# OSINT Threat Intelligence Report

**Date:** 2026-04-23 | **Generated:** 2026-04-23T03:00:26.198Z | **Items:** 412 | **Range:** daily

## Sources
| Source | Count |
|--------|-------|
| cisa-kev | 7 |
| otx | 33 |
| cisa-advisories | 18 |
| vendor-blogs | 87 |
| nvd | 1071 |
| malware-bazaar | 16 |
| abuse-ipdb | 20 |
| threatfox | 2 |
| general-news | 96 |

## Top 10 Highlights
| Severity | Title | Source | CVEs | Tags |
|----------|-------|--------|------|------|
| critical | CVE-2026-4119 — The Create DB Tables plugin for WordPress is vulnerable to authorization bypass in all versions up t… | nvd | CVE-2026-4119 |  |
| critical | CVE-2026-6235 — The Sendmachine for WordPress plugin for WordPress is vulnerable to authorization bypass via the 'ma… | nvd | CVE-2026-6235 |  |
| critical | CVE-2026-31460 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: check if ext_ca… | nvd | CVE-2026-31460 | ransomware |
| critical | CVE-2026-31461 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix drm_edid le… | nvd | CVE-2026-31461 | ransomware |
| critical | CVE-2026-31488 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Do not skip unr… | nvd | CVE-2026-31488 | ransomware |
| critical | CVE-2026-6356 — A vulnerability in the web application allows standard users to escalate their privileges to those o… | nvd | CVE-2026-6356 |  |
| critical | CVE-2026-34415 — Xerte Online Toolkits versions 3.15 and earlier contain an incomplete input validation vulnerability… | nvd | CVE-2026-34415 |  |
| critical | CVE-2026-33471 — nimiq-block contains block primitives to be used in Nimiq's Rust implementation. `SkipBlockProof::ve… | nvd | CVE-2026-33471 |  |
| critical | CVE-2026-33656 — EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, Espo… | nvd | CVE-2026-33656 |  |
| critical | CVE-2026-41167 — Jellystat is a free and open source Statistics App for Jellyfin. Prior to version 1.1.10, multiple A… | nvd | CVE-2026-41167 | rce |

## All Items
| Severity | Title | Category | Source | Tags | Published |
|----------|-------|----------|--------|------|-----------|
| critical | CVE-2026-4119 — The Create DB Tables plugin for WordPress is vulnerable to authorization bypass in all versions up t… | vulnerability | nvd |  | 2026-04-22 |
| critical | CVE-2026-6235 — The Sendmachine for WordPress plugin for WordPress is vulnerable to authorization bypass via the 'ma… | vulnerability | nvd |  | 2026-04-22 |
| critical | CVE-2026-31460 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: check if ext_ca… | vulnerability | nvd | ransomware | 2026-04-22 |
| critical | CVE-2026-31461 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix drm_edid le… | vulnerability | nvd | ransomware | 2026-04-22 |
| critical | CVE-2026-31488 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Do not skip unr… | vulnerability | nvd | ransomware | 2026-04-22 |
| critical | CVE-2026-6356 — A vulnerability in the web application allows standard users to escalate their privileges to those o… | vulnerability | nvd |  | 2026-04-22 |
| critical | CVE-2026-34415 — Xerte Online Toolkits versions 3.15 and earlier contain an incomplete input validation vulnerability… | vulnerability | nvd |  | 2026-04-22 |
| critical | CVE-2026-33471 — nimiq-block contains block primitives to be used in Nimiq's Rust implementation. `SkipBlockProof::ve… | vulnerability | nvd |  | 2026-04-22 |
| critical | CVE-2026-33656 — EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, Espo… | vulnerability | nvd |  | 2026-04-22 |
| critical | CVE-2026-41167 — Jellystat is a free and open source Statistics App for Jellyfin. Prior to version 1.1.10, multiple A… | vulnerability | nvd | rce | 2026-04-22 |
| critical | CVE-2026-41208 — Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business.… | vulnerability | nvd | rce | 2026-04-23 |
| critical | ZeroFox data shows ransomware stabilizing at scale, with manufacturing absorbing nearly one in five attacks | advisory | vendor-blogs | ransomware | 2026-04-22 |
| critical | Malicious IP: 195.178.110.26 | ip-reputation | abuse-ipdb |  | 2026-04-23 |
| critical | Malicious IP: 193.163.125.91 | ip-reputation | abuse-ipdb |  | 2026-04-23 |
| critical | Malicious IP: 88.214.25.121 | ip-reputation | abuse-ipdb |  | 2026-04-23 |
| critical | Malicious IP: 152.32.182.165 | ip-reputation | abuse-ipdb |  | 2026-04-23 |
| critical | Malicious IP: 66.132.172.157 | ip-reputation | abuse-ipdb |  | 2026-04-23 |
| critical | Malicious IP: 37.10.113.217 | ip-reputation | abuse-ipdb |  | 2026-04-23 |
| critical | Malicious IP: 213.209.159.231 | ip-reputation | abuse-ipdb |  | 2026-04-23 |
| critical | Malicious IP: 58.57.154.146 | ip-reputation | abuse-ipdb |  | 2026-04-23 |
| critical | Malicious IP: 45.148.10.151 | ip-reputation | abuse-ipdb |  | 2026-04-23 |
| critical | Malicious IP: 87.251.64.147 | ip-reputation | abuse-ipdb |  | 2026-04-23 |
| critical | Malicious IP: 92.118.39.196 | ip-reputation | abuse-ipdb |  | 2026-04-23 |
| critical | Malicious IP: 195.85.207.253 | ip-reputation | abuse-ipdb |  | 2026-04-23 |
| critical | Malicious IP: 174.138.29.13 | ip-reputation | abuse-ipdb |  | 2026-04-23 |
| critical | Malicious IP: 2.57.122.197 | ip-reputation | abuse-ipdb |  | 2026-04-23 |
| critical | Malicious IP: 45.40.57.23 | ip-reputation | abuse-ipdb |  | 2026-04-23 |
| critical | Malicious IP: 167.172.126.69 | ip-reputation | abuse-ipdb |  | 2026-04-23 |
| critical | Malicious IP: 45.148.10.147 | ip-reputation | abuse-ipdb |  | 2026-04-23 |
| critical | Malicious IP: 64.62.156.203 | ip-reputation | abuse-ipdb |  | 2026-04-23 |
| critical | Malicious IP: 222.239.251.12 | ip-reputation | abuse-ipdb |  | 2026-04-23 |
| critical | Malicious IP: 14.225.3.79 | ip-reputation | abuse-ipdb |  | 2026-04-23 |
| critical | payload_delivery: undefined | threat-intel | threatfox | ClearFake, StrelaStealer, Mirai, ClickFix, compromised, etherhiding, Polygon, Vidar, WordPress, SocGholish, Loki, storj, .NET, VDSINA, SmartLoader, Kongtuke, darkcomet, CobaltStrike, drb-ra, ProxyBox, Socks5 Systemz, ACR Stealer, Mozi, c2, r88vry, LokiBot, Android, banker, Kutxabank, NFCGate, NGate, Spain, Unicaja, ndroid, phish, 22April2026, Commandline, Windows, AS199968, DarkCloud, Internet Domain Service BS Corp., IWS NETWORKS LLC, subdomain, CastleLoader, finger-delivery, tcp79, trojan, ViriBack, RAT, ValleyRAT, RedLineStealer, Agentemis, Beacon, Cobalt Strike, cobeacon, RapidStealer, remcos, Gafgyt, ConnectBack, glassworm, Wave3, wallet-trojan, calendar-c2, infostealer stealer, opiusra, EnmityStealer, 1xxbot, ArechClient, SectopRAT, Stealc, CinaRAT, Quasar RAT, QuasarRAT, Yggdrasil, BotManager, MaskGramStealer, 21April2026, conhost-headless, finger-tcp79, fingerfix, win.fingerfix, AS15169, hak5, AS14618, AS14061, AS9123, cs-watermark-987654321, cs-watermark-100000, Fake Zoom, ScreenConnect, VBScript, Fake Microsoft Teams, Fake Adobe, SSA, ErrTraffic, Lumma, XWorm, GDrive, grpc, msi, NodeJS, TOR, NanoCore, dcrat, Steal, RemcosRAT, ExtRat, Xtreme RAT, AS24940, CHAOS, Hetzner Online GmbH, kimwolf, Discord, cs-watermark-666666, macOS, stealer, FrostStealer, etherhide, polygon-contract-stored-c2, 20April2026, Fake-Claude, Nancrat, NanoCore RAT, PureHVNC, PureRAT, AS202412, jarm-cluster, Omegatech, cluster25, sliver, clickfix-cluster, phishing, AS8075, Microsoft Corporation, Supershell, EXT, Fake Claude, ACRStealer, OffLoader, AISURU, exe, DGA, valleyrat_s2, REMPROXY, CrystalX, DeepLoad, AS205775, NEON CORE NETWORK LLC, Bot Manager, pw-ryos, DDNS, Fake Adobe Reader, Fake DocuSign, payload, Fake Google Meet, cs-watermark-305419896, cs-watermark-666666666, cs-watermark-391144938, DarkCrystal RAT, 18April2026, AS216084, itystealer, Kerem Uluboy, Access2.IT Network, AS208258, zabbix, AS64439, borz, RocketCloud.ru, honeypot, WebDav, botnet, controller, ssh, Amnesia Panel, Web Panel, NetSupport, asyncrat, garble, go, midie, sideload-asus, AS56971, AS56971 Cloud, UNAM, Amos, asar, atomic, wallet-injection, applescript, keystone-persistence, Loader, Vjw0rm, PhantomGate, SantaStealer, rmm, simplehelp, deerstealer, njrat, a10fsw, SHubStealer, Farfli, APT, kimsuky, DPRK, Lazarus, ESP, geo, GCleaner, SilentNet, 17April2026, KermitRAT, Breut, Fynloski, klovbot, Remvio, Socmer, tofsee, IClickFix, NetSupport RAT, ZigClipper, domain, Lumma Stealer, Mirax, 16April2026, infostealer, AS328543, Sun Network Company Limited, RedTigerStealer, WeedHack, Havoc, d0b0p, Lorikazz, AS932, XNNET LLC, SmartApeSG, AgingFly, UKR, odiznrio, Patchwork, cs-watermark-1234567890, quasar, dropped-by-vidar, exfil, FlagStealer, 15April2026, apt | 2026-04-23 |
| critical | New Mirai campaign exploits RCE flaw in EoL D-Link routers | news | general-news | botnet, rce | 2026-04-22 |
| critical | Kyber ransomware gang toys with post-quantum encryption on Windows | news | general-news | ransomware | 2026-04-22 |
| critical | Over 1,300 Microsoft SharePoint servers vulnerable to spoofing attacks | news | general-news | zeroday | 2026-04-22 |
| critical | Mustang Panda’s New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles | news | general-news | apt, botnet | 2026-04-22 |
| critical | 'The Gentlemen' Rapidly Rises to Ransomware Prominence | news | general-news | ransomware | 2026-04-22 |
| critical | Google Antigravity in Crosshairs of Security Researchers, Cybercriminals | news | general-news | rce | 2026-04-22 |
| critical | Former Ransomware Negotiator Pleads Guilty to Working For BlackCat Cyber Gang | news | general-news | ransomware | 2026-04-22 |
| high | CVE-2026-22753 — Vulnerability in Spring Spring Security. If an application is using securityMatchers(String) and a P… | vulnerability | nvd |  | 2026-04-22 |
| high | CVE-2026-22754 — Vulnerability in Spring Spring Security. If an application uses <sec:intercept-url servlet-path="/se… | vulnerability | nvd |  | 2026-04-22 |
| high | CVE-2026-40542 — Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the cli… | vulnerability | nvd |  | 2026-04-22 |
| high | CVE-2026-6022 — In Progress® Telerik® UI for AJAX prior to 2026.1.421, RadAsyncUpload contains an uncontrolled resou… | vulnerability | nvd |  | 2026-04-22 |
| high | CVE-2026-6023 — In Progress® Telerik® UI for AJAX versions 2024.4.1114 through 2026.1.421, the RadFilter control is… | vulnerability | nvd | rce | 2026-04-22 |
| high | CVE-2026-4132 — The HTTP Headers plugin for WordPress is vulnerable to External Control of File Name or Path leading… | vulnerability | nvd | rce | 2026-04-22 |
| high | CVE-2026-6846 — A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a speciall… | vulnerability | nvd |  | 2026-04-22 |
| high | CVE-2026-6855 — A flaw was found in InstructLab. A local attacker could exploit a path traversal vulnerability in th… | vulnerability | nvd |  | 2026-04-22 |
| high | CVE-2026-6857 — A flaw was found in camel-infinispan. This vulnerability involves unsafe deserialization in the Prot… | vulnerability | nvd |  | 2026-04-22 |
| high | CVE-2026-31450 — In the Linux kernel, the following vulnerability has been resolved: ext4: publish jinode after initi… | vulnerability | nvd | botnet | 2026-04-22 |
| high | CVE-2026-31456 — In the Linux kernel, the following vulnerability has been resolved: mm/pagewalk: fix race between co… | vulnerability | nvd | botnet | 2026-04-22 |
| high | CVE-2026-31479 — In the Linux kernel, the following vulnerability has been resolved: drm/xe: always keep track of rem… | vulnerability | nvd | botnet | 2026-04-22 |
| high | CVE-2026-31510 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix null-ptr-d… | vulnerability | nvd | botnet | 2026-04-22 |
| high | CVE-2026-33593 — A client can trigger a divide by zero error leading to crash by sending a crafted DNSCrypt query. | vulnerability | nvd |  | 2026-04-22 |
| high | CVE-2026-33608 — An attacker can send a notify request that causes a new secondary domain to be added to the bind bac… | vulnerability | nvd |  | 2026-04-22 |
| high | CVE-2026-41651 — PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way us… | vulnerability | nvd |  | 2026-04-22 |
| high | CVE-2026-6859 — A flaw was found in InstructLab. The `linux_train.py` script hardcodes `trust_remote_code=True` when… | vulnerability | nvd |  | 2026-04-22 |
| high | CVE-2026-35548 — An issue was discovered in guardsix (formerly Logpoint) ODBC Enrichment Plugins before 5.2.1 (5.2.1… | vulnerability | nvd |  | 2026-04-22 |
| high | CVE-2026-35338 — A vulnerability in the chmod utility of uutils coreutils allows users to bypass the --preserve-root… | vulnerability | nvd |  | 2026-04-22 |
| high | CVE-2026-35341 — A vulnerability in uutils coreutils mkfifo allows for the unauthorized modification of permissions o… | vulnerability | nvd |  | 2026-04-22 |
| high | CVE-2026-35352 — A Time-of-Check to Time-of-Use (TOCTOU) race condition exists in the mkfifo utility of uutils coreut… | vulnerability | nvd |  | 2026-04-22 |
| high | CVE-2026-35368 — A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. T… | vulnerability | nvd |  | 2026-04-22 |
| high | CVE-2026-4922 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.0 before 18.9.6, 18.10… | vulnerability | nvd |  | 2026-04-22 |
| high | CVE-2026-5262 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.1.0 before 18.9.6, 18.… | vulnerability | nvd |  | 2026-04-22 |
| high | CVE-2026-5816 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.4 and… | vulnerability | nvd |  | 2026-04-22 |
| high | CVE-2026-26354 — Dell PowerProtect Data Domain with Domain Operating System (DD OS) of Feature Release versions 7.7.1… | vulnerability | nvd |  | 2026-04-22 |
| high | CVE-2026-34413 — Xerte Online Toolkits versions 3.15 and earlier contain a missing authentication vulnerability in th… | vulnerability | nvd | rce | 2026-04-22 |
| high | CVE-2026-34414 — Xerte Online Toolkits versions 3.15 and earlier contain a relative path traversal vulnerability in t… | vulnerability | nvd | rce | 2026-04-22 |
| high | CVE-2026-41468 — Beghelli Sicuro24 SicuroWeb embeds AngularJS 1.5.2, an end-of-life component containing known sandbo… | vulnerability | nvd |  | 2026-04-22 |
| high | CVE-2026-34063 — Nimiq's network-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, `n… | vulnerability | nvd |  | 2026-04-22 |
| high | CVE-2026-34065 — nimiq-primitives contains primitives (e.g., block, account, transaction) to be used in Nimiq's Rust… | vulnerability | nvd |  | 2026-04-22 |
| high | CVE-2026-33733 — EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, the… | vulnerability | nvd |  | 2026-04-22 |
| high | CVE-2026-40882 — OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.0, the Velbus asset… | vulnerability | nvd |  | 2026-04-22 |
| high | CVE-2026-40937 — RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-alpha.94, all four notif… | vulnerability | nvd |  | 2026-04-22 |
| high | CVE-2026-41166 — OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.1, a user who has `w… | vulnerability | nvd |  | 2026-04-22 |
| high | CVE-2026-40517 — radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's print_gvars()… | vulnerability | nvd |  | 2026-04-22 |
| high | CVE-2026-41175 — Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.20 and… | vulnerability | nvd |  | 2026-04-22 |
| high | CVE-2026-41454 — WeKan before 8.35 contains a missing authorization vulnerability in the Integration REST API endpoin… | vulnerability | nvd |  | 2026-04-22 |
| high | CVE-2026-41455 — WeKan before 8.35 contains a server-side request forgery vulnerability in webhook integration URL ha… | vulnerability | nvd |  | 2026-04-22 |
| high | CVE-2026-3621 — IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.4 IBM WebSphere Application Serve… | vulnerability | nvd |  | 2026-04-23 |
| high | CVE-2026-5935 — IBM Total Storage Service Console (TSSC) / TS4500 IMC 9.2, 9.3, 9.4, 9.5, 9.6 TSSC/IMC could allow a… | vulnerability | nvd |  | 2026-04-23 |
| high | CVE-2026-41180 — PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.4.3, the upload… | vulnerability | nvd |  | 2026-04-23 |
| high | sport.ps1 | malware | malware-bazaar | ps1 | 2026-04-23 |
| high | pace.ps1 | malware | malware-bazaar | ps1 | 2026-04-23 |
| high | Indeed.bat | malware | malware-bazaar | bat | 2026-04-23 |
| high | ENJOY.ps1 | malware | malware-bazaar | ps1 | 2026-04-23 |
| high | SIMPLY.ps1 | malware | malware-bazaar | ps1 | 2026-04-23 |
| high | roughly.ps1 | malware | malware-bazaar | ps1 | 2026-04-23 |
| high | rail.ps1 | malware | malware-bazaar | ps1 | 2026-04-23 |
| high | Lunch.ps1 | malware | malware-bazaar | ps1 | 2026-04-23 |
| high | Jump.ps1 | malware | malware-bazaar | ps1 | 2026-04-23 |
| high | Gold.ps1 | malware | malware-bazaar | ps1 | 2026-04-23 |
| high | 102214433.dll | malware | malware-bazaar | exe, Generic | 2026-04-23 |
| high | Earn.ps1 | malware | malware-bazaar | ps1 | 2026-04-23 |
| high | 57E2D4450641AFB778B17A9348AE707F.exe | malware | malware-bazaar | exe, Loki | 2026-04-23 |
| high | vpuuaqjs.dll | malware | malware-bazaar | dll | 2026-04-23 |
| high | perfect.ps1 | malware | malware-bazaar | ps1 | 2026-04-23 |
| high | explorer.exe | malware | malware-bazaar | exe | 2026-04-23 |
| high | APT Group Expands Toolset With New GoGra Linux Backdoor | threat-intel | otx | graphon, south asia espionage, cross-platform, gogra, linux backdoor, microsoft graph api, azure ad abuse, nation-state, apt, phishing, botnet | 2026-04-22 |
| high | Kyber Ransomware Double Trouble: Windows and ESXi Attacks Explained | threat-intel | otx | rust, virtualization, chacha8, hyper-v, vmware, esxi, cross-platform, kyber, ransomware | 2026-04-22 |
| high | TwizAdmin -- Multi-Stage Crypto Clipper, Infostealer & Ransomware Operation | threat-intel | otx | crypto clipper, twizadmin, multi-platform, russian-speaking, infostealer, crpx0, maas, ransomware, cryptocurrency theft, phishing, botnet | 2026-04-22 |
| high | New npm supply-chain attack self-spreads to steal auth tokens | news | general-news | supply-chain | 2026-04-22 |
| high | Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain | news | general-news | supply-chain | 2026-04-22 |
| high | Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens | news | general-news | supply-chain | 2026-04-22 |
| high | Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API | news | general-news | botnet | 2026-04-22 |
| high | Mirai Botnet Targets Flaw in Discontinued D-Link Routers | news | general-news | botnet | 2026-04-22 |
| high | Are SBOMs Failing? Supply Chain Attacks Rise as Security Teams Struggle With SBOM Data | news | general-news | supply-chain | 2026-04-22 |
| medium | CVE-2026-6833 — The a+HRD developed by aEnrich has a SQL Injection vulnerability, allowing authenticated remote atta… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-6834 — The a+HRD developed by aEnrich has a Missing Authorization vulnerability, allowing authenticated rem… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-6835 — The a+HCM developed by aEnrich has an Arbitrary File Upload vulnerability, allowing unauthenticated… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-22747 — Vulnerability in Spring Spring Security. SubjectX500PrincipalExtractor does not correctly handle cer… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-22748 — Vulnerability in Spring Spring Security. When an application configures JWT decoding with NimbusJwtD… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-40448 — Potential Integer overflow in tensor allocation size calculation could lead to insufficient memory a… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-40449 — Integer overflow in buffer size calculation could result in out of bounds memory access when handlin… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-40450 — Integer overflow in output tensor copy size calculation in Samsung Open Source ONE could cause incor… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-41664 — Integer overflow in memory copy size calculation in Samsung Open Source ONE could lead to invalid me… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-41665 — Integer overflow in scratch buffer initialization size calculation in Samsung Open Source ONE cause… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-41666 — Integer overflow in tensor copy size calculation in Samsung Open Source ONE could lead to out of bou… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-41667 — Integer overflow in constant tensor data size calculation in Samsung Open Source ONE could cause inc… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-6839 — Improper validation of STRING tensor offsets could allows malformed string metadata to trigger out o… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-6840 — Missing bounds validation for operator could allow out of range operator-code lookup during model lo… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-1379 — The HTTP Headers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin setting… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-1845 — The Real Estate Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin sett… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-2714 — The Institute Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-2717 — The HTTP Headers plugin for WordPress is vulnerable to CRLF Injection in all versions up to, and inc… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-2719 — The Private WP suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Exce… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-3362 — The Short Comment Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-4074 — The Quran Live Multilanguage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via t… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-4076 — The Slider Bootstrap Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-4082 — The ER Swiffy Insert plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the [swif… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-4085 — The Easy Social Photos Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-4088 — The Switch CTA Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wppw_c… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-4089 — The Twittee Text Tweet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-4090 — The Inquiry Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-4117 — The CalJ plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and incl… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-4118 — The Call To Action Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all ve… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-4121 — The Kcaptcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-4125 — The WPMK Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' sho… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-4126 — The Table Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versio… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-4128 — The TP Restore Categories And Taxonomies plugin for WordPress is vulnerable to Missing Authorization… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-4131 — The WP Responsive Popup + Optin plugin for WordPress is vulnerable to Cross-Site Request Forgery in… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-4133 — The TextP2P Texting Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all v… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-4138 — The DX Unanswered Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all v… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-4139 — The mCatFilter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up t… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-4140 — The Ni WooCommerce Order Export plugin for WordPress is vulnerable to Cross-Site Request Forgery in… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-4142 — The Sentence To SEO (keywords, description and tags) plugin for WordPress is vulnerable to Stored Cr… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-4279 — The Bread & Butter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'breadb… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-4280 — The Breaking News WP plugin for WordPress is vulnerable to Local File Inclusion in all versions up t… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-4353 — The CI HUB Connector plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id'… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-5748 — The Text Snippets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-5767 — The SlideShowPro SC plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-5820 — The Zypento Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table o… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-6041 — The Buzz Comments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Custom… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-6236 — The Posts map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' short… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-6246 — The Simple Random Posts Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-6294 — The Google PageRank Display plugin for WordPress is vulnerable to Cross-Site Request Forgery in vers… | vulnerability | nvd | ransomware | 2026-04-22 |
| medium | CVE-2026-6396 — The Fast & Fancy Filter – 3F plugin for WordPress is vulnerable to Cross-Site Request Forgery in ver… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-6843 — A flaw was found in nano. A local user could exploit a format string vulnerability in the `statuslin… | vulnerability | nvd | ransomware | 2026-04-22 |
| medium | CVE-2026-6844 — A flaw was found in the `readelf` utility of the binutils package. A local attacker could exploit tw… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-6845 — A flaw was found in binutils, specifically within the `readelf` utility. This vulnerability allows a… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-1395 — The Gutentools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Slider… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-1913 — The Gallagher Website Design plugin for WordPress is vulnerable to Stored Cross-Site Scripting via t… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-1930 — The Emailchef plugin for WordPress is vulnerable to unauthorized modification of data due to a missi… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-33256 — An attacker can send a web request that causes unlimited memory allocation in the internal web serve… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-33258 — By publishing and querying a crafted zone an attacker can cause allocation of large entries in the n… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-33259 — Having many concurrent transfers of the same RPZ can lead to inconsistent RPZ data, use after free a… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-33261 — A zone transition from NSEC to NSEC3 might trigger an internal inconsistency and cause a denial of s… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-33262 — An attacker can send replies that result in a null pointer dereference, caused by a missing consiste… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-33600 — An RPZ sent by a malicious authoritative server can result in a null pointer dereference, caused by… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-33601 — If you use the zoneToCache function with a malicious authoritative server, an attacker can send a zo… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-6848 — A flaw was found in Red Hat Quay. When Red Hat Quay requests password re-verification for sensitive… | vulnerability | nvd | ransomware | 2026-04-22 |
| medium | CVE-2026-31192 — Insufficient validation of Chrome extension identifiers in Raindrop.io Bookmark Manager Web App 5.6.… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-33254 — An attacker can create a large number of concurrent DoQ or DoH3 connections, causing unlimited memor… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-33594 — A client can trigger excessive memory allocation by generating a lot of queries that are routed to a… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-33595 — A client can trigger excessive memory allocation by generating a lot of errors responses over a sing… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-33598 — A cached crafted response can cause an out-of-bounds read if custom Lua code calls getDomainListByAd… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-33602 — A rogue backend can send a crafted UDP response with a query ID off by one related to the maximum co… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-33609 — Incomplete escaping of LDAP queries when running with 8bit-dns enabled allows users to perform queri… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-33610 — A rogue primary server may cause file descriptor exhaustion and eventually a denial of service, when… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-33611 — An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-6355 — A vulnerability in the web application allows unauthorized users to access and manipulate sensitive… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-6861 — A flaw was found in GNU Emacs. This vulnerability, a memory corruption issue, occurs when Emacs proc… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-6862 — A flaw was found in libefiboot, a component of efivar. The device path node parser in libefiboot fai… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2025-58922 — Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada allows Cross Site Request Forge… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-30139 — A reflected cross-site scripting (XSS) vulnerability in the AdvancedSearch functionality of Silverpe… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2025-0186 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 before 18.9.6, 18.10… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2025-3922 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.4 before 18.9.6, 18.10… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2025-6016 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.2 before 18.9.6, 18.10… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-1660 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.3 before 18.9.6, 18.10… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-32885 — DDEV is an open-source tool for running local web development environments for PHP and Node.js. Vers… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-35339 — The recursive mode (-R) of the chmod utility in uutils coreutils incorrectly handles exit codes when… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-35340 — A flaw in the ChownExecutor used by uutils coreutils chown and chgrp causes the utilities to return… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-35345 — A vulnerability in the tail utility of uutils coreutils allows for the exfiltration of sensitive fil… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-35347 — The comm utility in uutils coreutils incorrectly consumes data from non-regular file inputs before p… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-35348 — The sort utility in uutils coreutils is vulnerable to a process panic when using the --files0-from o… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-35349 — A vulnerability in the rm utility of uutils coreutils allows a bypass of the --preserve-root protect… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-35350 — The cp utility in uutils coreutils fails to properly handle setuid and setgid bits when ownership pr… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-35351 — The mv utility in uutils coreutils fails to preserve file ownership during moves across different fi… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-35354 — A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the mv utility of uutils coreutils d… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-35355 — The install utility in uutils coreutils is vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) rac… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-35356 — A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the install utility of uutils coreut… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-35357 — The cp utility in uutils coreutils is vulnerable to an information disclosure race condition. Destin… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-35358 — The cp utility in uutils coreutils, when performing recursive copies (-R), incorrectly treats charac… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-35359 — A Time-of-Check to Time-of-Use (TOCTOU) vulnerability in the cp utility of uutils coreutils allows a… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-35360 — The touch utility in uutils coreutils is vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-35363 — A vulnerability in the rm utility of uutils coreutils allows the bypass of safeguard mechanisms inte… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-35364 — A Time-of-Check to Time-of-Use (TOCTOU) race condition exists in the mv utility of uutils coreutils… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-35365 — The mv utility in uutils coreutils improperly handles directory trees containing symbolic links duri… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-35366 — The printenv utility in uutils coreutils fails to display environment variables containing invalid U… | vulnerability | nvd | ransomware | 2026-04-22 |
| medium | CVE-2026-35369 — An argument parsing error in the kill utility of uutils coreutils incorrectly interprets kill -1 as… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-35370 — The id utility in uutils coreutils miscalculates the groups= section of its output. The implementati… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-35372 — A logic error in the ln utility of uutils coreutils allows the utility to dereference a symbolic lin… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-35374 — A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the split utility of uutils coreutil… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-35376 — A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the chcon utility of uutils coreutil… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-35380 — A logic error in the cut utility of uutils coreutils causes the program to incorrectly interpret the… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-3254 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1 that… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-6515 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.9.6, 18.10… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-41459 — Xerte Online Toolkits versions 3.15 and earlier contain an information disclosure vulnerability that… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-41469 — Beghelli Sicuro24 SicuroWeb does not enforce a Content Security Policy, allowing unrestricted loadin… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-34062 — nimiq-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, `MessageCode… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-34064 — nimiq-account contains account primitives to be used in Nimiq's Rust implementation. Prior to versio… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-34066 — nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. Prior to version… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-34067 — nimiq-transaction provides the transaction primitive to be used in Nimiq's Rust implementation. Prio… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2026-41170 — Squidex is an open source headless content management system and content management hub. Prior to ve… | vulnerability | nvd |  | 2026-04-22 |
| medium | CVE-2025-36074 — IBM Security Verify Directory (Container) 10.0.0 through 10.0.0.3 IBM Security Verify Directory coul… | vulnerability | nvd |  | 2026-04-23 |
| medium | CVE-2026-1274 — IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to a Bypass Business Logic vulnerabi… | vulnerability | nvd |  | 2026-04-23 |
| medium | CVE-2026-1352 — IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 C… | vulnerability | nvd |  | 2026-04-23 |
| medium | CVE-2026-4917 — IBM Guardium Data Protection 12.1 could allow an administrative user to traverse directories on the… | vulnerability | nvd |  | 2026-04-23 |
| medium | CVE-2026-4918 — IBM Guardium Data Protection 12.1 is vulnerable to stored cross-site scripting. This vulnerability a… | vulnerability | nvd |  | 2026-04-23 |
| medium | CVE-2026-4919 — IBM Guardium Data Protection 12.1 is vulnerable to cross-site scripting. This vulnerability allows a… | vulnerability | nvd |  | 2026-04-23 |
| medium | CVE-2026-5926 — IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10… | vulnerability | nvd |  | 2026-04-23 |
| medium | CVE-2026-6874 — A vulnerability was determined in ericc-ch copilot-api up to 0.7.0. This impacts an unknown function… | vulnerability | nvd |  | 2026-04-23 |
| medium | CVE-2026-6878 — A vulnerability was identified in ByteDance verl up to 0.7.0. Affected is the function math_equal of… | vulnerability | nvd |  | 2026-04-23 |
| medium | CVE-2026-1923 — The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Sc… | vulnerability | nvd |  | 2026-04-23 |
| medium | CVE-2026-41182 — LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to version 0.… | vulnerability | nvd |  | 2026-04-23 |
| medium | IR Trends Q1 2026: Phishing reemerges as top initial access vector, as attacks targeting public administration persist | advisory | vendor-blogs | phishing | 2026-04-22 |
| medium | payload: undefined | threat-intel | threatfox | .NET, stage3, CLR-host, stage2, ClickFix, garble, go, EnmityStealer, finger-tcp79, fingerfix, win.fingerfix, finger-delivery, Mirax | 2026-04-23 |
| medium | FormBook Malware Uses Phishing, DLL Side-Loading, JavaScript | threat-intel | otx | formbook, mandark, syscall evasion, obfuscated javascript, data-stealing, panthomvai, mandark loader, ntdll mapping, phishing campaigns, dll side-loading, phishing | 2026-04-22 |
| medium | Dissecting FudCrypt: A Real-World Malware Crypting Service Analysis | threat-intel | otx | cmstplua-uac-bypass, azure-trusted-signing, cryptor-as-a-service, dll-sideloading, etw-patching, amsi-bypass, screenconnect, fudcrypt, botnet | 2026-04-22 |
| medium | March 2026 Phishing Email Trends Report | threat-intel | otx | agenttesla, phishing email, trojan campaigns, fake invoices, remcosrat, script-based attacks, credential theft, html phishing, phishing, botnet, infostealer | 2026-04-22 |
| medium | Surge in Silent Subject Phishing Attacks Targets VIP Users | news | general-news | phishing | 2026-04-22 |
| low | CVE-2026-22746 — Vulnerability in Spring Spring Security. If an application is using the UserDetails#isEnabled, #isAc… | vulnerability | nvd |  | 2026-04-22 |
| low | CVE-2026-6842 — A flaw was found in nano. In environments with permissive umask settings, a local attacker can explo… | vulnerability | nvd |  | 2026-04-22 |
| low | CVE-2026-33596 — A client might theoretically be able to cause a mismatch between queries sent to a backend and the r… | vulnerability | nvd |  | 2026-04-22 |
| low | CVE-2026-33597 — PRSD detection denial of service | vulnerability | nvd |  | 2026-04-22 |
| low | CVE-2026-33599 — A rogue backend can send a crafted SVCB response to a Discovery of Designated Resolvers request, whe… | vulnerability | nvd |  | 2026-04-22 |
| low | CVE-2025-9957 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.2 before 18.9.6, 18.10… | vulnerability | nvd |  | 2026-04-22 |
| low | CVE-2026-35342 — The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable… | vulnerability | nvd |  | 2026-04-22 |
| low | CVE-2026-35343 — The cut utility in uutils coreutils incorrectly handles the -s (only-delimited) option when a newlin… | vulnerability | nvd |  | 2026-04-22 |
| low | CVE-2026-35344 — The dd utility in uutils coreutils suppresses errors during file truncation operations by unconditio… | vulnerability | nvd |  | 2026-04-22 |
| low | CVE-2026-35346 — The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion on… | vulnerability | nvd |  | 2026-04-22 |
| low | CVE-2026-35353 — The mkdir utility in uutils coreutils incorrectly applies permissions when using the -m flag by crea… | vulnerability | nvd |  | 2026-04-22 |
| low | CVE-2026-35361 — The mknod utility in uutils coreutils fails to handle security labels atomically by creating device… | vulnerability | nvd |  | 2026-04-22 |
| low | CVE-2026-35362 — The safe_traversal module in uutils coreutils, which provides protection against Time-of-Check to Ti… | vulnerability | nvd |  | 2026-04-22 |
| low | CVE-2026-35367 — The nohup utility in uutils coreutils creates its default output file, nohup.out, without specifying… | vulnerability | nvd |  | 2026-04-22 |
| low | CVE-2026-35371 — The id utility in uutils coreutils exhibits incorrect behavior in its "pretty print" output when the… | vulnerability | nvd |  | 2026-04-22 |
| low | CVE-2026-35373 — A logic error in the ln utility of uutils coreutils causes the program to reject source paths contai… | vulnerability | nvd |  | 2026-04-22 |
| low | CVE-2026-35375 — A logic error in the split utility of uutils coreutils causes the corruption of output filenames whe… | vulnerability | nvd |  | 2026-04-22 |
| low | CVE-2026-35377 — A logic error in the env utility of uutils coreutils causes a failure to correctly parse command-lin… | vulnerability | nvd |  | 2026-04-22 |
| low | CVE-2026-35378 — A logic error in the expr utility of uutils coreutils causes the program to evaluate parenthesized s… | vulnerability | nvd |  | 2026-04-22 |
| low | CVE-2026-35379 — A logic error in the tr utility of uutils coreutils causes the program to incorrectly define the [:g… | vulnerability | nvd |  | 2026-04-22 |
| low | CVE-2026-35381 — A logic error in the cut utility of uutils coreutils causes the utility to ignore the -s (only-delim… | vulnerability | nvd |  | 2026-04-22 |
| low | CVE-2026-1272 — IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to Security Misconfiguration vulnera… | vulnerability | nvd |  | 2026-04-23 |
| unknown | CISA Adds One Known Exploited Vulnerability to Catalog | advisory | cisa-advisories |  | 2026-04-22 |
| unknown | CVE-2026-40451 — DeepL Chrome browser extension versions from v1.22.0 to v.1.23.0 contain a cross-site scripting vuln… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31431 — In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to o… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31432 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix OOB write in QUERY_IN… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31433 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix potencial OOB in get_… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-0539 — Incorrect Default Permissions in pcvisit service binary on Windows allows a low-privileged local att… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31434 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix leak of kobject name… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31435 — In the Linux kernel, the following vulnerability has been resolved: netfs: Fix read abandonment duri… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31436 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix possible wr… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31437 — In the Linux kernel, the following vulnerability has been resolved: netfs: Fix NULL pointer derefere… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31438 — In the Linux kernel, the following vulnerability has been resolved: netfs: Fix kernel BUG in netfs_l… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31439 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: xilinx: xdma: Fix reg… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31440 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix leaking eve… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31441 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix memory leak… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31442 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix possible in… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31443 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix crash when… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31444 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free and NU… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31445 — In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: avoid use of half… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31446 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix use-after-free in upda… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31447 — In the Linux kernel, the following vulnerability has been resolved: ext4: reject mount if bigalloc w… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31448 — In the Linux kernel, the following vulnerability has been resolved: ext4: avoid infinite loops cause… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31449 — In the Linux kernel, the following vulnerability has been resolved: ext4: validate p_idx bounds in e… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31451 — In the Linux kernel, the following vulnerability has been resolved: ext4: replace BUG_ON with proper… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31452 — In the Linux kernel, the following vulnerability has been resolved: ext4: convert inline data to ext… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31453 — In the Linux kernel, the following vulnerability has been resolved: xfs: avoid dereferencing log ite… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31454 — In the Linux kernel, the following vulnerability has been resolved: xfs: save ailp before dropping t… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31455 — In the Linux kernel, the following vulnerability has been resolved: xfs: stop reclaim before pushing… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31457 — In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: check contexts->… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31459 — In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: fix param_ctx le… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31462 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: prevent immediate PA… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31463 — In the Linux kernel, the following vulnerability has been resolved: iomap: fix invalid folio access… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31464 — In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Fix OOB access in… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31465 — In the Linux kernel, the following vulnerability has been resolved: writeback: don't block sync for… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31466 — In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: fix folio isn't… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31467 — In the Linux kernel, the following vulnerability has been resolved: erofs: add GFP_NOIO in the bio c… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31468 — In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Fix double free in dma… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31469 — In the Linux kernel, the following vulnerability has been resolved: virtio_net: Fix UAF on dst_ops w… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31470 — In the Linux kernel, the following vulnerability has been resolved: virt: tdx-guest: Fix handling of… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31471 — In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: only publish mode_d… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31472 — In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: validate inner IPv4… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31473 — In the Linux kernel, the following vulnerability has been resolved: media: mc, v4l2: serialize REINI… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31474 — In the Linux kernel, the following vulnerability has been resolved: can: isotp: fix tx.buf use-after… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31475 — In the Linux kernel, the following vulnerability has been resolved: ASoC: sma1307: fix double free o… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31476 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: do not expire session on… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31477 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix memory leaks and NULL… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31478 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: replace hardcoded hdr2_le… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31480 — In the Linux kernel, the following vulnerability has been resolved: tracing: Fix potential deadlock… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31481 — In the Linux kernel, the following vulnerability has been resolved: tracing: Drain deferred trigger… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31482 — In the Linux kernel, the following vulnerability has been resolved: s390/entry: Scrub r12 register o… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31483 — In the Linux kernel, the following vulnerability has been resolved: s390/syscalls: Add spectre bound… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31484 — In the Linux kernel, the following vulnerability has been resolved: io_uring/fdinfo: fix OOB read in… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31485 — In the Linux kernel, the following vulnerability has been resolved: spi: spi-fsl-lpspi: fix teardown… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31486 — In the Linux kernel, the following vulnerability has been resolved: hwmon: (pmbus/core) Protect regu… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31487 — In the Linux kernel, the following vulnerability has been resolved: spi: use generic driver_override… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31489 — In the Linux kernel, the following vulnerability has been resolved: spi: meson-spicc: Fix double-put… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31490 — In the Linux kernel, the following vulnerability has been resolved: drm/xe/pf: Fix use-after-free in… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31491 — In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Harden depth calcula… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31492 — In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Initialize free_qp c… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31493 — In the Linux kernel, the following vulnerability has been resolved: RDMA/efa: Fix use of completion… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31494 — In the Linux kernel, the following vulnerability has been resolved: net: macb: use the current queue… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31495 — In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: use netlin… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31496 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_expect:… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31497 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: clamp SCO alts… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31498 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix ERTM re-in… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31499 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix deadlock i… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31500 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel: serialize bt… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31501 — In the Linux kernel, the following vulnerability has been resolved: net: ti: icssg-prueth: fix use-a… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31502 — In the Linux kernel, the following vulnerability has been resolved: team: fix header_ops type confus… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31503 — In the Linux kernel, the following vulnerability has been resolved: udp: Fix wildcard bind conflict… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31504 — In the Linux kernel, the following vulnerability has been resolved: net: fix fanout UAF in packet_re… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31505 — In the Linux kernel, the following vulnerability has been resolved: iavf: fix out-of-bounds writes i… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31506 — In the Linux kernel, the following vulnerability has been resolved: net: bcmasp: fix double free of… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31507 — In the Linux kernel, the following vulnerability has been resolved: net/smc: fix double-free of smc_… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31508 — In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: Avoid releasin… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31509 — In the Linux kernel, the following vulnerability has been resolved: nfc: nci: fix circular locking d… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31511 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix dangling po… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31512 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Validate PDU l… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31513 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix stack-out-… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31514 — In the Linux kernel, the following vulnerability has been resolved: erofs: set fileio bio failed in… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31515 — In the Linux kernel, the following vulnerability has been resolved: af_key: validate families in pfk… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31516 — In the Linux kernel, the following vulnerability has been resolved: xfrm: prevent policy_hthresh.wor… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31517 — In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: fix skb_put() panic… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31518 — In the Linux kernel, the following vulnerability has been resolved: esp: fix skb leak with espintcp… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31519 — In the Linux kernel, the following vulnerability has been resolved: btrfs: set BTRFS_ROOT_ORPHAN_CLE… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31520 — In the Linux kernel, the following vulnerability has been resolved: HID: apple: avoid memory leak in… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31521 — In the Linux kernel, the following vulnerability has been resolved: module: Fix kernel panic when a… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31522 — In the Linux kernel, the following vulnerability has been resolved: HID: magicmouse: avoid memory le… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31523 — In the Linux kernel, the following vulnerability has been resolved: nvme-pci: ensure we're polling a… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31524 — In the Linux kernel, the following vulnerability has been resolved: HID: asus: avoid memory leak in… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31525 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix undefined behavior in i… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31526 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix exception exit lock che… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31527 — In the Linux kernel, the following vulnerability has been resolved: driver core: platform: use gener… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31528 — In the Linux kernel, the following vulnerability has been resolved: perf: Make sure to use pmu_ctx->… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31529 — In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fix leakage in __con… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-31530 — In the Linux kernel, the following vulnerability has been resolved: cxl/port: Fix use after free of… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-5749 — Inadequate access control in the registration process in Fullstep V5, which could allow unauthentica… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-5750 — An insecure direct object reference (IDOR) vulnerability in the Fullstep V5 registration process all… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-35382 — Rejected reason: Voluntarily withdrawn | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-28950 — A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.8 and iP… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-3673 — An authenticated attacker can store a crafted tag value in _user_tags and trigger JavaScript executi… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-6019 — http.cookies.Morsel.js_output() returns an inline <script> snippet and only escapes " for JavaScript… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-3837 — An authenticated attacker can persist crafted values in multiple field types and trigger client-side… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-41134 — Kiota is an OpenAPI based HTTP Client code generator. Versions prior to 1.31.1 are affected by a cod… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-41168 — pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability presen… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-41171 — Squidex is an open source headless content management system and content management hub. Versions pr… | vulnerability | nvd |  | 2026-04-22 |
| unknown | CVE-2026-1726 — IBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1 | vulnerability | nvd |  | 2026-04-23 |
| unknown | CVE-2026-29198 — In Rocket.Chat <8.3.0, <8.2.1, <8.1.2, <8.0.3, <7.13.5, <7.12.6, <7.11.6, and <7.10.9, a NoSQL injec… | vulnerability | nvd |  | 2026-04-23 |
| unknown | CVE-2026-32679 — The installers of LiveOn Meet Client for Windows (Downloader5Installer.exe and Downloader5InstallerF… | vulnerability | nvd |  | 2026-04-23 |
| unknown | CVE-2026-40062 — A path Traversal vulnerability exists in Ziostation2 v2.9.8.7 and earlier. A remote unauthenticated… | vulnerability | nvd |  | 2026-04-23 |
| unknown | CVE-2026-41176 — Rclone is a command-line program to sync files and directories to and from different cloud storage p… | vulnerability | nvd |  | 2026-04-23 |
| unknown | CVE-2026-41196 — Luanti (formerly Minetest) is an open source voxel game-creation platform. Starting in version 5.0.0… | vulnerability | nvd |  | 2026-04-23 |
| unknown | CVE-2026-41197 — Noir is a Domain Specific Language for SNARK proving systems that is designed to use any ACIR compat… | vulnerability | nvd |  | 2026-04-23 |
| unknown | CVE-2026-41200 — STIG Manager is an API and web client for managing Security Technical Implementation Guides (STIG) a… | vulnerability | nvd |  | 2026-04-23 |
| unknown | CVE-2026-41206 — PySpector is a static analysis security testing (SAST) Framework engineered for modern Python develo… | vulnerability | nvd |  | 2026-04-23 |
| unknown | CVE-2026-41211 — Vite+ is a unified toolchain and entry point for web development. Prior to version 0.1.17, `download… | vulnerability | nvd |  | 2026-04-23 |
| unknown | CVE-2026-41243 — OpenLearn is open-source educational forum software. Prior to commit 844b2a40a69d0c4911580fe501923f0… | vulnerability | nvd |  | 2026-04-23 |
| unknown | CVE-2026-26171 .NET Denial of Service Vulnerability | advisory | vendor-blogs |  | 2026-04-22 |
| unknown | CVE-2026-5928 Static buffer overflow in deprecated nis_local_principal | advisory | vendor-blogs |  | 2026-04-22 |
| unknown | CVE-2026-5958 Race Condition in GNU Sed | advisory | vendor-blogs |  | 2026-04-22 |
| unknown | CVE-2025-14821 Libssh: libssh: insecure default configuration leads to local man-in-the-middle attacks on windows | advisory | vendor-blogs |  | 2026-04-22 |
| unknown | CVE-2026-4786 Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open() | advisory | vendor-blogs |  | 2026-04-22 |
| unknown | CVE-2026-5450 scanf %mc off-by-one heap buffer overflow | advisory | vendor-blogs |  | 2026-04-22 |
| unknown | CVE-2026-31430 X.509: Fix out-of-bounds access when parsing extensions | advisory | vendor-blogs |  | 2026-04-22 |
| unknown | CVE-2026-31429 net: skb: fix cross-cache free of KFENCE-allocated skb head | advisory | vendor-blogs |  | 2026-04-22 |
| unknown | NCSC flags widening gap between cyber threats and national resilience, urges action as AI fuels rise in disruptive attacks | advisory | vendor-blogs |  | 2026-04-22 |
| unknown | BRIDGE:BREAK reveals 22 vulnerabilities in serial-to-IP converters enabling disruption and lateral movement across OT | advisory | vendor-blogs |  | 2026-04-22 |
| unknown | Australia’s CISC tightens cyber reporting rules to capture AI-driven incidents in critical infrastructure | advisory | vendor-blogs |  | 2026-04-22 |
| unknown | ServiceNow closes Armis deal to extend AI-powered cyber risk visibility across OT and IoT | advisory | vendor-blogs |  | 2026-04-22 |
| unknown | Apple fixes iOS bug that retained deleted notification data | news | general-news |  | 2026-04-22 |
| unknown | New GoGra malware for Linux uses Microsoft Graph API for comms | news | general-news |  | 2026-04-22 |
| unknown | Microsoft releases emergency patches for critical ASP.NET flaw | news | general-news |  | 2026-04-22 |
| unknown | Lotus Wiper Malware Targets Venezuelan Energy Systems in Destructive Attack | news | general-news |  | 2026-04-22 |
| unknown | Toxic Combinations: When Cross-App Permissions Stack into Risk | news | general-news |  | 2026-04-22 |
| unknown | Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug | news | general-news |  | 2026-04-22 |
| unknown | Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape | news | general-news |  | 2026-04-22 |
| unknown | DPRK Fake Job Scams Self-Propagate in 'Contagious Interview' | news | general-news |  | 2026-04-22 |
| unknown | After Bluesky, Mastodon Targeted in DDoS Attack | news | general-news |  | 2026-04-22 |
| unknown | Most Serious Cyberattacks Against the UK Now From Russia, Iran and China, Cyber Chief Says | news | general-news |  | 2026-04-22 |
| unknown | New Wiper Malware Targeted Venezuelan Energy Sector Prior to US Intervention  | news | general-news |  | 2026-04-22 |
| unknown | North Korean Hackers Use AppleScript, ClickFix in Fresh macOS Attacks | news | general-news |  | 2026-04-22 |
| unknown | Oracle Patches 450 Vulnerabilities With April 2026 CPU | news | general-news |  | 2026-04-22 |
| unknown | MacOS Native Tools Enable Stealthy Enterprise Attacks | news | general-news |  | 2026-04-22 |
| unknown | NCSC Unveils SilentGlass, a Plug-In Device to Protect Monitors from Cyber-Attacks | news | general-news |  | 2026-04-22 |
| unknown | UK Faces a Cyber ‘Perfect Storm’ Driven by Tech Advances and Nation State Threats, NCSC Warns | news | general-news |  | 2026-04-22 |
| unknown | North Korean hackers siphon more than $12 million from crypto users in sprawling campaign | news | general-news |  | 2026-04-22 |
| unknown | Hackers deployed wiper malware in destructive attacks on Venezuela’s energy sector | news | general-news |  | 2026-04-22 |
| unknown | French police arrest suspected hacker behind dozens of data breaches | news | general-news |  | 2026-04-22 |
| unknown | UK cyber agency handling four major incidents a week as nation-state attacks surge | news | general-news |  | 2026-04-22 |
| unknown | The AI era demands a different kind of CISO | news | general-news |  | 2026-04-22 |