE-2026-6294 |
ransomware |
2026-04-22 |
| medium |
CVE-2026-6396 — The Fast & Fancy Filter – 3F plugin for WordPress is vulnerable to Cross-Site Request Forgery in ver… |
vulnerability |
nvd |
CVE-2026-6396 |
|
2026-04-22 |
| medium |
CVE-2026-6843 — A flaw was found in nano. A local user could exploit a format string vulnerability in the `statuslin… |
vulnerability |
nvd |
CVE-2026-6843 |
ransomware |
2026-04-22 |
| medium |
CVE-2026-6844 — A flaw was found in the `readelf` utility of the binutils package. A local attacker could exploit tw… |
vulnerability |
nvd |
CVE-2026-6844 |
|
2026-04-22 |
| medium |
CVE-2026-6845 — A flaw was found in binutils, specifically within the `readelf` utility. This vulnerability allows a… |
vulnerability |
nvd |
CVE-2026-6845 |
|
2026-04-22 |
| medium |
CVE-2026-1395 — The Gutentools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Slider… |
vulnerability |
nvd |
CVE-2026-1395 |
|
2026-04-22 |
| medium |
CVE-2026-1913 — The Gallagher Website Design plugin for WordPress is vulnerable to Stored Cross-Site Scripting via t… |
vulnerability |
nvd |
CVE-2026-1913 |
|
2026-04-22 |
| medium |
CVE-2026-1930 — The Emailchef plugin for WordPress is vulnerable to unauthorized modification of data due to a missi… |
vulnerability |
nvd |
CVE-2026-1930 |
|
2026-04-22 |
| medium |
CVE-2026-33256 — An attacker can send a web request that causes unlimited memory allocation in the internal web serve… |
vulnerability |
nvd |
CVE-2026-33256, CVE-2026-33257, CVE-2026-33260 |
|
2026-04-22 |
| medium |
CVE-2026-33258 — By publishing and querying a crafted zone an attacker can cause allocation of large entries in the n… |
vulnerability |
nvd |
CVE-2026-33258 |
|
2026-04-22 |
| medium |
CVE-2026-33259 — Having many concurrent transfers of the same RPZ can lead to inconsistent RPZ data, use after free a… |
vulnerability |
nvd |
CVE-2026-33259 |
|
2026-04-22 |
| medium |
CVE-2026-33261 — A zone transition from NSEC to NSEC3 might trigger an internal inconsistency and cause a denial of s… |
vulnerability |
nvd |
CVE-2026-33261 |
|
2026-04-22 |
| medium |
CVE-2026-33262 — An attacker can send replies that result in a null pointer dereference, caused by a missing consiste… |
vulnerability |
nvd |
CVE-2026-33262 |
|
2026-04-22 |
| medium |
CVE-2026-33600 — An RPZ sent by a malicious authoritative server can result in a null pointer dereference, caused by… |
vulnerability |
nvd |
CVE-2026-33600 |
|
2026-04-22 |
| medium |
CVE-2026-33601 — If you use the zoneToCache function with a malicious authoritative server, an attacker can send a zo… |
vulnerability |
nvd |
CVE-2026-33601 |
|
2026-04-22 |
| medium |
CVE-2026-6848 — A flaw was found in Red Hat Quay. When Red Hat Quay requests password re-verification for sensitive… |
vulnerability |
nvd |
CVE-2026-6848 |
ransomware |
2026-04-22 |
| medium |
CVE-2026-33254 — An attacker can create a large number of concurrent DoQ or DoH3 connections, causing unlimited memor… |
vulnerability |
nvd |
CVE-2026-33254 |
|
2026-04-22 |
| medium |
CVE-2026-33594 — A client can trigger excessive memory allocation by generating a lot of queries that are routed to a… |
vulnerability |
nvd |
CVE-2026-33594 |
|
2026-04-22 |
| medium |
CVE-2026-33595 — A client can trigger excessive memory allocation by generating a lot of errors responses over a sing… |
vulnerability |
nvd |
CVE-2026-33595 |
|
2026-04-22 |
| medium |
CVE-2026-33598 — A cached crafted response can cause an out-of-bounds read if custom Lua code calls getDomainListByAd… |
vulnerability |
nvd |
CVE-2026-33598 |
|
2026-04-22 |
| medium |
CVE-2026-33602 — A rogue backend can send a crafted UDP response with a query ID off by one related to the maximum co… |
vulnerability |
nvd |
CVE-2026-33602 |
|
2026-04-22 |
| medium |
CVE-2026-33609 — Incomplete escaping of LDAP queries when running with 8bit-dns enabled allows users to perform queri… |
vulnerability |
nvd |
CVE-2026-33609 |
|
2026-04-22 |
| medium |
CVE-2026-33610 — A rogue primary server may cause file descriptor exhaustion and eventually a denial of service, when… |
vulnerability |
nvd |
CVE-2026-33610 |
|
2026-04-22 |
| medium |
CVE-2026-33611 — An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS… |
vulnerability |
nvd |
CVE-2026-33611 |
|
2026-04-22 |
| medium |
CVE-2026-6861 — A flaw was found in GNU Emacs. This vulnerability, a memory corruption issue, occurs when Emacs proc… |
vulnerability |
nvd |
CVE-2026-6861 |
|
2026-04-22 |
| medium |
CVE-2026-6862 — A flaw was found in libefiboot, a component of efivar. The device path node parser in libefiboot fai… |
vulnerability |
nvd |
CVE-2026-6862 |
|
2026-04-22 |
| medium |
IR Trends Q1 2026: Phishing reemerges as top initial access vector, as attacks targeting public administration persist |
advisory |
vendor-blogs |
|
phishing |
2026-04-22 |
| medium |
[Podcast] It's not you, it's your printer: State-sponsored and phishing threats in 2025 |
advisory |
vendor-blogs |
|
phishing |
2026-04-21 |
| medium |
Phishing and MFA exploitation: Targeting the keys to the kingdom |
advisory |
vendor-blogs |
|
phishing |
2026-04-21 |
| medium |
payload: undefined |
threat-intel |
threatfox |
|
EnmityStealer, ClickFix, finger-tcp79, fingerfix, win.fingerfix, finger-delivery, Mirax |
2026-04-22 |
| medium |
New NGate variant hides in a trojanized NFC payment app |
threat-intel |
otx |
108.165.230.223 | 6e3eea7fb31b8e81…, d142bb04f32a50db… |
handypay trojanization, brazil targeting, ngate, fake lottery, nfc relay, ai-generated code, pin theft, phantomcard, payment card fraud, ransomware, botnet |
2026-04-21 |
| medium |
March 2026 Phishing Email Trends Report |
threat-intel |
otx |
0e9bd0c9991b21b1… |
agenttesla, phishing email, trojan campaigns, fake invoices, remcosrat, script-based attacks, credential theft, html phishing, phishing, botnet, infostealer |
2026-04-22 |
| medium |
Highly destructive Lotus Wiper used in a targeted attack |
threat-intel |
otx |
c6d0f67db6a7dbf1… |
destructive attack, targeted campaign, critical infrastructure, batch scripts, venezuela, disk wiping, lotus wiper, energy sector, ransomware |
2026-04-21 |
| medium |
Nightmare-Eclipse Tooling Seen in Real-World Intrusion |
threat-intel |
otx |
CVE-2026-33825 | 78.29.48.29, 212.232.23.69 | a2b6c7a9c4490df7… |
undefend, beigeburrow, nightmare-eclipse, cve-2026-33825, redsun, windows defender bypass, bluehammer, fortigate vpn, privilege escalation |
2026-04-20 |
| medium |
macOS ClickFix Campaign: AppleScript Stealers & New Terminal Protections |
threat-intel |
otx |
172.94.9.250, 172.94.9.250 | c07a15640065580e…, e12285f507c847b9… |
clickfix, macos, session hijacking, credential harvesting, cryptocurrency wallet theft, applescript, social engineering, browser data exfiltration, infostealer, phishing |
2026-04-21 |
| medium |
Abusing OAuth Device Code Flow |
threat-intel |
otx |
|
persistent access, microsoft entra id, device code flow, graph api, oauth, phishing, credential theft, token hijacking |
2026-04-20 |
| medium |
StepDrainer MaaS Platform Targeting Multi-Chain Crypto Wallets and NFT Assets |
threat-intel |
otx |
7fd19c564761e2c8… |
smart contract, stager api, stepdrainer, maas, infostealer, crypto |
2026-04-21 |
| medium |
Zero-Day Local Privilege Escalation Exploit |
threat-intel |
otx |
57a70c383feb9af6…, 7933bb74a2b3289e… |
redsun, redsun.exe, microsoft defender, windows, zero-day, system access, privilege escalation, tieringengineservice, filesystem manipulation, zeroday |
2026-04-21 |
| medium |
FlowerStorm Phishing Kit Targeting Microsoft Credentials via Cloudflare-Backed Infrastructure |
threat-intel |
otx |
|
flowerstorm, iocs, cloudflare, phishing |
2026-04-20 |
| medium |
FakeWallet crypto stealer spreading in the App Store |
threat-intel |
otx |
fd0dc5d4bba740c7… |
provisioning profiles, fakewallet, chinese targeting, enterprise certificates, ios, phishing apps, cryptocurrency, sparkkitty, phishing, supply-chain |
2026-04-20 |
| medium |
Untangling a Linux Incident With an OpenAI Twist |
threat-intel |
otx |
CVE-2025-47812 | 62.60.246.210 |
codex ai, multi-actor, living-off-the-land, linux compromise, edr evasion, credential theft, monero mining, cryptominer, phishing |
2026-04-17 |
| medium |
From fake Proton VPN sites to gaming mods, this Windows infostealer is everywhere |
threat-intel |
otx |
e97cb6cbcf2583fe…, 15b2bb2a3d57e255… |
nwhstealer, fake vpn, dll hijacking, infostealer, process injection, cryptocurrency wallet theft, browser data theft, uac bypass, cryptocurrency theft, fake websites, botnet |
2026-04-17 |
| medium |
Operation PhantomCLR: Stealth Execution via AppDomain Hijacking and In-Memory .NET Abuse |
threat-intel |
otx |
f2266b45d60f5443…, c84e5bb76d90607b… |
financial sector, reflective loading, jit trampolining, middle east targeting, cloudfront domain fronting, syscall usage, sandbox evasion, appdomainmanager hijacking, apt, phishing, botnet |
2026-04-18 |
| medium |
CVE-2026-33017: How attackers compromised Langflow AI pipelines in 20 hours |
threat-intel |
otx |
CVE-2025-3248, CVE-2026-33017 |
cve-2026-33017, exploitation, data exfiltration, langflow, vulnerability, ai, rce, honeypot, supply-chain |
2026-03-20 |
| medium |
Joomla SEO Spam Injector: Obfuscated PHP Backdoor Hijacking Site Visitors |
threat-intel |
otx |
|
obfuscation, php backdoor, dynamic content injection, remote loader, joomla, search engine manipulation, command-and-control, seo spam, ransomware, botnet |
2026-04-17 |
| medium |
Direct-Sys Loader and CGrabber Stealer Five-Stage Malware Chain |
threat-intel |
otx |
fd8bba8b570050cb…, ed770654eb36947e… |
information stealer, cryptocurrency theft, syscall, direct-sys loader, cgrabber stealer, anti-analysis, dll sideloading, github distribution |
2026-04-17 |
| medium |
Beyond the breach: inside a cargo theft actor's post-compromise playbook |
threat-intel |
otx |
f4977bfeae2a957a…, 03b8a9da7ca89c13… |
cargo theft, freight fraud, screenconnect, rmm tools, transportation targeting, cryptocurrency stealer, load board compromise, signing-as-a-service, ransomware |
2026-04-16 |
| medium |
CVE-2026-39987 update: How attackers weaponized marimo to deploy a blockchain botnet via HuggingFace |
threat-intel |
otx |
CVE-2017-5638, CVE-2026-39987 | 111.90.145.139, 160.30.128.96, 185.225.17.176, 38.147.173.172, 120.227.46.184, 185.187.207.193, 45.147.97.11, 60.249.14.39, 92.208.115.60 | f2960805f89990cb…, bdcb5867f73beae8… |
huggingface, cve-2026-39987, nkn blockchain, marimo, botnet, rce, supply-chain |
2026-04-16 |
| medium |
Silent Crypto Wallet Takeover Unlimited USDT Approval Exploitation via Trust Wallet QR Code Phishing |
threat-intel |
otx |
|
crypto drainer, qr code phishing, token approval abuse, trust wallet, drainer-as-a-service, usdt, telegram bot, deep link exploitation, bnb smart chain, phishing |
2026-04-15 |
| medium |
[Webinar] Eliminate Ghost Identities Before They Expose Your Enterprise Data |
news |
general-news |
|
phishing |
2026-04-18 |
| medium |
Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Finance, Crypto Attacks |
news |
general-news |
|
phishing |
2026-04-16 |
| medium |
n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails |
news |
general-news |
|
phishing |
2026-04-15 |
| medium |
Tycoon 2FA Phishers Scatter, Adopt Device Code Phishing |
news |
general-news |
|
phishing |
2026-04-17 |
| medium |
Surge in Silent Subject Phishing Attacks Targets VIP Users |
news |
general-news |
|
phishing |
2026-04-22 |
| low |
CVE-2025-52641 — HCL AION is affected by a vulnerability where certain system behaviours may allow exploration of int… |
vulnerability |
nvd |
CVE-2025-52641 |
|
2026-04-15 |
| low |
CVE-2026-27769 — Mattermost versions 10.11.x <= 10.11.12 fail to validate whether users were correctly owned by the c… |
vulnerability |
nvd |
CVE-2026-27769 |
ransomware |
2026-04-15 |
| low |
CVE-2026-33212 — Weblate is a web based localization tool. In versions prior to 5.17, the tasks API didn't verify use… |
vulnerability |
nvd |
CVE-2026-33212 |
|
2026-04-15 |
| low |
CVE-2026-21727 — --- title: Cross-Tenant Legacy Correlation Disclosure and Deletion draft: false hero: image: /static… |
vulnerability |
nvd |
CVE-2026-21727 |
|
2026-04-15 |
| low |
CVE-2026-6312 — Insufficient policy enforcement in Passwords in Google Chrome prior to 147.0.7727.101 allowed a remo… |
vulnerability |
nvd |
CVE-2026-6312 |
|
2026-04-15 |
| low |
CVE-2026-6313 — Insufficient policy enforcement in CORS in Google Chrome prior to 147.0.7727.101 allowed a remote at… |
vulnerability |
nvd |
CVE-2026-6313 |
|
2026-04-15 |
| low |
CVE-2026-40947 — Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an u… |
vulnerability |
nvd |
CVE-2026-40947 |
|
2026-04-16 |
| low |
CVE-2026-40505 — MuPDF before 1.27 contains an ANSI injection vulnerability in mutool that allows attackers to inject… |
vulnerability |
nvd |
CVE-2026-40505 |
ransomware, phishing |
2026-04-16 |
| low |
CVE-2026-3155 — The OneSignal – Web Push Notifications plugin for WordPress is vulnerable to authorization bypass in… |
vulnerability |
nvd |
CVE-2026-3155 |
|
2026-04-16 |
| low |
CVE-2026-41080 — libexpat before 2.7.6 uses insufficient entropy, and thus hash flooding can occur via a crafted XML… |
vulnerability |
nvd |
CVE-2026-41080 |
|
2026-04-16 |
| low |
CVE-2026-40263 — Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the login endpoin… |
vulnerability |
nvd |
CVE-2026-40263 |
|
2026-04-17 |
| low |
CVE-2026-6486 — A vulnerability was detected in classroombookings up to 2.17.0. This impacts the function read of th… |
vulnerability |
nvd |
CVE-2026-6486 |
ransomware |
2026-04-17 |
| low |
CVE-2026-6493 — A flaw has been found in lukevella rallly up to 4.7.4. This affects an unknown function of the file… |
vulnerability |
nvd |
CVE-2026-6493 |
|
2026-04-17 |
| low |
CVE-2026-33436 — Stirling-PDF is a locally hosted web application that facilitates various operations on PDF files. I… |
vulnerability |
nvd |
CVE-2026-33436 |
|
2026-04-17 |
| low |
CVE-2026-40334 — libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, a missing… |
vulnerability |
nvd |
CVE-2026-40334 |
|
2026-04-18 |
| low |
CVE-2026-40336 — libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have a memory… |
vulnerability |
nvd |
CVE-2026-40336 |
botnet |
2026-04-18 |
| low |
CVE-2026-40341 — libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, an out of… |
vulnerability |
nvd |
CVE-2026-40341 |
|
2026-04-18 |
| low |
CVE-2026-32690 — Secrets in Variables saved as JSON dictionaries were not properly redacted - in case thee variables… |
vulnerability |
nvd |
CVE-2026-32690 |
|
2026-04-18 |
| low |
CVE-2026-6570 — A security flaw has been discovered in kodcloud KodExplorer up to 4.52. Affected is the function ini… |
vulnerability |
nvd |
CVE-2026-6570 |
|
2026-04-19 |
| low |
CVE-2026-6592 — A vulnerability has been found in ComfyUI up to 0.13.0. Affected by this vulnerability is the functi… |
vulnerability |
nvd |
CVE-2026-6592 |
|
2026-04-20 |
| low |
CVE-2026-6593 — A vulnerability was found in ComfyUI up to 0.13.0. Affected by this issue is some unknown functional… |
vulnerability |
nvd |
CVE-2026-6593 |
|
2026-04-20 |
| low |
CVE-2026-6597 — A weakness has been identified in langflow-ai langflow up to 1.8.3. Impacted is the function remove_… |
vulnerability |
nvd |
CVE-2026-6597 |
|
2026-04-20 |
| low |
CVE-2026-6600 — A flaw has been found in langflow-ai langflow up to 1.8.3. This affects an unknown function of the f… |
vulnerability |
nvd |
CVE-2026-6600 |
|
2026-04-20 |
| low |
CVE-2026-6610 — A vulnerability has been found in liangliangyy DjangoBlog up to 2.1.0.0. The impacted element is an… |
vulnerability |
nvd |
CVE-2026-6610 |
|
2026-04-20 |
| low |
CVE-2026-6611 — A vulnerability was found in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknown function… |
vulnerability |
nvd |
CVE-2026-6611 |
|
2026-04-20 |
| low |
CVE-2026-6619 — A vulnerability has been found in langgenius dify up to 1.13.3. Impacted is the function openInNewTa… |
vulnerability |
nvd |
CVE-2026-6619 |
|
2026-04-20 |
| low |
CVE-2026-6622 — A vulnerability was identified in BichitroGan ISP Billing Software 2025.3.20. This affects an unknow… |
vulnerability |
nvd |
CVE-2026-6622 |
|
2026-04-20 |
| low |
CVE-2026-6623 — A security flaw has been discovered in BichitroGan ISP Billing Software 2025.3.20. This impacts an u… |
vulnerability |
nvd |
CVE-2026-6623 |
|
2026-04-20 |
| low |
CVE-2026-6624 — A weakness has been identified in BichitroGan ISP Billing Software 2025.3.20. Affected is an unknown… |
vulnerability |
nvd |
CVE-2026-6624 |
|
2026-04-20 |
| low |
CVE-2026-6633 — A security flaw has been discovered in Yifang CMS up to 2.0.5. The impacted element is the function… |
vulnerability |
nvd |
CVE-2026-6633 |
|
2026-04-20 |
| low |
CVE-2026-6648 — A vulnerability was found in Qibo CMS 1.0. Affected by this vulnerability is an unknown functionalit… |
vulnerability |
nvd |
CVE-2026-6648 |
|
2026-04-20 |
| low |
CVE-2026-6651 — A security flaw has been discovered in erponline.xyz ERP Online up to 4.0.0. This vulnerability affe… |
vulnerability |
nvd |
CVE-2026-6651 |
|
2026-04-20 |
| low |
CVE-2026-39396 — OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, `Extract… |
vulnerability |
nvd |
CVE-2026-39396 |
|
2026-04-21 |
| low |
CVE-2026-31369 — PcManager is affected by type privilege bypass, successful exploitation of this vulnerability may af… |
vulnerability |
nvd |
CVE-2026-31369 |
|
2026-04-21 |
| low |
CVE-2025-31958 — HCL BigFix Service Management is susceptible to HTTP Request Smuggling. HTTP request smuggling vulne… |
vulnerability |
nvd |
CVE-2025-31958 |
|
2026-04-21 |
| low |
CVE-2026-27937 — October is a Content Management System (CMS) and web platform. Prior to 3.7.16 and 4.1.16, a reflect… |
vulnerability |
nvd |
CVE-2026-27937 |
|
2026-04-21 |
| low |
CVE-2026-29179 — October is a Content Management System (CMS) and web platform. Prior to 3.7.16 and 4.1.16, fine-grai… |
vulnerability |
nvd |
CVE-2026-29179 |
|
2026-04-21 |
| low |
CVE-2026-40279 — BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3,… |
vulnerability |
nvd |
CVE-2026-40279 |
|
2026-04-21 |
| low |
CVE-2026-6743 — A vulnerability has been found in WebSystems WebTOTUM 2026. This impacts an unknown function of the… |
vulnerability |
nvd |
CVE-2026-6743 |
|
2026-04-21 |
| low |
CVE-2026-6745 — A vulnerability was determined in Bagisto up to 2.3.15. Affected by this vulnerability is an unknown… |
vulnerability |
nvd |
CVE-2026-6745 |
|
2026-04-21 |
| low |
CVE-2026-22008 — Vulnerability in Oracle Java SE (component: Libraries). The supported version that is affected is Or… |
vulnerability |
nvd |
CVE-2026-22008 |
|
2026-04-21 |
| low |
CVE-2026-22014 — Vulnerability in the Oracle User Management product of Oracle E-Business Suite (component: Workflow… |
vulnerability |
nvd |
CVE-2026-22014 |
|
2026-04-21 |
| low |
CVE-2026-34312 — Vulnerability in the RDBMS component of Oracle Database Server. Supported versions that are affected… |
vulnerability |
nvd |
CVE-2026-34312 |
|
2026-04-21 |
| low |
CVE-2026-6830 — nesquena hermes-webui contains an environment variable leakage vulnerability where profile switching… |
vulnerability |
nvd |
CVE-2026-6830 |
|
2026-04-21 |
| low |
CVE-2026-41144 — F´ (F Prime) is a framework that enables development and deployment of spaceflight and other embedde… |
vulnerability |
nvd |
CVE-2026-41144 |
rce |
2026-04-22 |
| low |
CVE-2026-6392 — Tanium addressed an information disclosure vulnerability in Threat Response. |
vulnerability |
nvd |
CVE-2026-6392 |
|
2026-04-22 |
| low |
CVE-2026-6408 — Tanium addressed an information disclosure vulnerability in Tanium Server. |
vulnerability |
nvd |
CVE-2026-6408 |
|
2026-04-22 |
| low |
CVE-2026-6416 — Tanium addressed an uncontrolled resource consumption vulnerability in Interact. |
vulnerability |
nvd |
CVE-2026-6416 |
|
2026-04-22 |
| low |
CVE-2026-22746 — Vulnerability in Spring Spring Security. If an application is using the UserDetails#isEnabled, #isAc… |
vulnerability |
nvd |
CVE-2026-22746 |
|
2026-04-22 |
| low |
CVE-2026-6842 — A flaw was found in nano. In environments with permissive umask settings, a local attacker can explo… |
vulnerability |
nvd |
CVE-2026-6842 |
|
2026-04-22 |
| low |
CVE-2026-33596 — A client might theoretically be able to cause a mismatch between queries sent to a backend and the r… |
vulnerability |
nvd |
CVE-2026-33596 |
|
2026-04-22 |
| low |
CVE-2026-33597 — PRSD detection denial of service |
vulnerability |
nvd |
CVE-2026-33597 |
|
2026-04-22 |
| low |
CVE-2026-33599 — A rogue backend can send a crafted SVCB response to a Discovery of Designated Resolvers request, whe… |
vulnerability |
nvd |
CVE-2026-33599 |
|
2026-04-22 |
| unknown |
CISA Adds Eight Known Exploited Vulnerabilities to Catalog |
advisory |
cisa-advisories |
|
|
2026-04-20 |
| unknown |
CISA Adds One Known Exploited Vulnerability to Catalog |
advisory |
cisa-advisories |
|
|
2026-04-16 |
| unknown |
CVE-2026-40499 — radare2 prior to version 6.1.4 contains a command injection vulnerability in the PDB parser's print_… |
vulnerability |
nvd |
CVE-2026-40499 |
|
2026-04-15 |
| unknown |
CVE-2026-6328 — Improper input validation, Improper verification of cryptographic signature vulnerability in XQUIC P… |
vulnerability |
nvd |
CVE-2026-6328 |
|
2026-04-15 |
| unknown |
CVE-2026-26291 — Stored cross-site scripting vulnerability exists in GROWI v7.4.6 and earlier. If this vulnerability… |
vulnerability |
nvd |
CVE-2026-26291 |
|
2026-04-15 |
| unknown |
CVE-2025-14813 — Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. B… |
vulnerability |
nvd |
CVE-2025-14813, CVE-2026-5588 |
|
2026-04-15 |
| unknown |
CVE-2026-0636 — Improper neutralization of special elements used in an LDAP query ('LDAP injection') vulnerability i… |
vulnerability |
nvd |
CVE-2026-0636 |
|
2026-04-15 |
| unknown |
CVE-2026-33808 — Impact@fastify/express v4.0.4 and earlier fails to normalize URLs before passing them to Express mid… |
vulnerability |
nvd |
CVE-2026-33808 |
|
2026-04-15 |
| unknown |
CVE-2026-3505 — Allocation of resources without limits or throttling, Uncontrolled Resource Consumption vulnerabilit… |
vulnerability |
nvd |
CVE-2026-3505 |
|
2026-04-15 |
| unknown |
CVE-2026-5598 — Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all (core mo… |
vulnerability |
nvd |
CVE-2026-5598 |
|
2026-04-15 |
| unknown |
CVE-2026-33805 — @fastify/reply-from v12.6.1 and earlier and @fastify/http-proxy v11.4.3 and earlier process the clie… |
vulnerability |
nvd |
CVE-2026-33805 |
|
2026-04-15 |
| unknown |
CVE-2026-4667 — HP System Optimizer might potentially be vulnerable to escalation of privilege. HP is releasing an u… |
vulnerability |
nvd |
CVE-2026-4667 |
|
2026-04-15 |
| unknown |
CVE-2026-5387 — The vulnerability, if exploited, could allow an unauthenticated miscreant to perform operations inte… |
vulnerability |
nvd |
CVE-2026-5387 |
|
2026-04-15 |
| unknown |
CVE-2025-15610 — Deserialization of untrusted data vulnerability in OpenText, Inc RightFax on Windows, 64 bit, 32 bit… |
vulnerability |
nvd |
CVE-2025-15610 |
|
2026-04-15 |
| unknown |
CVE-2026-5189 — CWE-798: Use of Hard-coded Credentials in Sonatype Nexus Repository Manager versions 3.0.0 through 3… |
vulnerability |
nvd |
CVE-2026-5189 |
|
2026-04-15 |
| unknown |
CVE-2026-6398 — Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in… |
vulnerability |
nvd |
CVE-2026-6398, CVE-2026-5968 |
|
2026-04-15 |
| unknown |
CVE-2026-1564 — Pega Platform versions 8.1.0 through 25.1.1 are affected by an HTML Injection vulnerability in a use… |
vulnerability |
nvd |
CVE-2026-1564 |
|
2026-04-15 |
| unknown |
CVE-2026-1711 — Pega Platform versions 8.1.0 through 25.1.1 are affected by a Stored Cross-Site Scripting vulnerabil… |
vulnerability |
nvd |
CVE-2026-1711 |
|
2026-04-15 |
| unknown |
CVE-2026-40179 — Prometheus is an open-source monitoring system and time series database. Versions 3.0 through 3.5.1… |
vulnerability |
nvd |
CVE-2026-40179 |
|
2026-04-15 |
| unknown |
CVE-2026-40192 — Pillow is a Python imaging library. Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-… |
vulnerability |
nvd |
CVE-2026-40192 |
|
2026-04-15 |
| unknown |
CVE-2026-5363 — Inadequate Encryption Strength vulnerability in TP-Link Archer C7 v5 and v5.8 (uhttpd modules) allow… |
vulnerability |
nvd |
CVE-2026-5363 |
|
2026-04-16 |
| unknown |
CVE-2026-1880 — An Incorrect Permission Assignment for Critical Resource vulnerability in the ASUS DriverHub update… |
vulnerability |
nvd |
CVE-2026-1880 |
|
2026-04-16 |
| unknown |
CVE-2026-3428 — A Download of Code Without Integrity Check vulnerability in the update modules in ASUS Member Center… |
vulnerability |
nvd |
CVE-2026-3428 |
|
2026-04-16 |
| unknown |
CVE-2026-6349 — The iSherlock developed by HGiga has an OS Command Injection vulnerability, allowing unauthenticated… |
vulnerability |
nvd |
CVE-2026-6349 |
|
2026-04-16 |
| unknown |
CVE-2026-40118 — UDP Console provided by Arcserve contains an incorrectly specified destination in a communication ch… |
vulnerability |
nvd |
CVE-2026-40118 |
|
2026-04-16 |
| unknown |
CVE-2025-15621 — Insufficiently Protected Credentials in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client do… |
vulnerability |
nvd |
CVE-2025-15621 |
|
2026-04-16 |
| unknown |
CVE-2026-6409 — A Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of unt… |
vulnerability |
nvd |
CVE-2026-6409 |
|
2026-04-16 |
| unknown |
CVE-2026-27820 — zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3… |
vulnerability |
nvd |
CVE-2026-27820 |
|
2026-04-16 |
| unknown |
CVE-2026-2336 — A privilege escalation vulnerability in Microchip IStaX allows an authenticated low-privileged user… |
vulnerability |
nvd |
CVE-2026-2336 |
|
2026-04-16 |
| unknown |
CVE-2025-54510 — A missing lock verification in AMD Secure Processor (ASP) firmware may permit a locally authenticate… |
vulnerability |
nvd |
CVE-2025-54510 |
|
2026-04-16 |
| unknown |
CVE-2025-54502 — Incorrect use of boot service in the AMD Platform Configuration Blob (APCB) SMM driver could allow a… |
vulnerability |
nvd |
CVE-2025-54502 |
|
2026-04-16 |
| unknown |
CVE-2026-35469 — spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and bel… |
vulnerability |
nvd |
CVE-2026-35469 |
|
2026-04-16 |
| unknown |
CVE-2026-39313 — mcp-framework is a framework for building Model Context Protocol (MCP) servers. In versions 0.2.21 a… |
vulnerability |
nvd |
CVE-2026-39313 |
|
2026-04-16 |
| unknown |
CVE-2026-40308 — My Calendar is a WordPress plugin for managing calendar events. In versions 3.7.6 and below, the mc_… |
vulnerability |
nvd |
CVE-2026-40308 |
|
2026-04-16 |
| unknown |
CVE-2026-40260 — pypdf is a free and open-source pure-python PDF library. In versions prior to 6.10.0, manipulated XM… |
vulnerability |
nvd |
CVE-2026-40260 |
|
2026-04-17 |
| unknown |
CVE-2026-21719 — An OS command injection vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with… |
vulnerability |
nvd |
CVE-2026-21719 |
|
2026-04-17 |
| unknown |
CVE-2026-35496 — A path traversal vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an adm… |
vulnerability |
nvd |
CVE-2026-35496 |
|
2026-04-17 |
| unknown |
CVE-2026-6482 — The Rapid7 Insight Agent (versions > 4.1.0.2) is vulnerable to a local privilege escalation attack t… |
vulnerability |
nvd |
CVE-2026-6482 |
|
2026-04-17 |
| unknown |
CVE-2025-15622 — Insufficiently Protected Credentials vulnerability in Sparx Systems Pty Ltd. Sparx Enterprise Archit… |
vulnerability |
nvd |
CVE-2025-15622 |
|
2026-04-17 |
| unknown |
CVE-2025-15623 — Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System In… |
vulnerability |
nvd |
CVE-2025-15623 |
|
2026-04-17 |
| unknown |
CVE-2025-15624 — Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server. In a… |
vulnerability |
nvd |
CVE-2025-15624 |
|
2026-04-17 |
| unknown |
CVE-2025-15625 — Unauthenticated user is able to execute arbitrary SQL commands in Sparx Pro Cloud Server database in… |
vulnerability |
nvd |
CVE-2025-15625 |
|
2026-04-17 |
| unknown |
CVE-2026-5131 — GREENmod uses named pipes for communication between plugins, the web portal, and the system service,… |
vulnerability |
nvd |
CVE-2026-5131 |
|
2026-04-17 |
| unknown |
CVE-2026-40319 — Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the RegexMa… |
vulnerability |
nvd |
CVE-2026-40319 |
|
2026-04-17 |
| unknown |
CVE-2026-40320 — Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the Conform… |
vulnerability |
nvd |
CVE-2026-40320 |
|
2026-04-17 |
| unknown |
CVE-2026-32105 — xrdp is an open source RDP server. In versions through 0.10.5, xrdp does not implement verification… |
vulnerability |
nvd |
CVE-2026-32105 |
|
2026-04-17 |
| unknown |
CVE-2026-33516 — xrdp is an open source RDP server. Versions through 0.10.5 contain an out-of-bounds read vulnerabili… |
vulnerability |
nvd |
CVE-2026-33516 |
|
2026-04-17 |
| unknown |
CVE-2026-33689 — xrdp is an open source RDP server. Versions through 0.10.5 have an out-of-bounds read vulnerability… |
vulnerability |
nvd |
CVE-2026-33689 |
|
2026-04-17 |
| unknown |
CVE-2026-35402 — mcp-neo4j-cypher is an MCP server for executing Cypher queries against Neo4j databases. In versions… |
vulnerability |
nvd |
CVE-2026-35402 |
|
2026-04-17 |
| unknown |
CVE-2026-35603 — Claude Code is an agentic coding tool. In versions prior to 2.1.75 on Windows, Claude Code loaded th… |
vulnerability |
nvd |
CVE-2026-35603 |
|
2026-04-17 |
| unknown |
CVE-2026-40299 — next-intl provides internationalization for Next.js. Applications using the `next-intl` middleware p… |
vulnerability |
nvd |
CVE-2026-40299 |
|
2026-04-17 |
| unknown |
CVE-2026-29013 — libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling wher… |
vulnerability |
nvd |
CVE-2026-29013 |
|
2026-04-17 |
| unknown |
CVE-2026-40353 — wger is a free, open-source workout and fitness manager. In versions 2.5 and below, the attribution_… |
vulnerability |
nvd |
CVE-2026-40353 |
|
2026-04-17 |
| unknown |
CVE-2026-40476 — graphql-go is a Go implementation of GraphQL. In versions 15.31.4 and below, the OverlappingFieldsCa… |
vulnerability |
nvd |
CVE-2026-40476 |
|
2026-04-17 |
| unknown |
CVE-2026-5720 — miniupnpd contains an integer underflow vulnerability in SOAPAction header parsing that allows remot… |
vulnerability |
nvd |
CVE-2026-5720 |
|
2026-04-17 |
| unknown |
CVE-2026-40481 — monetr is a budgeting application for recurring expenses. In versions 1.12.3 and below, the public S… |
vulnerability |
nvd |
CVE-2026-40481 |
|
2026-04-17 |
| unknown |
CVE-2026-5250 — Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. |
vulnerability |
nvd |
CVE-2026-5250, CVE-2026-6056, CVE-2026-4872 |
|
2026-04-17 |
| unknown |
CVE-2026-40323 — SP1 is a zero‑knowledge virtual machine that proves the correct execution of programs compiled for t… |
vulnerability |
nvd |
CVE-2026-40323 |
|
2026-04-18 |
| unknown |
CVE-2026-40346 — NocoBase is an AI-powered no-code/low-code platform for building business applications and enterpris… |
vulnerability |
nvd |
CVE-2026-40346 |
|
2026-04-18 |
| unknown |
CVE-2026-40480 — ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the GET /api/perso… |
vulnerability |
nvd |
CVE-2026-40480 |
|
2026-04-18 |
| unknown |
CVE-2026-40482 — ChurchCRM is an open-source church management system. Versions prior to 7.2.0 have SQL injection in… |
vulnerability |
nvd |
CVE-2026-40482 |
|
2026-04-18 |
| unknown |
CVE-2026-40582 — ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the /api/public/us… |
vulnerability |
nvd |
CVE-2026-40582 |
|
2026-04-18 |
| unknown |
CVE-2026-40489 — editorconfig-core-c is an EditorConfig core library for use by plugins supporting EditorConfig parsi… |
vulnerability |
nvd |
CVE-2026-40489 |
|
2026-04-18 |
| unknown |
CVE-2026-41242 — protobufjs compiles protobuf definitions into JavaScript (JS) functions. In versions prior to 8.0.1… |
vulnerability |
nvd |
CVE-2026-41242 |
|
2026-04-18 |
| unknown |
CVE-2026-32963 — SD-330AC and AMC Manager provided by silex technology, Inc. contain a reflected cross-site scripting… |
vulnerability |
nvd |
CVE-2026-32963 |
|
2026-04-20 |
| unknown |
CVE-2026-39454 — SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. configure the installation folder… |
vulnerability |
nvd |
CVE-2026-39454 |
|
2026-04-20 |
| unknown |
CVE-2025-13480 — Fudo Enterprise in versions from 5.5.0 through 5.6.2 allows low privileged users to access certain a… |
vulnerability |
nvd |
CVE-2025-13480 |
|
2026-04-20 |
| unknown |
CVE-2026-31429 — In the Linux kernel, the following vulnerability has been resolved: net: skb: fix cross-cache free o… |
vulnerability |
nvd |
CVE-2026-31429 |
|
2026-04-20 |
| unknown |
CVE-2026-31430 — In the Linux kernel, the following vulnerability has been resolved: X.509: Fix out-of-bounds access… |
vulnerability |
nvd |
CVE-2026-31430 |
|
2026-04-20 |
| unknown |
CVE-2026-5958 — When sed is invoked with both -i (in-place edit) and --follow-symlinks, the function open_next_file(… |
vulnerability |
nvd |
CVE-2026-5958 |
|
2026-04-20 |
| unknown |
CVE-2026-6369 — An improper access control vulnerability in the canonical-livepatch snap client prior to version 10.… |
vulnerability |
nvd |
CVE-2026-6369 |
|
2026-04-20 |
| unknown |
CVE-2026-3219 — pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is… |
vulnerability |
nvd |
CVE-2026-3219 |
|
2026-04-20 |
| unknown |
CVE-2026-23758 — GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the ticket subjec… |
vulnerability |
nvd |
CVE-2026-23758 |
|
2026-04-20 |
| unknown |
CVE-2025-11249 — Rejected reason: This CVE id was assigned as a duplicate of CVE-2025-66414. |
vulnerability |
nvd |
CVE-2025-11249 |
|
2026-04-20 |
| unknown |
CVE-2026-32135 — NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Versions prior to 0.24.11 have… |
vulnerability |
nvd |
CVE-2026-32135 |
|
2026-04-20 |
| unknown |
CVE-2026-32311 — Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, tr… |
vulnerability |
nvd |
CVE-2026-32311 |
|
2026-04-20 |
| unknown |
CVE-2026-33031 — Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, a user who was di… |
vulnerability |
nvd |
CVE-2026-33031 |
|
2026-04-20 |
| unknown |
CVE-2026-33431 — Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to vers… |
vulnerability |
nvd |
CVE-2026-33431 |
|
2026-04-20 |
| unknown |
CVE-2026-33432 — Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions u… |
vulnerability |
nvd |
CVE-2026-33432 |
|
2026-04-20 |
| unknown |
CVE-2026-34403 — Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.5, all WebSocket end… |
vulnerability |
nvd |
CVE-2026-34403 |
|
2026-04-20 |
| unknown |
CVE-2026-5358 — Rejected reason: REJECTED: CVE-2026-5358 is rejected for two reasons. Firstly it has been discovered… |
vulnerability |
nvd |
CVE-2026-5358 |
|
2026-04-20 |
| unknown |
CVE-2026-0930 — Potential read out of bounds case with wolfSSHd on Windows while handling a terminal resize request.… |
vulnerability |
nvd |
CVE-2026-0930 |
|
2026-04-20 |
| unknown |
CVE-2026-22051 — StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9.0.13 and 12.0.0.6 are susceptible… |
vulnerability |
nvd |
CVE-2026-22051 |
|
2026-04-20 |
| unknown |
CVE-2026-34082 — Dify is an open-source LLM app development platform. Prior to 1.13.1, the method `DELETE /console/ap… |
vulnerability |
nvd |
CVE-2026-34082 |
|
2026-04-20 |
| unknown |
CVE-2026-34839 — Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Glances… |
vulnerability |
nvd |
CVE-2026-34839 |
|
2026-04-21 |
| unknown |
CVE-2026-35587 — Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, a Server-Si… |
vulnerability |
nvd |
CVE-2026-35587 |
|
2026-04-21 |
| unknown |
CVE-2026-39388 — OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, OpenBao'… |
vulnerability |
nvd |
CVE-2026-39388 |
|
2026-04-21 |
| unknown |
CVE-2026-39861 — Claude Code is an agentic coding tool. Prior to version 2.1.64, Claude Code's sandbox did not preven… |
vulnerability |
nvd |
CVE-2026-39861 |
|
2026-04-21 |
| unknown |
CVE-2026-39946 — OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, when Ope… |
vulnerability |
nvd |
CVE-2026-39946 |
|
2026-04-21 |
| unknown |
CVE-2026-40264 — OpenBao is an open source identity-based secrets management system. OpenBao's namespaces provide mul… |
vulnerability |
nvd |
CVE-2026-40264 |
|
2026-04-21 |
| unknown |
CVE-2026-39866 — Lawnchair is a free, open-source home app for Android. Prior to commit fcba413f55dd47f8a392144525284… |
vulnerability |
nvd |
CVE-2026-39866 |
|
2026-04-21 |
| unknown |
CVE-2026-40496 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, attachment d… |
vulnerability |
nvd |
CVE-2026-40496 |
|
2026-04-21 |
| unknown |
CVE-2025-13826 — Zervit's portable HTTP/web server is vulnerable to remote DoS attacks when a configuration reset req… |
vulnerability |
nvd |
CVE-2025-13826 |
|
2026-04-21 |
| unknown |
CVE-2026-3317 — Reflected Cross-Site Scripting (XSS) vulnerability in Navigate Content Management System. The vulner… |
vulnerability |
nvd |
CVE-2026-3317 |
|
2026-04-21 |
| unknown |
CVE-2026-41037 — This vulnerability exists in Quantum Networks router due to missing rate limiting and CAPTCHA protec… |
vulnerability |
nvd |
CVE-2026-41037 |
|
2026-04-21 |
| unknown |
CVE-2026-6553 — Changing backend users' passwords via the user settings module results in storing the cleartext pass… |
vulnerability |
nvd |
CVE-2026-6553 |
|
2026-04-21 |
| unknown |
CVE-2026-41038 — This vulnerability exists in Quantum Networks router due to lack of enforcement of strong password p… |
vulnerability |
nvd |
CVE-2026-41038 |
|
2026-04-21 |
| unknown |
CVE-2026-41039 — This vulnerability exists in Quantum Networks router due to improper access control and insecure def… |
vulnerability |
nvd |
CVE-2026-41039 |
|
2026-04-21 |
| unknown |
CVE-2026-32147 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erla… |
vulnerability |
nvd |
CVE-2026-32147 |
|
2026-04-21 |
| unknown |
CVE-2026-6756 — Mitigation bypass in Firefox for Android. This vulnerability was fixed in Firefox 150. |
vulnerability |
nvd |
CVE-2026-6756 |
|
2026-04-21 |
| unknown |
CVE-2026-6757 — Invalid pointer in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 15… |
vulnerability |
nvd |
CVE-2026-6757 |
|
2026-04-21 |
| unknown |
CVE-2026-6762 — Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firef… |
vulnerability |
nvd |
CVE-2026-6762 |
|
2026-04-21 |
| unknown |
CVE-2025-10354 — Cross-Site Scripting (XSS) vulnerability reflected in Semantic MediaWiki. This vulnerability allows… |
vulnerability |
nvd |
CVE-2025-10354 |
|
2026-04-21 |
| unknown |
CVE-2026-3298 — The method "sock_recvfrom_into()" of "asyncio.ProacterEventLoop" (Windows only) was missing a bounda… |
vulnerability |
nvd |
CVE-2026-3298 |
|
2026-04-21 |
| unknown |
CVE-2026-5789 — Vulnerability related to an unquoted search path in CivetWeb v1.16. This vulnerability allows a loca… |
vulnerability |
nvd |
CVE-2026-5789 |
|
2026-04-21 |
| unknown |
CVE-2025-41011 — HTML injection vulnerability in PHP Point of Sale v19.4. This vulnerability allows an attacker to re… |
vulnerability |
nvd |
CVE-2025-41011 |
|
2026-04-21 |
| unknown |
CVE-2025-41029 — SQL injection vulnerability in Zeon Academy Pro by Zeon Global Tech. This vulnerability allows an at… |
vulnerability |
nvd |
CVE-2025-41029 |
|
2026-04-21 |
| unknown |
CVE-2026-30452 — Textpattern CMS 4.9.0 contains a Broken Access Control vulnerability in the article management syste… |
vulnerability |
nvd |
CVE-2026-30452 |
|
2026-04-21 |
| unknown |
CVE-2026-38835 — Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the formSetUSB… |
vulnerability |
nvd |
CVE-2026-38835 |
|
2026-04-21 |
| unknown |
CVE-2026-40570 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, the `load_cu… |
vulnerability |
nvd |
CVE-2026-40570 |
|
2026-04-21 |
| unknown |
CVE-2026-40583 — UltraDAG is a minimal DAG-BFT blockchain in Rust. In version 0.1, a non-council attacker can submit… |
vulnerability |
nvd |
CVE-2026-40583 |
|
2026-04-21 |
| unknown |
CVE-2026-40599 — ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies.… |
vulnerability |
nvd |
CVE-2026-40599, CVE-2026-40604 |
|
2026-04-21 |
| unknown |
CVE-2026-40614 — PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier,… |
vulnerability |
nvd |
CVE-2026-40614, CVE-2026-40892 |
|
2026-04-21 |
| unknown |
CVE-2026-40865 — Horilla is a free and open source Human Resource Management System (HRMS). In 1.5.0, an insecure dir… |
vulnerability |
nvd |
CVE-2026-40865, CVE-2026-40866 |
|
2026-04-21 |
| unknown |
CVE-2026-40867 — Horilla is a free and open source Human Resource Management System (HRMS). In 1.5.0, a broken access… |
vulnerability |
nvd |
CVE-2026-40867 |
|
2026-04-21 |
| unknown |
CVE-2026-41456 — Bludit CMS prior to commit 6732dde contains a reflected cross-site scripting vulnerability in the se… |
vulnerability |
nvd |
CVE-2026-41456 |
|
2026-04-21 |
| unknown |
CVE-2026-33813 — Parsing a WEBP image with an invalid, large size panics on 32-bit platforms. |
vulnerability |
nvd |
CVE-2026-33813 |
|
2026-04-21 |
| unknown |
CVE-2026-40872 — mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 20… |
vulnerability |
nvd |
CVE-2026-40872, CVE-2026-40873, CVE-2026-40874, CVE-2026-40875, CVE-2026-40878 |
|
2026-04-21 |
| unknown |
CVE-2026-40876 — goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs contains an SFTP root escape… |
vulnerability |
nvd |
CVE-2026-40876 |
|
2026-04-21 |
| unknown |
CVE-2026-40880 — ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and zebra-consensus ve… |
vulnerability |
nvd |
CVE-2026-40880 |
|
2026-04-21 |
| unknown |
CVE-2026-40881 — ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-network vers… |
vulnerability |
nvd |
CVE-2026-40881 |
|
2026-04-21 |
| unknown |
CVE-2026-40883 — goshs is a SimpleHTTPServer written in Go. From 2.0.0-beta.4 to 2.0.0-beta.5, goshs contains a cross… |
vulnerability |
nvd |
CVE-2026-40883 |
|
2026-04-21 |
| unknown |
CVE-2026-40888 — Frappe HR is an open-source human resources management solution (HRMS). Prior to versions 15.58.1 an… |
vulnerability |
nvd |
CVE-2026-40888 |
|
2026-04-21 |
| unknown |
CVE-2025-70420 — A SQL injection vulnerability exists in Genesys Latitude v25.1.0.420 that allows an authenticated at… |
vulnerability |
nvd |
CVE-2025-70420 |
|
2026-04-21 |
| unknown |
CVE-2026-40895 — follow-redirects is an open source, drop-in replacement for Node's `http` and `https` modules that a… |
vulnerability |
nvd |
CVE-2026-40895 |
|
2026-04-21 |
| unknown |
CVE-2026-40939 — The Data Sharing Framework (DSF) implements a distributed process engine based on the BPMN 2.0 and F… |
vulnerability |
nvd |
CVE-2026-40939, CVE-2026-40942 |
|
2026-04-21 |
| unknown |
CVE-2026-40943 — Oxia is a metadata store and coordination system. Prior to 0.16.2, a race condition between session… |
vulnerability |
nvd |
CVE-2026-40943 |
|
2026-04-21 |
| unknown |
CVE-2026-40944 — Oxia is a metadata store and coordination system. Prior to 0.16.2, the trustedCertPool() function in… |
vulnerability |
nvd |
CVE-2026-40944 |
|
2026-04-21 |
| unknown |
CVE-2026-40945 — Oxia is a metadata store and coordination system. Prior to 0.16.2, when OIDC authentication fails, t… |
vulnerability |
nvd |
CVE-2026-40945 |
|
2026-04-21 |
| unknown |
CVE-2026-40946 — Oxia is a metadata store and coordination system. Prior to 0.16.2, the OIDC authentication provider… |
vulnerability |
nvd |
CVE-2026-40946 |
|
2026-04-21 |
| unknown |
CVE-2026-3307 — An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed an att… |
vulnerability |
nvd |
CVE-2026-3307 |
|
2026-04-21 |
| unknown |
CVE-2026-4296 — An incorrect regular expression vulnerability was identified in GitHub Enterprise Server that allowe… |
vulnerability |
nvd |
CVE-2026-4296 |
|
2026-04-21 |
| unknown |
CVE-2026-4821 — An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Ser… |
vulnerability |
nvd |
CVE-2026-4821 |
|
2026-04-21 |
| unknown |
CVE-2026-5512 — An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed an a… |
vulnerability |
nvd |
CVE-2026-5512 |
|
2026-04-21 |
| unknown |
CVE-2026-5845 — An improper authorization vulnerability in scoped user-to-server (ghu_) token authorization in GitHu… |
vulnerability |
nvd |
CVE-2026-5845 |
|
2026-04-21 |
| unknown |
CVE-2026-5921 — A server-side request forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that a… |
vulnerability |
nvd |
CVE-2026-5921 |
|
2026-04-21 |
| unknown |
CVE-2026-40343 — free5GC UDR is the user data repository (UDR) for free5GC, an an open-source project for 5th generat… |
vulnerability |
nvd |
CVE-2026-40343 |
|
2026-04-22 |
| unknown |
CVE-2026-41128 — Craft CMS is a content management system (CMS). In versions 5.6.0 through 5.9.14, the `actionSavePer… |
vulnerability |
nvd |
CVE-2026-41128 |
|
2026-04-22 |
| unknown |
CVE-2026-41129 — Craft CMS is a content management system (CMS). Versions on the 4.x branch through 4.17.8 and the 5.… |
vulnerability |
nvd |
CVE-2026-41129 |
|
2026-04-22 |
| unknown |
CVE-2026-41130 — Craft CMS is a content management system (CMS). In versions on the 4.x branch through 4.17.8 and the… |
vulnerability |
nvd |
CVE-2026-41130 |
|
2026-04-22 |
| unknown |
CVE-2026-41136 — free5GC AMF provides Access & Mobility Management Function (AMF) for free5GC, an an open-source proj… |
vulnerability |
nvd |
CVE-2026-41136 |
|
2026-04-22 |
| unknown |
CVE-2026-40344 — MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prio… |
vulnerability |
nvd |
CVE-2026-40344, CVE-2026-41145 |
|
2026-04-22 |
| unknown |
CVE-2026-41146 — facil.io is a C micro-framework for web applications. Prior to commit 5128747363055201d3ecf0e29bf0a9… |
vulnerability |
nvd |
CVE-2026-41146 |
|
2026-04-22 |
| unknown |
CVE-2026-41457 — OwnTone Server versions 28.4 through 29.0 contain a SQL injection vulnerability in DAAP query and fi… |
vulnerability |
nvd |
CVE-2026-41457 |
|
2026-04-22 |
| unknown |
CVE-2026-41458 — OwnTone Server versions 28.4 through 29.0 contain a race condition vulnerability in the DAAP login h… |
vulnerability |
nvd |
CVE-2026-41458 |
|
2026-04-22 |
| unknown |
CVE-2026-5398 — The implementation of TIOCNOTTY failed to clear a back-pointer from the structure representing the c… |
vulnerability |
nvd |
CVE-2026-5398 |
|
2026-04-22 |
| unknown |
CVE-2026-6386 — In order to apply a particular protection key to an address range, the kernel must update the corres… |
vulnerability |
nvd |
CVE-2026-6386 |
|
2026-04-22 |
| unknown |
CVE-2026-40451 — DeepL Chrome browser extension versions from v1.22.0 to v.1.23.0 contain a cross-site scripting vuln… |
vulnerability |
nvd |
CVE-2026-40451 |
|
2026-04-22 |
| unknown |
CVE-2026-40542 — Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the cli… |
vulnerability |
nvd |
CVE-2026-40542 |
|
2026-04-22 |
| unknown |
CVE-2026-31431 — In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to o… |
vulnerability |
nvd |
CVE-2026-31431 |
|
2026-04-22 |
| unknown |
CVE-2026-31432 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix OOB write in QUERY_IN… |
vulnerability |
nvd |
CVE-2026-31432 |
|
2026-04-22 |
| unknown |
CVE-2026-31433 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix potencial OOB in get_… |
vulnerability |
nvd |
CVE-2026-31433 |
|
2026-04-22 |
| unknown |
CVE-2026-0539 — Incorrect Default Permissions in pcvisit service binary on Windows allows a low-privileged local att… |
vulnerability |
nvd |
CVE-2026-0539 |
|
2026-04-22 |
| unknown |
CVE-2026-31192 — Insufficient validation of Chrome extension identifiers in Raindrop.io Bookmark Manager Web App 5.6.… |
vulnerability |
nvd |
CVE-2026-31192 |
|
2026-04-22 |
| unknown |
CVE-2026-31434 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix leak of kobject name… |
vulnerability |
nvd |
CVE-2026-31434 |
|
2026-04-22 |
| unknown |
CVE-2026-31435 — In the Linux kernel, the following vulnerability has been resolved: netfs: Fix read abandonment duri… |
vulnerability |
nvd |
CVE-2026-31435 |
|
2026-04-22 |
| unknown |
CVE-2026-31436 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix possible wr… |
vulnerability |
nvd |
CVE-2026-31436 |
|
2026-04-22 |
| unknown |
CVE-2026-31437 — In the Linux kernel, the following vulnerability has been resolved: netfs: Fix NULL pointer derefere… |
vulnerability |
nvd |
CVE-2026-31437 |
|
2026-04-22 |
| unknown |
CVE-2026-31438 — In the Linux kernel, the following vulnerability has been resolved: netfs: Fix kernel BUG in netfs_l… |
vulnerability |
nvd |
CVE-2026-31438 |
|
2026-04-22 |
| unknown |
CVE-2026-31439 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: xilinx: xdma: Fix reg… |
vulnerability |
nvd |
CVE-2026-31439 |
|
2026-04-22 |
| unknown |
CVE-2026-31440 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix leaking eve… |
vulnerability |
nvd |
CVE-2026-31440 |
|
2026-04-22 |
| unknown |
CVE-2026-31441 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix memory leak… |
vulnerability |
nvd |
CVE-2026-31441 |
|
2026-04-22 |
| unknown |
CVE-2026-31442 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix possible in… |
vulnerability |
nvd |
CVE-2026-31442 |
|
2026-04-22 |
| unknown |
CVE-2026-31443 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix crash when… |
vulnerability |
nvd |
CVE-2026-31443 |
|
2026-04-22 |
| unknown |
CVE-2026-31444 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free and NU… |
vulnerability |
nvd |
CVE-2026-31444 |
|
2026-04-22 |
| unknown |
CVE-2026-31445 — In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: avoid use of half… |
vulnerability |
nvd |
CVE-2026-31445 |
|
2026-04-22 |
| unknown |
CVE-2026-31446 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix use-after-free in upda… |
vulnerability |
nvd |
CVE-2026-31446 |
|
2026-04-22 |
| unknown |
CVE-2026-31447 — In the Linux kernel, the following vulnerability has been resolved: ext4: reject mount if bigalloc w… |
vulnerability |
nvd |
CVE-2026-31447 |
|
2026-04-22 |
| unknown |
CVE-2026-31448 — In the Linux kernel, the following vulnerability has been resolved: ext4: avoid infinite loops cause… |
vulnerability |
nvd |
CVE-2026-31448 |
|
2026-04-22 |
| unknown |
CVE-2026-31449 — In the Linux kernel, the following vulnerability has been resolved: ext4: validate p_idx bounds in e… |
vulnerability |
nvd |
CVE-2026-31449 |
|
2026-04-22 |
| unknown |
CVE-2026-31451 — In the Linux kernel, the following vulnerability has been resolved: ext4: replace BUG_ON with proper… |
vulnerability |
nvd |
CVE-2026-31451 |
|
2026-04-22 |
| unknown |
CVE-2026-31452 — In the Linux kernel, the following vulnerability has been resolved: ext4: convert inline data to ext… |
vulnerability |
nvd |
CVE-2026-31452 |
|
2026-04-22 |
| unknown |
CVE-2026-31453 — In the Linux kernel, the following vulnerability has been resolved: xfs: avoid dereferencing log ite… |
vulnerability |
nvd |
CVE-2026-31453 |
|
2026-04-22 |
| unknown |
CVE-2026-31454 — In the Linux kernel, the following vulnerability has been resolved: xfs: save ailp before dropping t… |
vulnerability |
nvd |
CVE-2026-31454 |
|
2026-04-22 |
| unknown |
CVE-2026-31455 — In the Linux kernel, the following vulnerability has been resolved: xfs: stop reclaim before pushing… |
vulnerability |
nvd |
CVE-2026-31455 |
|
2026-04-22 |
| unknown |
CVE-2026-31457 — In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: check contexts->… |
vulnerability |
nvd |
CVE-2026-31457, CVE-2026-31458 |
|
2026-04-22 |
| unknown |
CVE-2026-31459 — In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: fix param_ctx le… |
vulnerability |
nvd |
CVE-2026-31459 |
|
2026-04-22 |
| unknown |
CVE-2026-31462 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: prevent immediate PA… |
vulnerability |
nvd |
CVE-2026-31462 |
|
2026-04-22 |
| unknown |
CVE-2026-31463 — In the Linux kernel, the following vulnerability has been resolved: iomap: fix invalid folio access… |
vulnerability |
nvd |
CVE-2026-31463 |
|
2026-04-22 |
| unknown |
CVE-2026-31464 — In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Fix OOB access in… |
vulnerability |
nvd |
CVE-2026-31464 |
|
2026-04-22 |
| unknown |
CVE-2026-31465 — In the Linux kernel, the following vulnerability has been resolved: writeback: don't block sync for… |
vulnerability |
nvd |
CVE-2026-31465 |
|
2026-04-22 |
| unknown |
CVE-2026-31466 — In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: fix folio isn't… |
vulnerability |
nvd |
CVE-2026-31466 |
|
2026-04-22 |
| unknown |
CVE-2026-31467 — In the Linux kernel, the following vulnerability has been resolved: erofs: add GFP_NOIO in the bio c… |
vulnerability |
nvd |
CVE-2026-31467 |
|
2026-04-22 |
| unknown |
CVE-2026-31468 — In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Fix double free in dma… |
vulnerability |
nvd |
CVE-2026-31468 |
|
2026-04-22 |
| unknown |
CVE-2026-31469 — In the Linux kernel, the following vulnerability has been resolved: virtio_net: Fix UAF on dst_ops w… |
vulnerability |
nvd |
CVE-2026-31469 |
|
2026-04-22 |
| unknown |
CVE-2026-31470 — In the Linux kernel, the following vulnerability has been resolved: virt: tdx-guest: Fix handling of… |
vulnerability |
nvd |
CVE-2026-31470 |
|
2026-04-22 |
| unknown |
CVE-2026-31471 — In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: only publish mode_d… |
vulnerability |
nvd |
CVE-2026-31471 |
|
2026-04-22 |
| unknown |
CVE-2026-31472 — In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: validate inner IPv4… |
vulnerability |
nvd |
CVE-2026-31472 |
|
2026-04-22 |
| unknown |
CVE-2026-31473 — In the Linux kernel, the following vulnerability has been resolved: media: mc, v4l2: serialize REINI… |
vulnerability |
nvd |
CVE-2026-31473 |
|
2026-04-22 |
| unknown |
CVE-2026-31474 — In the Linux kernel, the following vulnerability has been resolved: can: isotp: fix tx.buf use-after… |
vulnerability |
nvd |
CVE-2026-31474 |
|
2026-04-22 |
| unknown |
CVE-2026-31475 — In the Linux kernel, the following vulnerability has been resolved: ASoC: sma1307: fix double free o… |
vulnerability |
nvd |
CVE-2026-31475 |
|
2026-04-22 |
| unknown |
CVE-2026-31476 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: do not expire session on… |
vulnerability |
nvd |
CVE-2026-31476 |
|
2026-04-22 |
| unknown |
CVE-2026-31477 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix memory leaks and NULL… |
vulnerability |
nvd |
CVE-2026-31477 |
|
2026-04-22 |
| unknown |
CVE-2026-31478 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: replace hardcoded hdr2_le… |
vulnerability |
nvd |
CVE-2026-31478 |
|
2026-04-22 |
| unknown |
CVE-2026-31480 — In the Linux kernel, the following vulnerability has been resolved: tracing: Fix potential deadlock… |
vulnerability |
nvd |
CVE-2026-31480 |
|
2026-04-22 |
| unknown |
CVE-2026-31481 — In the Linux kernel, the following vulnerability has been resolved: tracing: Drain deferred trigger… |
vulnerability |
nvd |
CVE-2026-31481 |
|
2026-04-22 |
| unknown |
CVE-2026-31482 — In the Linux kernel, the following vulnerability has been resolved: s390/entry: Scrub r12 register o… |
vulnerability |
nvd |
CVE-2026-31482 |
|
2026-04-22 |
| unknown |
CVE-2026-31483 — In the Linux kernel, the following vulnerability has been resolved: s390/syscalls: Add spectre bound… |
vulnerability |
nvd |
CVE-2026-31483 |
|
2026-04-22 |
| unknown |
CVE-2026-31484 — In the Linux kernel, the following vulnerability has been resolved: io_uring/fdinfo: fix OOB read in… |
vulnerability |
nvd |
CVE-2026-31484 |
|
2026-04-22 |
| unknown |
CVE-2026-31485 — In the Linux kernel, the following vulnerability has been resolved: spi: spi-fsl-lpspi: fix teardown… |
vulnerability |
nvd |
CVE-2026-31485 |
|
2026-04-22 |
| unknown |
CVE-2026-31486 — In the Linux kernel, the following vulnerability has been resolved: hwmon: (pmbus/core) Protect regu… |
vulnerability |
nvd |
CVE-2026-31486 |
|
2026-04-22 |
| unknown |
CVE-2026-31487 — In the Linux kernel, the following vulnerability has been resolved: spi: use generic driver_override… |
vulnerability |
nvd |
CVE-2026-31487 |
|
2026-04-22 |
| unknown |
CVE-2026-31489 — In the Linux kernel, the following vulnerability has been resolved: spi: meson-spicc: Fix double-put… |
vulnerability |
nvd |
CVE-2026-31489 |
|
2026-04-22 |
| unknown |
CVE-2026-31490 — In the Linux kernel, the following vulnerability has been resolved: drm/xe/pf: Fix use-after-free in… |
vulnerability |
nvd |
CVE-2026-31490 |
|
2026-04-22 |
| unknown |
CVE-2026-31491 — In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Harden depth calcula… |
vulnerability |
nvd |
CVE-2026-31491 |
|
2026-04-22 |
| unknown |
CVE-2026-31492 — In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Initialize free_qp c… |
vulnerability |
nvd |
CVE-2026-31492 |
|
2026-04-22 |
| unknown |
CVE-2026-31493 — In the Linux kernel, the following vulnerability has been resolved: RDMA/efa: Fix use of completion… |
vulnerability |
nvd |
CVE-2026-31493 |
|
2026-04-22 |
| unknown |
CVE-2026-31494 — In the Linux kernel, the following vulnerability has been resolved: net: macb: use the current queue… |
vulnerability |
nvd |
CVE-2026-31494 |
|
2026-04-22 |
| unknown |
CVE-2026-31495 — In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: use netlin… |
vulnerability |
nvd |
CVE-2026-31495 |
|
2026-04-22 |
| unknown |
CVE-2026-31496 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_expect:… |
vulnerability |
nvd |
CVE-2026-31496 |
|
2026-04-22 |
| unknown |
CVE-2026-31497 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: clamp SCO alts… |
vulnerability |
nvd |
CVE-2026-31497 |
|
2026-04-22 |
| unknown |
CVE-2026-31498 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix ERTM re-in… |
vulnerability |
nvd |
CVE-2026-31498 |
|
2026-04-22 |
| unknown |
CVE-2026-31499 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix deadlock i… |
vulnerability |
nvd |
CVE-2026-31499 |
|
2026-04-22 |
| unknown |
CVE-2026-31500 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel: serialize bt… |
vulnerability |
nvd |
CVE-2026-31500 |
|
2026-04-22 |
| unknown |
CVE-2026-31501 — In the Linux kernel, the following vulnerability has been resolved: net: ti: icssg-prueth: fix use-a… |
vulnerability |
nvd |
CVE-2026-31501 |
|
2026-04-22 |
| unknown |
CVE-2026-31502 — In the Linux kernel, the following vulnerability has been resolved: team: fix header_ops type confus… |
vulnerability |
nvd |
CVE-2026-31502 |
|
2026-04-22 |
| unknown |
CVE-2026-31503 — In the Linux kernel, the following vulnerability has been resolved: udp: Fix wildcard bind conflict… |
vulnerability |
nvd |
CVE-2026-31503 |
|
2026-04-22 |
| unknown |
CVE-2026-31504 — In the Linux kernel, the following vulnerability has been resolved: net: fix fanout UAF in packet_re… |
vulnerability |
nvd |
CVE-2026-31504 |
|
2026-04-22 |
| unknown |
CVE-2026-31505 — In the Linux kernel, the following vulnerability has been resolved: iavf: fix out-of-bounds writes i… |
vulnerability |
nvd |
CVE-2026-31505 |
|
2026-04-22 |
| unknown |
CVE-2026-31506 — In the Linux kernel, the following vulnerability has been resolved: net: bcmasp: fix double free of… |
vulnerability |
nvd |
CVE-2026-31506 |
|
2026-04-22 |
| unknown |
CVE-2026-31507 — In the Linux kernel, the following vulnerability has been resolved: net/smc: fix double-free of smc_… |
vulnerability |
nvd |
CVE-2026-31507 |
|
2026-04-22 |
| unknown |
CVE-2026-31508 — In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: Avoid releasin… |
vulnerability |
nvd |
CVE-2026-31508 |
|
2026-04-22 |
| unknown |
CVE-2026-31509 — In the Linux kernel, the following vulnerability has been resolved: nfc: nci: fix circular locking d… |
vulnerability |
nvd |
CVE-2026-31509 |
|
2026-04-22 |
| unknown |
CVE-2026-31511 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix dangling po… |
vulnerability |
nvd |
CVE-2026-31511 |
|
2026-04-22 |
| unknown |
CVE-2026-31512 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Validate PDU l… |
vulnerability |
nvd |
CVE-2026-31512 |
|
2026-04-22 |
| unknown |
CVE-2026-31513 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix stack-out-… |
vulnerability |
nvd |
CVE-2026-31513 |
|
2026-04-22 |
| unknown |
CVE-2026-31514 — In the Linux kernel, the following vulnerability has been resolved: erofs: set fileio bio failed in… |
vulnerability |
nvd |
CVE-2026-31514 |
|
2026-04-22 |
| unknown |
CVE-2026-31515 — In the Linux kernel, the following vulnerability has been resolved: af_key: validate families in pfk… |
vulnerability |
nvd |
CVE-2026-31515 |
|
2026-04-22 |
| unknown |
CVE-2026-31516 — In the Linux kernel, the following vulnerability has been resolved: xfrm: prevent policy_hthresh.wor… |
vulnerability |
nvd |
CVE-2026-31516 |
|
2026-04-22 |
| unknown |
CVE-2026-31517 — In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: fix skb_put() panic… |
vulnerability |
nvd |
CVE-2026-31517 |
|
2026-04-22 |
| unknown |
CVE-2026-31518 — In the Linux kernel, the following vulnerability has been resolved: esp: fix skb leak with espintcp… |
vulnerability |
nvd |
CVE-2026-31518 |
|
2026-04-22 |
| unknown |
CVE-2026-31519 — In the Linux kernel, the following vulnerability has been resolved: btrfs: set BTRFS_ROOT_ORPHAN_CLE… |
vulnerability |
nvd |
CVE-2026-31519 |
|
2026-04-22 |
| unknown |
CVE-2026-31520 — In the Linux kernel, the following vulnerability has been resolved: HID: apple: avoid memory leak in… |
vulnerability |
nvd |
CVE-2026-31520 |
|
2026-04-22 |
| unknown |
CVE-2026-31521 — In the Linux kernel, the following vulnerability has been resolved: module: Fix kernel panic when a… |
vulnerability |
nvd |
CVE-2026-31521 |
|
2026-04-22 |
| unknown |
CVE-2026-31522 — In the Linux kernel, the following vulnerability has been resolved: HID: magicmouse: avoid memory le… |
vulnerability |
nvd |
CVE-2026-31522 |
|
2026-04-22 |
| unknown |
CVE-2026-31523 — In the Linux kernel, the following vulnerability has been resolved: nvme-pci: ensure we're polling a… |
vulnerability |
nvd |
CVE-2026-31523 |
|
2026-04-22 |
| unknown |
CVE-2026-31524 — In the Linux kernel, the following vulnerability has been resolved: HID: asus: avoid memory leak in… |
vulnerability |
nvd |
CVE-2026-31524 |
|
2026-04-22 |
| unknown |
CVE-2026-31525 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix undefined behavior in i… |
vulnerability |
nvd |
CVE-2026-31525 |
|
2026-04-22 |
| unknown |
CVE-2026-31526 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix exception exit lock che… |
vulnerability |
nvd |
CVE-2026-31526 |
|
2026-04-22 |
| unknown |
CVE-2026-31527 — In the Linux kernel, the following vulnerability has been resolved: driver core: platform: use gener… |
vulnerability |
nvd |
CVE-2026-31527 |
|
2026-04-22 |
| unknown |
CVE-2026-31528 — In the Linux kernel, the following vulnerability has been resolved: perf: Make sure to use pmu_ctx->… |
vulnerability |
nvd |
CVE-2026-31528 |
|
2026-04-22 |
| unknown |
CVE-2026-31529 — In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fix leakage in __con… |
vulnerability |
nvd |
CVE-2026-31529 |
|
2026-04-22 |
| unknown |
CVE-2026-31530 — In the Linux kernel, the following vulnerability has been resolved: cxl/port: Fix use after free of… |
vulnerability |
nvd |
CVE-2026-31530 |
|
2026-04-22 |
| unknown |
CVE-2026-5749 — Inadequate access control in the registration process in Fullstep V5, which could allow unauthentica… |
vulnerability |
nvd |
CVE-2026-5749 |
|
2026-04-22 |
| unknown |
CVE-2026-5750 — An insecure direct object reference (IDOR) vulnerability in the Fullstep V5 registration process all… |
vulnerability |
nvd |
CVE-2026-5750 |
|
2026-04-22 |
| unknown |
CVE-2026-6355 — A vulnerability in the web application allows unauthorized users to access and manipulate sensitive… |
vulnerability |
nvd |
CVE-2026-6355 |
|
2026-04-22 |
| unknown |
CVE-2026-6356 — A vulnerability in the web application allows standard users to escalate their privileges to those o… |
vulnerability |
nvd |
CVE-2026-6356 |
|
2026-04-22 |
| unknown |
CVE-2026-32223 Windows USB Printing Stack (usbprint.sys) Elevation of Privilege Vulnerability |
advisory |
vendor-blogs |
|
|
2026-04-21 |
| unknown |
CVE-2026-26168 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
advisory |
vendor-blogs |
|
|
2026-04-21 |
| unknown |
CVE-2026-40372 ASP.NET Core Elevation of Privilege Vulnerability |
advisory |
vendor-blogs |
|
|
2026-04-21 |
| unknown |
CVE-2026-32288 Unbounded allocation for old GNU sparse in archive/tar |
advisory |
vendor-blogs |
|
|
2026-04-21 |
| unknown |
CVE-2026-41254 |
advisory |
vendor-blogs |
|
|
2026-04-21 |
| unknown |
CVE-2026-32077 Windows UPnP Device Host Elevation of Privilege Vulnerability |
advisory |
vendor-blogs |
|
|
2026-04-20 |
| unknown |
CVE-2026-26149 Microsoft Power Apps Spoofing Vulnerability |
advisory |
vendor-blogs |
|
|
2026-04-20 |
| unknown |
CVE-2026-5160 |
advisory |
vendor-blogs |
|
|
2026-04-19 |
| unknown |
CVE-2026-6100 Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure |
advisory |
vendor-blogs |
|
|
2026-04-19 |
| unknown |
CVE-2026-4786 Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open() |
advisory |
vendor-blogs |
|
|
2026-04-19 |
| unknown |
CVE-2026-33056 tar-rs: unpack_in can chmod arbitrary directories by following symlinks |
advisory |
vendor-blogs |
|
|
2026-04-19 |
| unknown |
CVE-2026-33055 tar-rs incorrectly ignores PAX size headers if header size is nonzero |
advisory |
vendor-blogs |
|
|
2026-04-19 |
| unknown |
Chromium: CVE-2026-6296 Heap buffer overflow in ANGLE |
advisory |
vendor-blogs |
|
|
2026-04-17 |
| unknown |
Chromium: CVE-2026-6363 Type Confusion in V8 |
advisory |
vendor-blogs |
|
|
2026-04-17 |
| unknown |
Chromium: CVE-2026-6359 Use after free in Video |
advisory |
vendor-blogs |
|
|
2026-04-17 |
| unknown |
Chromium: CVE-2026-6364 Out of bounds read in Skia |
advisory |
vendor-blogs |
|
|
2026-04-17 |
| unknown |
Chromium: CVE-2026-6362 Use after free in Codecs |
advisory |
vendor-blogs |
|
|
2026-04-17 |
| unknown |
Chromium: CVE-2026-6313 Insufficient policy enforcement in CORS |
advisory |
vendor-blogs |
|
|
2026-04-17 |
| unknown |
Chromium: CVE-2026-6314 Out of bounds write in GPU |
advisory |
vendor-blogs |
|
|
2026-04-17 |
| unknown |
Chromium: CVE-2026-6361 Heap buffer overflow in PDFium |
advisory |
vendor-blogs |
|
|
2026-04-17 |
| unknown |
Chromium: CVE-2026-6310 Use after free in Dawn |
advisory |
vendor-blogs |
|
|
2026-04-17 |
| unknown |
Chromium: CVE-2026-6360 Use after free in FileSystem |
advisory |
vendor-blogs |
|
|
2026-04-17 |
| unknown |
Chromium: CVE-2026-6316 Use after free in Forms |
advisory |
vendor-blogs |
|
|
2026-04-17 |
| unknown |
Chromium: CVE-2026-6309 Use after free in Viz |
advisory |
vendor-blogs |
|
|
2026-04-17 |
| unknown |
Chromium: CVE-2026-6311 Uninitialized Use in Accessibility |
advisory |
vendor-blogs |
|
|
2026-04-17 |
| unknown |
Chromium: CVE-2026-6307 Type Confusion in Turbofan |
advisory |
vendor-blogs |
|
|
2026-04-17 |
| unknown |
Chromium: CVE-2026-6308 Out of bounds read in Media |
advisory |
vendor-blogs |
|
|
2026-04-17 |
| unknown |
Chromium: CVE-2026-6300 Use after free in CSS |
advisory |
vendor-blogs |
|
|
2026-04-17 |
| unknown |
Chromium: CVE-2026-6304 Use after free in Graphite |
advisory |
vendor-blogs |
|
|
2026-04-17 |
| unknown |
Chromium: CVE-2026-6317 Use after free in Cast |
advisory |
vendor-blogs |
|
|
2026-04-17 |
| unknown |
Chromium: CVE-2026-6312 Insufficient policy enforcement in Passwords |
advisory |
vendor-blogs |
|
|
2026-04-17 |
| unknown |
Chromium: CVE-2026-6298 Heap buffer overflow in Skia |
advisory |
vendor-blogs |
|
|
2026-04-17 |
| unknown |
Chromium: CVE-2026-6297 Use after free in Proxy |
advisory |
vendor-blogs |
|
|
2026-04-17 |
| unknown |
Chromium: CVE-2026-6299 Use after free in Prerender |
advisory |
vendor-blogs |
|
|
2026-04-17 |
| unknown |
CVE-2026-33948 jq: Embedded-NUL Truncation in CLI JSON Input Path Causes Prefix-Only Validation of Malformed Input |
advisory |
vendor-blogs |
|
|
2026-04-17 |
| unknown |
CVE-2026-40164 jq: Algorithmic complexity DoS via hardcoded MurmurHash3 seed |
advisory |
vendor-blogs |
|
|
2026-04-17 |
| unknown |
CVE-2026-35469 SpdyStream: DOS on CRI |
advisory |
vendor-blogs |
|
|
2026-04-17 |
| unknown |
CVE-2026-39956 jq: Missing runtime type checks for _strindices lead to crash and limited memory disclosure |
advisory |
vendor-blogs |
|
|
2026-04-17 |
| unknown |
CVE-2026-35201 Discount has an Out-of-bounds Read in rdiscount |
advisory |
vendor-blogs |
|
|
2026-04-17 |
| unknown |
CVE-2026-32316 jq: Integer overflow in jvp_string_append() allows Heap-based Buffer Overflow |
advisory |
vendor-blogs |
|
|
2026-04-17 |
| unknown |
CVE-2026-33947 jq: Unbounded Recursion in jv_setpath(), jv_getpath() and delpaths_sorted() |
advisory |
vendor-blogs |
|
|
2026-04-17 |
| unknown |
CVE-2026-39979 jq: Out-of-Bounds Read in jv_parse_sized() Error Formatting for Non-NUL-Terminated Counted Buffers |
advisory |
vendor-blogs |
|
|
2026-04-17 |
| unknown |
CVE-2026-41035 |
advisory |
vendor-blogs |
|
|
2026-04-17 |
| unknown |
CVE-2026-35199 SymCrypt SymCryptXmssSign function - Heap overflow via 64->32-bit leaf-count truncation |
advisory |
vendor-blogs |
|
|
2026-04-17 |
| unknown |
CVE-2025-14821 Libssh: libssh: insecure default configuration leads to local man-in-the-middle attacks on windows |
advisory |
vendor-blogs |
|
|
2026-04-17 |
| unknown |
CVE-2026-40179 Prometheus: Stored XSS via metric names and label values in web UI tooltips and metrics explorer |
advisory |
vendor-blogs |
|
|
2026-04-17 |
| unknown |
CVE-2026-2673 OpenSSL TLS 1.3 server may choose unexpected key agreement group |
advisory |
vendor-blogs |
|
|
2026-04-17 |
| unknown |
CVE-2025-64669 Windows Admin Center Elevation of Privilege Vulnerability |
advisory |
vendor-blogs |
|
|
2026-04-16 |
| unknown |
Bad Apples: Weaponizing native macOS primitives for movement and execution |
advisory |
vendor-blogs |
|
|
2026-04-21 |
| unknown |
Foxit, LibRaw vulnerabilities |
advisory |
vendor-blogs |
|
|
2026-04-16 |
| unknown |
The Q1 vulnerability pulse |
advisory |
vendor-blogs |
|
|
2026-04-16 |
| unknown |
More than pretty pictures: Wendy Bishop on visual storytelling in tech |
advisory |
vendor-blogs |
|
|
2026-04-16 |
| unknown |
SSH brings PrivX OT to Nokia Industrial Edge to secure remote access in OT environments |
advisory |
vendor-blogs |
|
|
2026-04-21 |
| unknown |
TXOne introduces Stellar Discover to extend OT security from discovery to risk insight |
advisory |
vendor-blogs |
|
|
2026-04-21 |
| unknown |
Industrial Defender partners with KYrON to boost OT resilience and NIS2 readiness in France |
advisory |
vendor-blogs |
|
|
2026-04-21 |
| unknown |
Semperis extends Purple Knight identity security assessment tool to US federal, defense GCC High environments |
advisory |
vendor-blogs |
|
|
2026-04-21 |
| unknown |
WEF urges intelligence sharing as port cyber threats outpace siloed defences |
advisory |
vendor-blogs |
|
|
2026-04-20 |
| unknown |
New GoGra malware for Linux uses Microsoft Graph API for comms |
news |
general-news |
|
|
2026-04-22 |
| unknown |
Microsoft releases emergency patches for critical ASP.NET flaw |
news |
general-news |
|
|
2026-04-22 |
| unknown |
French govt agency confirms breach as hacker offers to sell data |
news |
general-news |
|
|
2026-04-21 |
| unknown |
New Lotus data wiper used against Venezuelan energy, utility firms |
news |
general-news |
|
|
2026-04-21 |
| unknown |
CISA flags new SD-WAN flaw as actively exploited in attacks |
news |
general-news |
|
|
2026-04-21 |
| unknown |
Actively exploited Apache ActiveMQ flaw impacts 6,400 servers |
news |
general-news |
|
|
2026-04-21 |
| unknown |
NGate Android malware uses HandyPay NFC app to steal card data |
news |
general-news |
|
|
2026-04-21 |
| unknown |
Lotus Wiper Malware Targets Venezuelan Energy Systems in Destructive Attack |
news |
general-news |
|
|
2026-04-22 |
| unknown |
Toxic Combinations: When Cross-App Permissions Stack into Risk |
news |
general-news |
|
|
2026-04-22 |
| unknown |
Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug |
news |
general-news |
|
|
2026-04-22 |
| unknown |
Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape |
news |
general-news |
|
|
2026-04-22 |
| unknown |
22 BRIDGE:BREAK Flaws Expose Thousands of Lantronix and Silex Serial-to-IP Converters |
news |
general-news |
|
|
2026-04-21 |
| unknown |
NGate Campaign Targets Brazil, Trojanizes HandyPay to Steal NFC Data and PINs |
news |
general-news |
|
|
2026-04-21 |
| unknown |
Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution |
news |
general-news |
|
|
2026-04-21 |
| unknown |
CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines |
news |
general-news |
|
|
2026-04-21 |
| unknown |
⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More |
news |
general-news |
|
|
2026-04-20 |
| unknown |
Vercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials |
news |
general-news |
|
|
2026-04-20 |
| unknown |
$13.74M Hack Shuts Down Sanctioned Grinex Exchange After Intelligence Claims |
news |
general-news |
|
|
2026-04-18 |
| unknown |
NIST Limits CVE Enrichment After 263% Surge in Vulnerability Submissions |
news |
general-news |
|
|
2026-04-17 |
| unknown |
Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation |
news |
general-news |
|
|
2026-04-17 |
| unknown |
Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution |
news |
general-news |
|
|
2026-04-16 |
| unknown |
UAC-0247 Targets Ukrainian Clinics and Government in Data-Theft Malware Campaign |
news |
general-news |
|
|
2026-04-16 |
| unknown |
DPRK Fake Job Scams Self-Propagate in 'Contagious Interview' |
news |
general-news |
|
|
2026-04-22 |
| unknown |
Exploits Turn Windows Defender Into Attacker Tool |
news |
general-news |
|
|
2026-04-21 |
| unknown |
Vercel Employee's AI Tool Access Led to Data Breach |
news |
general-news |
|
|
2026-04-20 |
| unknown |
Serial-to-IP Devices Hide Thousands of Old & New Bugs |
news |
general-news |
|
|
2026-04-20 |
| unknown |
WhatsApp Leaks User Metadata to Attackers |
news |
general-news |
|
|
2026-04-20 |
| unknown |
Every Old Vulnerability Is Now an AI Vulnerability |
news |
general-news |
|
|
2026-04-17 |
| unknown |
Coast Guard's New Cybersecurity Rules Offer Lessons for CISOs |
news |
general-news |
|
transport |
2026-04-17 |
| unknown |
NIST Revamps CVE Framework to Focus on High-Impact Vulnerabilities |
news |
general-news |
|
|
2026-04-16 |
| unknown |
North Korea Uses ClickFix to Target macOS Users' Data |
news |
general-news |
|
|
2026-04-16 |
| unknown |
'Harmless' Global Adware Transforms Into an AV Killer |
news |
general-news |
|
|
2026-04-16 |
| unknown |
Microsoft's Original Windows Secure Boot Certificate Is Expiring |
news |
general-news |
|
|
2026-04-16 |
| unknown |
Critical MCP Integration Flaw Puts NGINX at Risk |
news |
general-news |
|
|
2026-04-15 |
| unknown |
After Bluesky, Mastodon Targeted in DDoS Attack |
news |
general-news |
|
|
2026-04-22 |
| unknown |
Most Serious Cyberattacks Against the UK Now From Russia, Iran and China, Cyber Chief Says |
news |
general-news |
|
|
2026-04-22 |
| unknown |
New Wiper Malware Targeted Venezuelan Energy Sector Prior to US Intervention |
news |
general-news |
|
|
2026-04-22 |
| unknown |
North Korean Hackers Use AppleScript, ClickFix in Fresh macOS Attacks |
news |
general-news |
|
|
2026-04-22 |
| unknown |
Oracle Patches 450 Vulnerabilities With April 2026 CPU |
news |
general-news |
|
|
2026-04-22 |
| unknown |
UK Faces a Cyber ‘Perfect Storm’ Driven by Tech Advances and Nation State Threats, NCSC Warns |
news |
general-news |
|
|
2026-04-22 |
| unknown |
Trojanized Android App Fuels New Wave of NFC Fraud |
news |
general-news |
|
|
2026-04-21 |
| unknown |
Unchecked AI Agents Cause Cybersecurity Incidents at Two Thirds of Firms |
news |
general-news |
|
|
2026-04-21 |
| unknown |
Vercel Confirms Cyber Incident After Sophisticated Attacker Exploits Third‑Party Tool |
news |
general-news |
|
|
2026-04-21 |
| unknown |
Formbook Malware Campaign Uses Multiple Obfuscation Techniques to Avoid Detection |
news |
general-news |
|
|
2026-04-20 |
| unknown |
NCSC Outlines Coordinated Plan to Boost NHS Cyber Resilience |
news |
general-news |
|
|
2026-04-20 |
| unknown |
Commercial AI Models Show Rapid Gains in Vulnerability Research |
news |
general-news |
|
|
2026-04-17 |
| unknown |
APK Malformation Found in Thousands of Android Malware Samples |
news |
general-news |
|
|
2026-04-16 |
| unknown |
NIST Drops NVD Enrichment for Pre-March 2026 Vulnerabilities |
news |
general-news |
|
|
2026-04-16 |
| unknown |
Systemic Flaw in MCP Protocol Could Expose 150 Million Downloads |
news |
general-news |
|
|
2026-04-16 |
| unknown |
UK cyber agency handling four major incidents a week as nation-state attacks surge |
news |
general-news |
|
|
2026-04-22 |
| unknown |
The AI era demands a different kind of CISO |
news |
general-news |
|
|
2026-04-22 |
| unknown |
Scottish man pleads guilty to attack spree that created Scattered Spider’s notoriety |
news |
general-news |
|
|
2026-04-21 |
| unknown |
Mythos can find the vulnerability. It can’t tell you what to do about it. |
news |
general-news |
|
|
2026-04-21 |
| unknown |
Vercel’s security breach started with malware disguised as Roblox cheats |
news |
general-news |
|
|
2026-04-20 |
| unknown |
Network ‘background noise’ may predict the next big edge-device vulnerability |
news |
general-news |
|
|
2026-04-20 |