← Dashboard

OSINT Threat Intelligence Report

2026-04-22 — Generated 2026-04-22 15:00:21 UTC — 1383 items

Daily Weekly Monthly Full JSON | Markdown

Total Items

1188

By Source

cisa-kev7
cisa-advisories18
vendor-blogs81
nvd1129
malware-bazaar17
abuse-ipdb20
threatfox2
otx30
general-news94

By Category

vulnerability1136
advisory84
malware17
ip-reputation20
threat-intel32
news94

Fetch Errors

None

Top 10 Highlights

SeverityTitleSourceCVEsTags
critical Hardy Barth Salia EV Charge Controller cisa-advisories, vendor-blogs ics, rce
critical Delta Electronics ASDA-Soft cisa-advisories, vendor-blogs zeroday, phishing, ics
critical Anviz Multiple Products cisa-advisories, vendor-blogs ics, rce
critical CVE-2026-40504 — Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravity_vm_exec f… nvd CVE-2026-40504
critical CVE-2026-6350 — MailGates/MailAudit developed by Openfind has a Stack-based Buffer Overflow vulnerability, allowing… nvd CVE-2026-6350
critical CVE-2026-3596 — The Riaxe Product Customizer plugin for WordPress is vulnerable to Privilege Escalation in all versi… nvd CVE-2026-3596
critical CVE-2026-31843 — The goodoneuz/pay-uz Laravel package (<= 2.2.24) contains a critical vulnerability in the /payment/a… nvd CVE-2026-31843 rce
critical CVE-2026-6270 — @fastify/middie versions 9.3.1 and earlier do not register inherited middleware directly on child pl… nvd CVE-2026-6270
critical CVE-2026-37336 — SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /… nvd CVE-2026-37336, CVE-2026-37337, CVE-2026-37338, CVE-2026-37339, CVE-2026-37340
critical CVE-2026-37341 — SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the fil… nvd CVE-2026-37341, CVE-2026-37342, CVE-2026-37343, CVE-2026-37344, CVE-2026-37345

All Items

Showing 1188 items

Severity Title Category Source Indicators Tags Published
critical Hardy Barth Salia EV Charge Controller advisory cisa-advisories, vendor-blogs ics, rce 2026-04-21
critical Delta Electronics ASDA-Soft advisory cisa-advisories, vendor-blogs zeroday, phishing, ics 2026-04-16
critical Anviz Multiple Products advisory cisa-advisories, vendor-blogs ics, rce 2026-04-16
critical CVE-2026-40504 — Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravity_vm_exec f… vulnerability nvd CVE-2026-40504 2026-04-16
critical CVE-2026-6350 — MailGates/MailAudit developed by Openfind has a Stack-based Buffer Overflow vulnerability, allowing… vulnerability nvd CVE-2026-6350 2026-04-16
critical CVE-2026-3596 — The Riaxe Product Customizer plugin for WordPress is vulnerable to Privilege Escalation in all versi… vulnerability nvd CVE-2026-3596 2026-04-16
critical CVE-2026-31843 — The goodoneuz/pay-uz Laravel package (<= 2.2.24) contains a critical vulnerability in the /payment/a… vulnerability nvd CVE-2026-31843 rce 2026-04-16
critical CVE-2026-6270 — @fastify/middie versions 9.3.1 and earlier do not register inherited middleware directly on child pl… vulnerability nvd CVE-2026-6270 2026-04-16
critical CVE-2026-37336 — SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /… vulnerability nvd CVE-2026-37336, CVE-2026-37337, CVE-2026-37338, CVE-2026-37339, CVE-2026-37340 2026-04-16
critical CVE-2026-37341 — SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the fil… vulnerability nvd CVE-2026-37341, CVE-2026-37342, CVE-2026-37343, CVE-2026-37344, CVE-2026-37345 2026-04-16
critical CVE-2026-37346 — SourceCodester Payroll Management and Information System v1.0 is vulnerable to SQL Injection in the… vulnerability nvd CVE-2026-37346, CVE-2026-37347 2026-04-16
critical CVE-2026-33082 — DataEase is an open source data visualization analysis tool. Versions 2.10.20 and below contain a SQ… vulnerability nvd CVE-2026-33082 2026-04-16
critical CVE-2026-33083 — DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below con… vulnerability nvd CVE-2026-33083, CVE-2026-33084, CVE-2026-33121, CVE-2026-33122, CVE-2026-33207, CVE-2026-40899, CVE-2026-40900 2026-04-16
critical CVE-2026-40322 — SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, Mermaid… vulnerability nvd CVE-2026-40322 2026-04-16
critical CVE-2026-34018 — An SQL injection vulnerability exists in CubeCart prior to 6.6.0, which may allow an attacker to exe… vulnerability nvd CVE-2026-34018 2026-04-17
critical CVE-2026-6443 — All plugins by Essentialplugin for WordPress are vulnerable to an injected backdoor in various versi… vulnerability nvd CVE-2026-6443 2026-04-17
critical CVE-2026-37749 — A SQL injection vulnerability in CodeAstro Simple Attendance Management System v1.0 allows remote un… vulnerability nvd CVE-2026-37749 2026-04-17
critical CVE-2026-6284 — An attacker with network access to the PLC is able to brute force discover passwords to gain unautho… vulnerability nvd CVE-2026-6284 ics 2026-04-17
critical CVE-2026-27890 — Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7… vulnerability nvd CVE-2026-27890, CVE-2026-28214, CVE-2026-28224, CVE-2026-33337, CVE-2026-34232, CVE-2026-35215, CVE-2026-40342 2026-04-17
critical CVE-2026-40525 — OpenViking prior to version 0.3.9 contains an authentication bypass vulnerability in the VikingBot O… vulnerability nvd CVE-2026-40525 2026-04-17
critical CVE-2026-32623 — xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vuln… vulnerability nvd CVE-2026-32623, CVE-2026-32624 rce 2026-04-17
critical CVE-2026-35546 — Anviz CX2 Lite and CX7 are vulnerable to unauthenticated firmware uploads. This causes crafted archi… vulnerability nvd CVE-2026-35546 2026-04-17
critical CVE-2026-23500 — Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) softwar… vulnerability nvd CVE-2026-23500 rce 2026-04-17
critical CVE-2026-35512 — xrdp is an open source RDP server. Versions through 0.10.5 have a heap-based buffer overflow in the… vulnerability nvd CVE-2026-35512 rce 2026-04-17
critical CVE-2026-40258 — The Gramps Web API is a Python REST API for the genealogical research software Gramps. Versions 1.6.… vulnerability nvd CVE-2026-40258 2026-04-17
critical CVE-2026-40351 — FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password-based login en… vulnerability nvd CVE-2026-40351 2026-04-17
critical CVE-2026-40477 — Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.… vulnerability nvd CVE-2026-40477, CVE-2026-40478 2026-04-17
critical CVE-2026-40324 — Hot Chocolate is an open-source GraphQL server. Prior to versions 12.22.7, 13.9.16, 14.3.1, and 15.1… vulnerability nvd CVE-2026-40324 2026-04-18
critical CVE-2026-40484 — ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the database backu… vulnerability nvd CVE-2026-40484 rce 2026-04-18
critical CVE-2026-40317 — NovumOS is a custom 32-bit operating system written in Zig and x86 Assembly. In versions prior to 0.… vulnerability nvd CVE-2026-40317, CVE-2026-40572 2026-04-18
critical CVE-2026-40492 — SAIL is a cross-platform library for loading and saving images with support for animation, metadata,… vulnerability nvd CVE-2026-40492, CVE-2026-40493, CVE-2026-40494 2026-04-18
critical CVE-2026-32956 — SD-330AC and AMC Manager provided by silex technology, Inc. contain a heap-based buffer overflow vul… vulnerability nvd CVE-2026-32956, CVE-2026-32961 2026-04-20
critical CVE-2026-6643 — A stack-based buffer overflow vulnerability was found in the VPN Clients on the ADM. The issue stems… vulnerability nvd CVE-2026-6643 2026-04-20
critical CVE-2026-6644 — A command injection vulnerability was found in the PPTP VPN Clients on the ADM. The vulnerability al… vulnerability nvd CVE-2026-6644 rce 2026-04-20
critical CVE-2026-5963 — EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remot… vulnerability nvd CVE-2026-5963, CVE-2026-5964 2026-04-20
critical CVE-2026-33557 — A possible security vulnerability has been identified in Apache Kafka. By default, the broker proper… vulnerability nvd CVE-2026-33557 2026-04-20
critical CVE-2026-5760 — SGLang's reranking endpoint (/v1/rerank) achieves Remote Code Execution (RCE) when a model file cont… vulnerability nvd CVE-2026-5760 rce 2026-04-20
critical CVE-2026-24467 — OpenAEV is an open source platform allowing organizations to plan, schedule and conduct cyber advers… vulnerability nvd CVE-2026-24467, CVE-2026-24468 2026-04-20
critical CVE-2026-39918 — Vvveb prior to 1.0.8.1 contains a code injection vulnerability in the installation endpoint where th… vulnerability nvd CVE-2026-39918 rce 2026-04-20
critical CVE-2026-30269 — Improper access control in Doorman v0.1.0 and v1.0.2 allows any authenticated user to update their o… vulnerability nvd CVE-2026-30269 2026-04-20
critical CVE-2026-39109 — SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management Sy… vulnerability nvd CVE-2026-39109, CVE-2026-39110, CVE-2026-39111 2026-04-20
critical CVE-2026-29649 — NEMU contains an implementation flaw in its RISC-V Hypervisor CSR handling where henvcfg[7:4] (CBIE/… vulnerability nvd CVE-2026-29649 2026-04-20
critical CVE-2026-6257 — Vvveb CMS v1.0.8 contains a remote code execution vulnerability in its media management functionalit… vulnerability nvd CVE-2026-6257 rce 2026-04-20
critical CVE-2026-29646 — In OpenXiangShan NEMU prior to 55295c4, when running with RVH (Hypervisor extension) enabled, a VS-m… vulnerability nvd CVE-2026-29646 2026-04-20
critical CVE-2026-32604 — Spinnaker is an open source, multi-cloud continuous delivery platform. In versions prior to 2026.1.0… vulnerability nvd CVE-2026-32604 2026-04-20
critical CVE-2026-32613 — Spinnaker is an open source, multi-cloud continuous delivery platform. Echo like some other services… vulnerability nvd CVE-2026-32613 2026-04-20
critical CVE-2026-5450 — Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library ver… vulnerability nvd CVE-2026-5450 2026-04-20
critical CVE-2026-41329 — OpenClaw before 2026.3.31 contains a sandbox bypass vulnerability allowing attackers to escalate pri… vulnerability nvd CVE-2026-41329 2026-04-21
critical CVE-2026-5965 — NewSoftOA developed by NewSoft has an OS Command Injection vulnerability, allowing unauthenticated l… vulnerability nvd CVE-2026-5965 2026-04-21
critical CVE-2026-41036 — This vulnerability exists in Quantum Networks router due to inadequate sanitization of user-supplied… vulnerability nvd CVE-2026-41036 rce 2026-04-21
critical CVE-2026-6748 — Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firef… vulnerability nvd CVE-2026-6748, CVE-2026-6751 2026-04-21
critical CVE-2026-6760 — Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150… vulnerability nvd CVE-2026-6760, CVE-2026-6768 2026-04-21
critical CVE-2026-6771 — Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150, Firef… vulnerability nvd CVE-2026-6771 2026-04-21
critical CVE-2025-15638 — Net::Dropbear versions before 0.14 for Perl contains a vulnerable version of libtomcrypt. Net::Dropb… vulnerability nvd CVE-2025-15638 2026-04-21
critical CVE-2026-21571 — This Critical severity OS Command Injection vulnerability was introduced in versions 9.6.0, 10.0.0,… vulnerability nvd CVE-2026-21571 rce 2026-04-21
critical CVE-2026-40050 — CrowdStrike has released security updates to address a critical unauthenticated path traversal vulne… vulnerability nvd CVE-2026-40050 2026-04-21
critical CVE-2026-40569 — FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a mass… vulnerability nvd CVE-2026-40569 ransomware, phishing 2026-04-21
critical CVE-2026-40576 — excel-mcp-server is a Model Context Protocol server for Excel file manipulation. A path traversal vu… vulnerability nvd CVE-2026-40576 2026-04-21
critical CVE-2026-40584 — RansomLook is a tool to monitor Ransomware groups and markets and extract their victims. Prior to 1.… vulnerability nvd CVE-2026-40584 ransomware 2026-04-21
critical CVE-2026-5652 — An insecure direct object reference vulnerability in the Users API component of Crafty Controller al… vulnerability nvd CVE-2026-5652 2026-04-21
critical CVE-2026-41193 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, FreeScout's… vulnerability nvd CVE-2026-41193 2026-04-21
critical CVE-2026-40372 — Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to… vulnerability nvd CVE-2026-40372 2026-04-21
critical CVE-2026-40884 — goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs contains an SFTP authenticat… vulnerability nvd CVE-2026-40884 2026-04-21
critical CVE-2026-40885 — goshs is a SimpleHTTPServer written in Go. From 2.0.0-beta.4 to 2.0.0-beta.5, goshs leaks file-based… vulnerability nvd CVE-2026-40885 ransomware 2026-04-21
critical CVE-2026-40887 — Vendure is an open-source headless commerce platform. Starting in version 1.7.4 and prior to version… vulnerability nvd CVE-2026-40887 2026-04-21
critical CVE-2026-40903 — goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs has an ArtiPACKED vulnerabil… vulnerability nvd CVE-2026-40903 2026-04-21
critical CVE-2026-33518 — An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and… vulnerability nvd CVE-2026-33518 2026-04-21
critical CVE-2026-33519 — An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Win… vulnerability nvd CVE-2026-33519 2026-04-21
critical CVE-2026-34275 — Vulnerability in the Oracle Advanced Inbound Telephony product of Oracle E-Business Suite (component… vulnerability nvd CVE-2026-34275 2026-04-21
critical CVE-2026-34279 — Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (c… vulnerability nvd CVE-2026-34279 2026-04-21
critical CVE-2026-34285 — Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (componen… vulnerability nvd CVE-2026-34285, CVE-2026-34286, CVE-2026-34287, CVE-2026-34288, CVE-2026-34289, CVE-2026-34290, CVE-2026-34294 2026-04-21
critical CVE-2026-40906 — Electric is a Postgres sync engine. From 1.1.12 to before 1.5.0, the order_by parameter in the Elect… vulnerability nvd CVE-2026-40906 2026-04-21
critical CVE-2026-40911 — WWBN AVideo is an open source video platform. In versions 29.0 and prior, the YPTSocket plugin's Web… vulnerability nvd CVE-2026-40911 2026-04-21
critical CVE-2026-40933 — Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.… vulnerability nvd CVE-2026-40933 2026-04-21
critical CVE-2026-40575 — OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0… vulnerability nvd CVE-2026-40575, CVE-2026-41059 2026-04-22
critical CVE-2026-41064 — WWBN AVideo is an open source video platform. In versions up to and including 29.0, an incomplete fi… vulnerability nvd CVE-2026-41064 2026-04-22
critical CVE-2026-41304 — WWBN AVideo is an open source video platform. In versions 29.0 and below, the `cloneServer.json.php`… vulnerability nvd CVE-2026-41304 botnet, rce 2026-04-22
critical CVE-2026-4119 — The Create DB Tables plugin for WordPress is vulnerable to authorization bypass in all versions up t… vulnerability nvd CVE-2026-4119 2026-04-22
critical CVE-2026-6235 — The Sendmachine for WordPress plugin for WordPress is vulnerable to authorization bypass via the 'ma… vulnerability nvd CVE-2026-6235 2026-04-22
critical CVE-2026-31460 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: check if ext_ca… vulnerability nvd CVE-2026-31460 ransomware 2026-04-22
critical CVE-2026-31461 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix drm_edid le… vulnerability nvd CVE-2026-31461 ransomware 2026-04-22
critical CVE-2026-31488 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Do not skip unr… vulnerability nvd CVE-2026-31488 ransomware 2026-04-22
critical CVE-2026-21523 GitHub Copilot and Visual Studio Code Remote Code Execution Vulnerability advisory vendor-blogs rce 2026-04-20
critical Vect formalizes BreachForums and TeamPCP alliance to push model for industrialized ransomware, scale RaaS operations advisory vendor-blogs ransomware 2026-04-21
critical Malicious IP: 88.151.32.168 ip-reputation abuse-ipdb 88.151.32.168 2026-04-22
critical Malicious IP: 2.57.122.191 ip-reputation abuse-ipdb 2.57.122.191 2026-04-22
critical Malicious IP: 92.118.39.196 ip-reputation abuse-ipdb 92.118.39.196 2026-04-22
critical Malicious IP: 211.223.107.86 ip-reputation abuse-ipdb 211.223.107.86 2026-04-22
critical Malicious IP: 106.12.18.199 ip-reputation abuse-ipdb 106.12.18.199 2026-04-22
critical Malicious IP: 196.189.155.89 ip-reputation abuse-ipdb 196.189.155.89 2026-04-22
critical Malicious IP: 102.219.126.124 ip-reputation abuse-ipdb 102.219.126.124 2026-04-22
critical Malicious IP: 107.170.38.20 ip-reputation abuse-ipdb 107.170.38.20 2026-04-22
critical Malicious IP: 85.29.197.188 ip-reputation abuse-ipdb 85.29.197.188 2026-04-22
critical Malicious IP: 2.57.122.177 ip-reputation abuse-ipdb 2.57.122.177 2026-04-22
critical Malicious IP: 152.32.213.68 ip-reputation abuse-ipdb 152.32.213.68 2026-04-22
critical Malicious IP: 92.118.39.195 ip-reputation abuse-ipdb 92.118.39.195 2026-04-22
critical Malicious IP: 103.39.225.73 ip-reputation abuse-ipdb 103.39.225.73 2026-04-22
critical Malicious IP: 64.62.197.91 ip-reputation abuse-ipdb 64.62.197.91 2026-04-22
critical Malicious IP: 188.127.237.85 ip-reputation abuse-ipdb 188.127.237.85 2026-04-22
critical Malicious IP: 87.249.18.170 ip-reputation abuse-ipdb 87.249.18.170 2026-04-22
critical Malicious IP: 85.217.149.35 ip-reputation abuse-ipdb 85.217.149.35 2026-04-22
critical Malicious IP: 103.143.207.15 ip-reputation abuse-ipdb 103.143.207.15 2026-04-22
critical Malicious IP: 195.178.110.30 ip-reputation abuse-ipdb 195.178.110.30 2026-04-22
critical Malicious IP: 2.57.122.195 ip-reputation abuse-ipdb 2.57.122.195 2026-04-22
critical payload_delivery: undefined threat-intel threatfox ClearFake, 22April2026, Commandline, Windows, DarkCloud, ViriBack, CobaltStrike, drb-ra, RAT, ValleyRAT, RedLineStealer, Agentemis, Beacon, Cobalt Strike, cobeacon, Kongtuke, c2, RapidStealer, StrelaStealer, ClickFix, compromised, etherhiding, Polygon, Vidar, WordPress, remcos, Gafgyt, ConnectBack, glassworm, Wave3, wallet-trojan, calendar-c2, infostealer stealer, opiusra, EnmityStealer, 1xxbot, ArechClient, SectopRAT, Stealc, CinaRAT, Quasar RAT, QuasarRAT, Yggdrasil, BotManager, Mirai, MaskGramStealer, 21April2026, conhost-headless, finger-tcp79, fingerfix, win.fingerfix, finger-delivery, AS15169, hak5, AS14618, AS14061, AS9123, SocGholish, cs-watermark-987654321, cs-watermark-100000, Fake Zoom, ScreenConnect, VBScript, Fake Microsoft Teams, Fake Adobe, SSA, ErrTraffic, Lumma, r88vry, XWorm, GDrive, grpc, msi, NodeJS, TOR, darkcomet, NanoCore, dcrat, Steal, RemcosRAT, ExtRat, Xtreme RAT, AS24940, CHAOS, Hetzner Online GmbH, kimwolf, Discord, cs-watermark-666666, macOS, stealer, FrostStealer, etherhide, polygon-contract-stored-c2, 20April2026, Fake-Claude, Nancrat, NanoCore RAT, PureHVNC, PureRAT, AS202412, jarm-cluster, Omegatech, cluster25, sliver, clickfix-cluster, phishing, AS8075, Microsoft Corporation, Supershell, Mozi, EXT, Fake Claude, ACRStealer, OffLoader, AISURU, exe, DGA, valleyrat_s2, REMPROXY, CrystalX, DeepLoad, AS205775, NEON CORE NETWORK LLC, Bot Manager, pw-ryos, DDNS, Fake Adobe Reader, Fake DocuSign, payload, Fake Google Meet, cs-watermark-305419896, cs-watermark-666666666, cs-watermark-391144938, DarkCrystal RAT, 18April2026, AS216084, itystealer, Kerem Uluboy, Access2.IT Network, AS208258, zabbix, AS64439, borz, RocketCloud.ru, honeypot, WebDav, botnet, controller, ssh, Amnesia Panel, Web Panel, NetSupport, asyncrat, garble, go, midie, sideload-asus, AS56971, AS56971 Cloud, UNAM, Amos, asar, atomic, wallet-injection, applescript, keystone-persistence, Loader, Vjw0rm, PhantomGate, SantaStealer, rmm, simplehelp, deerstealer, njrat, a10fsw, SHubStealer, Farfli, APT, kimsuky, DPRK, Lazarus, ESP, geo, GCleaner, SilentNet, 17April2026, KermitRAT, Breut, Fynloski, klovbot, Remvio, Socmer, tofsee, IClickFix, NetSupport RAT, ZigClipper, domain, Lumma Stealer, Mirax, 16April2026, infostealer, AS328543, Sun Network Company Limited, RedTigerStealer, WeedHack, Havoc, d0b0p, Loki, Lorikazz, AS932, XNNET LLC, SmartApeSG, AgingFly, UKR, odiznrio, Patchwork, cs-watermark-1234567890, quasar, dropped-by-vidar, exfil, FlagStealer, SmartLoader, 15April2026, Metateam1337x-afk, apt 2026-04-22
critical Using KATA and KEDR to detect the AdaptixC2 agent threat-intel otx f212fd00d9ffc0f3… mgbot, lateral movement, network detection, post-exploitation framework, coolclient, command-and-control, toneshell, vbcloud, cloudatlas, process injection, edr, powershower, credential harvesting, adaptixc2, vbshower, ransomware, apt, phishing, botnet 2026-04-17
critical Uptick in Bomgar RMM Exploitation threat-intel otx CVE-2026-1731, CVE-2024-3400, CVE-2023-33538, CVE-2025-59287, CVE-2025-21042, CVE-2025-55182, CVE-2025-66478, CVE-2025-14847, CVE-2026-1281, CVE-2026-1340, CVE-2025-0921, CVE-2025-23304, CVE-2026-22584 | bc9635dcc3444c18…, e7efe76a253a37e0… lockbit, simplehelp, remote access tools, ransomware, byovd, screenconnect, atera, bomgar, rmm exploitation, anydesk, cve-2026-1731, poisonkiller, msp targeting, cve-2023-33538, tp-link routers, iot exploitation, firmware analysis, condi botnet, command injection, wifi routers, mirai, condi, mirai botnet, maritime, nuso, lamporat, ai-enhanced malware, trusted relationship compromise, energy, iranian, cyberespionage, udpgangster, critical infrastructure, blackbeard, phoenix, ghostbackdoor, social engineering, phishing, botnet, rce 2026-04-17
critical Over 1,300 Microsoft SharePoint servers vulnerable to spoofing attacks news general-news zeroday 2026-04-22
critical Former ransomware negotiator pleads guilty to BlackCat attacks news general-news ransomware 2026-04-21
critical Mustang Panda’s New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles news general-news apt, botnet 2026-04-22
critical SystemBC C2 Server Reveals 1,570+ Victims in The Gentlemen Ransomware Operation news general-news ransomware, botnet 2026-04-21
critical Ransomware Negotiator Pleads Guilty to Aiding BlackCat Attacks in 2023 news general-news ransomware 2026-04-21
critical No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks news general-news zeroday, supply-chain 2026-04-21
critical SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files news general-news rce 2026-04-20
critical Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain news general-news rce, supply-chain 2026-04-20
critical Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched news general-news zeroday 2026-04-17
critical Google Blocks 8.3B Policy-Violating Ads in 2025, Launches Android 17 Privacy Overhaul news general-news ransomware 2026-04-17
critical ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories news general-news zeroday, rce, supply-chain 2026-04-16
critical Ransomware Negotiator Pleads Guilty to BlackCat Scheme news general-news ransomware 2026-04-21
critical Surge in Bomgar RMM Exploitation Demonstrates Supply Chain Risk news general-news ransomware, rce, supply-chain 2026-04-21
critical Google Fixes Critical RCE Flaw in AI-Based 'Antigravity' Tool news general-news rce 2026-04-21
critical Chinese APT Targets Indian Banks, Korean Policy Circles news general-news apt 2026-04-21
critical 6-Year Ransomware Campaign Targets Turkish Homes &amp; SMBs news general-news ransomware 2026-04-16
critical Google Antigravity in Crosshairs of Security Researchers, Cybercriminals news general-news rce 2026-04-22
critical Third US Security Expert Admits Helping Ransomware Gang news general-news ransomware 2026-04-21
critical Former Ransomware Negotiator Pleads Guilty to Working For BlackCat Cyber Gang news general-news ransomware 2026-04-22
critical The Gentlemen Ransomware Expands With Rapid Affiliate Growth news general-news ransomware 2026-04-21
critical Cookeville Medical Center Notifies Patients After July 2025 Ransomware Attack news general-news ransomware 2026-04-16
critical Automotive Ransomware Attacks Double in a Year news general-news ransomware 2026-04-16
critical Former DigitalMint ransomware negotiator pleads guilty to extortion scheme news general-news ransomware 2026-04-21
critical Lawmakers ponder terrorism designations, homicide charges over hospital ransomware attacks news general-news ransomware 2026-04-21
critical Vuln in Google’s Antigravity AI agent manager could escape sandbox, give attackers remote code execution news general-news rce 2026-04-20
high CVE-2026-20122 — Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability vulnerability cisa-kev CVE-2026-20122 2026-04-20
high CVE-2026-20133 — Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability vulnerability cisa-kev CVE-2026-20133 2026-04-20
high CVE-2025-2749 — Kentico Xperience Path Traversal Vulnerability vulnerability cisa-kev CVE-2025-2749 2026-04-20
high CVE-2025-48700 — Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability vulnerability cisa-kev CVE-2025-48700 2026-04-20
high CVE-2026-20128 — Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability vulnerability cisa-kev CVE-2026-20128 2026-04-20
high CVE-2025-32975 — Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability vulnerability cisa-kev CVE-2025-32975 2026-04-20
high Silex Technology SD-330AC and AMC Manager advisory cisa-advisories, vendor-blogs phishing, ics, transport 2026-04-21
high Siemens RUGGEDCOM CROSSBOW Secure Access Manager Primary advisory cisa-advisories, vendor-blogs ics 2026-04-21
high Siemens TPM 2.0 advisory cisa-advisories, vendor-blogs botnet, ics 2026-04-21
high SenseLive X3050 advisory cisa-advisories, vendor-blogs phishing, ics 2026-04-21
high Siemens Analytics Toolkit advisory cisa-advisories, vendor-blogs ics 2026-04-21
high Siemens SCALANCE advisory cisa-advisories, vendor-blogs ics 2026-04-21
high Siemens SINEC NMS advisory cisa-advisories, vendor-blogs ics 2026-04-21
high Zero Motorcycles Firmware advisory cisa-advisories, vendor-blogs ics 2026-04-21
high Siemens Industrial Edge Management advisory cisa-advisories, vendor-blogs ics 2026-04-21
high Siemens RUGGEDCOM CROSSBOW Station Access Controller (SAC) advisory cisa-advisories, vendor-blogs ics 2026-04-21
high ​​Supply Chain Compromise Impacts Axios Node Package Manager​ advisory cisa-advisories phishing, botnet, supply-chain 2026-04-20
high AVEVA Pipeline Simulation advisory cisa-advisories, vendor-blogs ics 2026-04-16
high Horner Automation Cscape and XL4, XL7 PLC advisory cisa-advisories, vendor-blogs ics 2026-04-16
high CVE-2026-41015 — radare2 before 9236f44, when configured on UNIX without SSL, allows command injection via a PDB name… vulnerability nvd CVE-2026-41015 2026-04-16
high CVE-2026-6348 — WinMatrix agent developed by Simopro Technology has a Missing Authentication vulnerability, allowing… vulnerability nvd CVE-2026-6348 2026-04-16
high CVE-2026-6351 — MailGates/MailAudit developed by Openfind has a CRLF Injection vulnerability, allowing unauthenticat… vulnerability nvd CVE-2026-6351 2026-04-16
high CVE-2026-22619 — Eaton Intelligent Power Protector (IPP) is affected by insecure library loading in its executable, w… vulnerability nvd CVE-2026-22619 2026-04-16
high CVE-2026-3599 — The Riaxe Product Customizer plugin for WordPress is vulnerable to SQL Injection via the 'options' p… vulnerability nvd CVE-2026-3599 2026-04-16
high CVE-2026-3614 — The AcyMailing plugin for WordPress is vulnerable to privilege escalation in all versions From 9.11.… vulnerability nvd CVE-2026-3614 2026-04-16
high CVE-2026-5050 — The Payment Gateway for Redsys & WooCommerce Lite plugin for WordPress is vulnerable to Improper Ver… vulnerability nvd CVE-2026-5050 2026-04-16
high CVE-2026-1620 — The Livemesh Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all… vulnerability nvd CVE-2026-1620 2026-04-16
high CVE-2026-3876 — The Prismatic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'prismatic_e… vulnerability nvd CVE-2026-3876 2026-04-16
high CVE-2026-41035 — In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call,… vulnerability nvd CVE-2026-41035 2026-04-16
high CVE-2025-14868 — The Career Section plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Path… vulnerability nvd CVE-2025-14868 2026-04-16
high CVE-2026-23772 — Dell Storage Manager - Replay Manager for Microsoft Servers, version(s) 8.0, contain(s) an Improper… vulnerability nvd CVE-2026-23772 ransomware 2026-04-16
high CVE-2026-3489 — The DirectoryPress – Business Directory And Classified Ad Listing plugin for WordPress is vulnerable… vulnerability nvd CVE-2026-3489 2026-04-16
high CVE-2026-31987 — JWT Tokens used by tasks were exposed in logs. This could allow UI users to act as Dag Authors. User… vulnerability nvd CVE-2026-31987 2026-04-16
high CVE-2026-5785 — Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions fro… vulnerability nvd CVE-2026-5785 2026-04-16
high CVE-2026-30459 — An issue in the Forgot Password feature of Daylight Studio FuelCMS v1.5.2 allows unauthenticated att… vulnerability nvd CVE-2026-30459 2026-04-16
high CVE-2026-30656 — A NULL pointer dereference vulnerability exists in fio (Flexible I/O Tester) v3.41 when parsing job… vulnerability nvd CVE-2026-30656 2026-04-16
high CVE-2026-33804 — @fastify/middie versions 9.3.1 and earlier are vulnerable to middleware bypass when the deprecated F… vulnerability nvd CVE-2026-33804 2026-04-16
high CVE-2026-3324 — Zohocorp ManageEngine Log360 versions 13000 through 13013 are vulnerable to authentication bypass on… vulnerability nvd CVE-2026-3324 2026-04-16
high CVE-2026-5426 — Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to F… vulnerability nvd CVE-2026-5426 rce 2026-04-16
high CVE-2026-41082 — In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach… vulnerability nvd CVE-2026-41082 2026-04-16
high CVE-2026-6442 — Improper validation of bash commands in Snowflake Cortex Code CLI versions prior to 1.0.25 allowed s… vulnerability nvd CVE-2026-6442 2026-04-16
high CVE-2026-40901 — DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below shi… vulnerability nvd CVE-2026-40901 rce 2026-04-16
high CVE-2026-40170 — ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2_qlog_par… vulnerability nvd CVE-2026-40170 2026-04-16
high CVE-2026-40246 — free5GC is an open-source implementation of the 5G core network. In versions 1.4.2 and below of the… vulnerability nvd CVE-2026-40246 2026-04-16
high CVE-2026-40247 — free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the… vulnerability nvd CVE-2026-40247, CVE-2026-40248, CVE-2026-40249 2026-04-16
high CVE-2026-41113 — sagredo qmail before 2026.04.07 allows tls_quit remote code execution because of popen in notlshosts… vulnerability nvd CVE-2026-41113 rce 2026-04-16
high CVE-2026-40259 — SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, the /api… vulnerability nvd CVE-2026-40259 2026-04-16
high CVE-2026-40318 — SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and prior, the /api… vulnerability nvd CVE-2026-40318 2026-04-16
high CVE-2026-22734 — Cloud Foundry UUA is vulnerable to a bypass that allows an attacker to obtain a token for any user a… vulnerability nvd CVE-2026-22734 2026-04-17
high CVE-2026-40262 — Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the asset deliver… vulnerability nvd CVE-2026-40262 2026-04-17
high CVE-2026-5231 — The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'utm_sou… vulnerability nvd CVE-2026-5231 2026-04-17
high CVE-2026-3605 — An authenticated user with access to a kvv2 path through a policy containing a glob may be able to d… vulnerability nvd CVE-2026-3605 2026-04-17
high CVE-2026-4525 — If a Vault auth mount is configured to pass through the "Authorization" header, and the "Authorizati… vulnerability nvd CVE-2026-4525 2026-04-17
high CVE-2026-5807 — Vault is vulnerable to a denial-of-service condition where an unauthenticated attacker can repeatedl… vulnerability nvd CVE-2026-5807 2026-04-17
high CVE-2026-6421 — A vulnerability has been found in Mobatek MobaXterm Home Edition up to 26.1. This affects an unknown… vulnerability nvd CVE-2026-6421 2026-04-17
high CVE-2026-4659 — The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Arbitrary File Read via t… vulnerability nvd CVE-2026-4659 2026-04-17
high CVE-2026-23853 — Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions… vulnerability nvd CVE-2026-23853, CVE-2026-23778, CVE-2026-23776, CVE-2026-23779, CVE-2025-46605, CVE-2025-46606, CVE-2025-46607, CVE-2025-46641, CVE-2026-23777, CVE-2026-28263, CVE-2026-23774 2026-04-17
high CVE-2026-33392 — In JetBrains YouTrack before 2025.3.131383 high privileged user can achieve RCE via sandbox bypass vulnerability nvd CVE-2026-33392 rce 2026-04-17
high CVE-2025-36568 — Dell PowerProtect Data Domain BoostFS for client of Feature Release versions 7.7.1.0 through 8.5, LT… vulnerability nvd CVE-2025-36568 2026-04-17
high CVE-2026-23775 — Dell PowerProtect Data Domain appliances with Data Domain Operating System (DD OS) of Feature Releas… vulnerability nvd CVE-2026-23775 2026-04-17
high CVE-2026-6483 — A vulnerability was found in Wavlink WL-WN530H4 20220721. This vulnerability affects the function st… vulnerability nvd CVE-2026-6483 2026-04-17
high CVE-2026-6507 — A flaw was found in dnsmasq. A remote attacker could exploit an out-of-bounds write vulnerability by… vulnerability nvd CVE-2026-6507 2026-04-17
high CVE-2026-31317 — Craftql v1.3.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attack… vulnerability nvd CVE-2026-31317 2026-04-17
high CVE-2026-40459 — PAC4J is vulnerable to LDAP Injection in multiple methods. A low-privileged remote attacker can inje… vulnerability nvd CVE-2026-40459 2026-04-17
high CVE-2026-6490 — A weakness has been identified in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. Impa… vulnerability nvd CVE-2026-6490 2026-04-17
high CVE-2026-21733 — Software installed and run as a non-privileged user may conduct improper GPU system calls to gain wr… vulnerability nvd CVE-2026-21733 2026-04-17
high CVE-2026-3464 — The WP Customer Area plugin for WordPress is vulnerable to arbitrary file read and deletion due to i… vulnerability nvd CVE-2026-3464 rce 2026-04-17
high CVE-2026-40515 — OpenHarness before commit bd4df81 contains a permission bypass vulnerability that allows attackers t… vulnerability nvd CVE-2026-40515 2026-04-17
high CVE-2026-40516 — OpenHarness before commit bd4df81 contains a server-side request forgery vulnerability in the web_fe… vulnerability nvd CVE-2026-40516 2026-04-17
high CVE-2026-40518 — ByteDance DeerFlow before commit 2176b2b contains a path traversal and arbitrary file write vulnerab… vulnerability nvd CVE-2026-40518 2026-04-17
high CVE-2025-65104 — Firebird is an open-source relational database management system. In versions FB3 of the client libr… vulnerability nvd CVE-2025-65104 2026-04-17
high CVE-2026-5710 — The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Path… vulnerability nvd CVE-2026-5710 2026-04-17
high CVE-2026-5718 — The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbi… vulnerability nvd CVE-2026-5718 rce 2026-04-17
high CVE-2026-28212 — Firebird is an open-source relational database management system. In versions prior to 6.0.0, 5.0.4,… vulnerability nvd CVE-2026-28212 2026-04-17
high CVE-2026-32107 — xrdp is an open source RDP server. In versions through 0.10.5, the session execution component did n… vulnerability nvd CVE-2026-32107 2026-04-17
high CVE-2026-32324 — Anviz CX7 Firmware is vulnerable because the application embeds reusable certificate/key material, e… vulnerability nvd CVE-2026-32324 2026-04-17
high CVE-2026-32650 — Anviz CrossChex Standard is vulnerable when an attacker manipulates the TDS7 PreLogin to disable enc… vulnerability nvd CVE-2026-32650 2026-04-17
high CVE-2026-35682 — Anviz CX2 Lite is vulnerable to an authenticated command injection via a filename parameter that ena… vulnerability nvd CVE-2026-35682 2026-04-17
high CVE-2026-40066 — Anviz CX2 Lite and CX7 are vulnerable to unverified update packages that can be uploaded. The device… vulnerability nvd CVE-2026-40066 2026-04-17
high CVE-2026-40283 — WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site… vulnerability nvd CVE-2026-40283, CVE-2026-40282, CVE-2026-40284, CVE-2026-40286 2026-04-17
high CVE-2026-40434 — Anviz CrossChex Standard lacks source verification in the client/server channel, enabling TCP packet… vulnerability nvd CVE-2026-40434 2026-04-17
high CVE-2026-40461 — Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug settings (e… vulnerability nvd CVE-2026-40461 2026-04-17
high CVE-2026-40196 — HomeBox is a home inventory and organization system. Versions prior to 0.25.0 contain a vulnerabilit… vulnerability nvd CVE-2026-40196 2026-04-17
high CVE-2026-40285 — WeGIA is a web manager for charitable institutions. Versions prior to 3.6.10 contain a SQL injection… vulnerability nvd CVE-2026-40285 2026-04-17
high CVE-2026-40303 — zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, end… vulnerability nvd CVE-2026-40303 2026-04-17
high CVE-2026-40527 — radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command… vulnerability nvd CVE-2026-40527 2026-04-17
high CVE-2026-40305 — DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft e… vulnerability nvd CVE-2026-40305, CVE-2026-40306, CVE-2026-40321 2026-04-17
high CVE-2026-40352 — FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password change endpoin… vulnerability nvd CVE-2026-40352 2026-04-17
high CVE-2026-40474 — wger is a free, open-source workout and fitness manager. In versions 2.5 and below, the GymConfigUpd… vulnerability nvd CVE-2026-40474 2026-04-17
high CVE-2026-2262 — The Easy Appointments plugin for WordPress is vulnerable to Sensitive Information Exposure in all ve… vulnerability nvd CVE-2026-2262 2026-04-18
high CVE-2026-40348 — Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1,… vulnerability nvd CVE-2026-40348, CVE-2026-40349, CVE-2026-40350 2026-04-18
high CVE-2026-40581 — ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the family record… vulnerability nvd CVE-2026-40581 2026-04-18
high CVE-2026-35465 — SecureDrop Client is a desktop app for journalists to securely communicate with sources and handle s… vulnerability nvd CVE-2026-35465 2026-04-18
high CVE-2026-35582 — Emissary is a P2P based data-driven workflow engine. In versions 8.42.0 and below, Executrix.getComm… vulnerability nvd CVE-2026-35582 2026-04-18
high CVE-2026-40487 — Postiz is an AI social media scheduling tool. Prior to version 2.21.6, a file upload validation bypa… vulnerability nvd CVE-2026-40487 2026-04-18
high CVE-2026-6518 — The CMP – Coming Soon & Maintenance Plugin by NiteoThemes plugin for WordPress is vulnerable to arbi… vulnerability nvd CVE-2026-6518 rce 2026-04-18
high CVE-2026-25917 — Dag Authors, who normally should not be able to execute code in the webserver context could craft XC… vulnerability nvd CVE-2026-25917 2026-04-18
high CVE-2026-30898 — An example of BashOperator in Airflow documentation suggested a way of passing dag_run.conf in the w… vulnerability nvd CVE-2026-30898 2026-04-18
high CVE-2026-30912 — In case of SQL errors, exception/stack trace of errors was exposed in API even if "api/expose_stack_… vulnerability nvd CVE-2026-30912 2026-04-18
high CVE-2026-32228 — UI / API User with asset materialize permission could trigger dags they had no access to. Users are… vulnerability nvd CVE-2026-32228 2026-04-18
high CVE-2026-6560 — A security vulnerability has been detected in H3C Magic B0 up to 100R002. This vulnerability affects… vulnerability nvd CVE-2026-6560 2026-04-19
high CVE-2026-6562 — A flaw has been found in dameng100 muucmf 1.9.5.20260309. Impacted is the function getListByPage of… vulnerability nvd CVE-2026-6562 2026-04-19
high CVE-2026-6563 — A vulnerability has been found in H3C Magic B1 up to 100R004. The affected element is the function S… vulnerability nvd CVE-2026-6563 2026-04-19
high CVE-2026-6568 — A vulnerability was determined in kodcloud KodExplorer up to 4.52. This affects the function share.c… vulnerability nvd CVE-2026-6568 2026-04-19
high CVE-2026-6569 — A vulnerability was identified in kodcloud KodExplorer up to 4.52. This impacts the function fileGet… vulnerability nvd CVE-2026-6569 2026-04-19
high CVE-2026-6574 — A vulnerability has been found in osuuu LightPicture up to 1.2.2. This issue affects some unknown pr… vulnerability nvd CVE-2026-6574 2026-04-19
high CVE-2026-6577 — A vulnerability was identified in liangliangyy DjangoBlog up to 2.1.0.0. The impacted element is an… vulnerability nvd CVE-2026-6577 2026-04-19
high CVE-2026-6580 — A security vulnerability has been detected in liangliangyy DjangoBlog up to 2.1.0.0. Affected is an… vulnerability nvd CVE-2026-6580 2026-04-19
high CVE-2026-6581 — A vulnerability was detected in H3C Magic B1 up to 100R004. Affected by this vulnerability is the fu… vulnerability nvd CVE-2026-6581 2026-04-19
high CVE-2026-6582 — A flaw has been found in TransformerOptimus SuperAGI up to 0.0.14. Affected by this issue is the fun… vulnerability nvd CVE-2026-6582 2026-04-19
high CVE-2026-6594 — A vulnerability was determined in brikcss merge up to 1.3.0. This affects an unknown part. Executing… vulnerability nvd CVE-2026-6594 2026-04-20
high CVE-2026-6595 — A vulnerability was identified in ProjectsAndPrograms School Management System up to 6b6fae5426044f8… vulnerability nvd CVE-2026-6595 2026-04-20
high CVE-2026-6596 — A security flaw has been discovered in langflow-ai langflow up to 1.1.0. This issue affects the func… vulnerability nvd CVE-2026-6596 2026-04-20
high CVE-2026-32955 — SD-330AC and AMC Manager provided by silex technology, Inc. contain a stack-based buffer overflow vu… vulnerability nvd CVE-2026-32955 2026-04-20
high CVE-2026-32965 — Initialization of a resource with an insecure default vulnerability exists in SD-330AC and AMC Manag… vulnerability nvd CVE-2026-32965 2026-04-20
high CVE-2026-6602 — A vulnerability was found in rickxy Hospital Management System up to 88a4290d957dc5bdde8a56e5ad451ad… vulnerability nvd CVE-2026-6602 2026-04-20
high CVE-2026-6603 — A vulnerability was determined in modelscope agentscope up to 1.0.18. Affected by this vulnerability… vulnerability nvd CVE-2026-6603 2026-04-20
high CVE-2026-6604 — A vulnerability was identified in modelscope agentscope up to 1.0.18. Affected by this issue is the… vulnerability nvd CVE-2026-6604 2026-04-20
high CVE-2026-6605 — A security flaw has been discovered in modelscope agentscope up to 1.0.18. This affects the function… vulnerability nvd CVE-2026-6605 2026-04-20
high CVE-2026-6606 — A weakness has been identified in modelscope agentscope up to 1.0.18. This vulnerability affects the… vulnerability nvd CVE-2026-6606 2026-04-20
high CVE-2026-5966 — ThreatSonar Anti-Ransomware developed by TeamT5 has an Arbitrary File Deletion vulnerability. Authen… vulnerability nvd CVE-2026-5966 ransomware 2026-04-20
high CVE-2026-6615 — A weakness has been identified in TransformerOptimus SuperAGI up to 0.0.14. Affected by this issue i… vulnerability nvd CVE-2026-6615 2026-04-20
high CVE-2026-5967 — ThreatSonar Anti-Ransomware developed by TeamT5 has an Privilege Escalation vulnerability. Authentic… vulnerability nvd CVE-2026-5967 ransomware 2026-04-20
high CVE-2026-6621 — A vulnerability was determined in 1024bit extend-deep up to 0.1.6. The impacted element is an unknow… vulnerability nvd CVE-2026-6621 2026-04-20
high CVE-2026-6625 — A security vulnerability has been detected in moxi624 Mogu Blog v2 up to 5.2. Affected by this vulne… vulnerability nvd CVE-2026-6625 2026-04-20
high CVE-2026-6629 — A vulnerability has been found in Metasoft 美特软件 MetaCRM up to 6.4.0. This vulnerability affects the… vulnerability nvd CVE-2026-6629 2026-04-20
high CVE-2026-6630 — A vulnerability was found in Tenda F451 1.0.0.7_cn_svn7958. This issue affects the function fromGstD… vulnerability nvd CVE-2026-6630 2026-04-20
high CVE-2026-6631 — A vulnerability was determined in Tenda F451 1.0.0.7_cn_svn7958. Impacted is the function fromwebExc… vulnerability nvd CVE-2026-6631 2026-04-20
high CVE-2026-6632 — A vulnerability was identified in Tenda F451 1.0.0.7_cn_svn7958. The affected element is the functio… vulnerability nvd CVE-2026-6632 2026-04-20
high CVE-2026-6635 — A security vulnerability has been detected in rowboatlabs rowboat up to 0.1.67. This impacts the fun… vulnerability nvd CVE-2026-6635 2026-04-20
high CVE-2026-3517 — OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an a… vulnerability nvd CVE-2026-3517, CVE-2026-3518, CVE-2026-3519 rce 2026-04-20
high CVE-2026-4048 — OS Command Injection Remote Code Execution Vulnerability in UI in Progress ADC Products allows an au… vulnerability nvd CVE-2026-4048 rce 2026-04-20
high CVE-2026-25058 — Vexa is an open-source, self-hostable meeting bot API and meeting transcription API. Prior to 0.10.0… vulnerability nvd CVE-2026-25058, CVE-2026-25883 2026-04-20
high CVE-2026-26944 — Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through… vulnerability nvd CVE-2026-26944, CVE-2026-24504, CVE-2026-24506, CVE-2026-26943, CVE-2026-26951 2026-04-20
high CVE-2026-34427 — Vvveb prior to 1.0.8.1 contains a privilege escalation vulnerability in the admin user profile save… vulnerability nvd CVE-2026-34427 rce 2026-04-20
high CVE-2026-34428 — Vvveb prior to 1.0.8.1 contains a server-side request forgery vulnerability in the oEmbedProxy actio… vulnerability nvd CVE-2026-34428 2026-04-20
high CVE-2026-6066 — ConnectWise has released a security update for ConnectWise Automate™ that addresses a behavior in th… vulnerability nvd CVE-2026-6066 2026-04-20
high CVE-2026-24505 — Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain an improper input validation vulnera… vulnerability nvd CVE-2026-24505 2026-04-20
high CVE-2026-25524 — Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative t… vulnerability nvd CVE-2026-25524, CVE-2026-25525, CVE-2026-40098, CVE-2026-40488 2026-04-20
high CVE-2026-30266 — Insecure Permissions vulnerability in DeepCool DeepCreative v.1.2.7 and before allows a local attack… vulnerability nvd CVE-2026-30266 2026-04-20
high CVE-2026-41445 — KissFFT before commit 8a8e66e contains an integer overflow vulnerability in the kiss_fftndr_alloc()… vulnerability nvd CVE-2026-41445 2026-04-20
high CVE-2026-6662 — A vulnerability was found in ericc-ch copilot-api up to 0.7.0. The impacted element is the function… vulnerability nvd CVE-2026-6662 2026-04-20
high CVE-2026-6248 — The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and… vulnerability nvd CVE-2026-6248 rce 2026-04-20
high CVE-2026-29645 — NEMU (OpenXiangShan/NEMU) before v2025.12.r2 contains an improper instruction-validation flaw in its… vulnerability nvd CVE-2026-29645 2026-04-20
high CVE-2026-5478 — The Everest Forms plugin for WordPress is vulnerable to Arbitrary File Read and Deletion in all vers… vulnerability nvd CVE-2026-5478 2026-04-20
high CVE-2026-6249 — Vvveb CMS 1.0.8 contains a remote code execution vulnerability in its media upload handler that allo… vulnerability nvd CVE-2026-6249 rce 2026-04-20
high CVE-2026-29642 — A local attacker who can execute privileged CSR operations (or can induce firmware to do so) perform… vulnerability nvd CVE-2026-29642 2026-04-20
high CVE-2026-29648 — In OpenXiangShan NEMU, when Smstateen is enabled, clearing mstateen0.ENVCFG does not correctly restr… vulnerability nvd CVE-2026-29648 2026-04-20
high CVE-2026-33626 — LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior… vulnerability nvd CVE-2026-33626 2026-04-20
high CVE-2026-5928 — Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that h… vulnerability nvd CVE-2026-5928 2026-04-20
high CVE-2026-29643 — XiangShan (Open-source high-performance RISC-V processor) commit edb1dfaf7d290ae99724594507dc46c2c21… vulnerability nvd CVE-2026-29643, CVE-2026-29644 botnet 2026-04-20
high CVE-2026-35570 — OpenClaude is an open-source coding-agent command line interface for cloud and local model providers… vulnerability nvd CVE-2026-35570 2026-04-21
high CVE-2026-41294 — OpenClaw before 2026.3.28 loads the current working directory .env file before trusted state-dir con… vulnerability nvd CVE-2026-41294 2026-04-21
high CVE-2026-41295 — OpenClaw before 2026.4.2 contains an improper trust boundary vulnerability allowing untrusted worksp… vulnerability nvd CVE-2026-41295 2026-04-21
high CVE-2026-41296 — OpenClaw before 2026.3.31 contains a time-of-check-time-of-use race condition in the remote filesyst… vulnerability nvd CVE-2026-41296 2026-04-21
high CVE-2026-41297 — OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace pl… vulnerability nvd CVE-2026-41297, CVE-2026-41302 2026-04-21
high CVE-2026-41299 — OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in the chat.send gateway me… vulnerability nvd CVE-2026-41299 2026-04-21
high CVE-2026-41303 — OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in Discord text approval co… vulnerability nvd CVE-2026-41303 2026-04-21
high CVE-2026-39320 — Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.25… vulnerability nvd CVE-2026-39320 2026-04-21
high CVE-2026-39386 — Neko is a a self-hosted virtual browser that runs in Docker and uses WebRTC In versions 3.0.0 throug… vulnerability nvd CVE-2026-39386 2026-04-21
high CVE-2026-39973 — Apktool is a tool for reverse engineering Android APK files. In versions 3.0.0 and 3.0.1, a path tra… vulnerability nvd CVE-2026-39973 rce 2026-04-21
high CVE-2026-40497 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, FreeScout's… vulnerability nvd CVE-2026-40497, CVE-2026-40565 2026-04-21
high CVE-2026-31368 — AiAssistant is affected by type privilege bypass, successful exploitation of this vulnerability may… vulnerability nvd CVE-2026-31368 2026-04-21
high CVE-2026-39467 — Deserialization of Untrusted Data vulnerability in MetaSlider Responsive Slider by MetaSlider allows… vulnerability nvd CVE-2026-39467 2026-04-21
high CVE-2026-40520 — FreePBX api module version 17.0.8 and prior contain a command injection vulnerability in the initiat… vulnerability nvd CVE-2026-40520 2026-04-21
high CVE-2026-6746 — Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firef… vulnerability nvd CVE-2026-6746 2026-04-21
high CVE-2026-6747 — Use-after-free in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140… vulnerability nvd CVE-2026-6747 2026-04-21
high CVE-2026-6749 — Information disclosure due to uninitialized memory in the Graphics: Canvas2D component. This vulnera… vulnerability nvd CVE-2026-6749 2026-04-21
high CVE-2026-6750 — Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 1… vulnerability nvd CVE-2026-6750 2026-04-21
high CVE-2026-6752 — Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150,… vulnerability nvd CVE-2026-6752, CVE-2026-6753 2026-04-21
high CVE-2026-6754 — Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 150, Fire… vulnerability nvd CVE-2026-6754 2026-04-21
high CVE-2026-6758 — Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150… vulnerability nvd CVE-2026-6758 2026-04-21
high CVE-2026-6759 — Use-after-free in the Widget: Cocoa component. This vulnerability was fixed in Firefox 150, Firefox… vulnerability nvd CVE-2026-6759 2026-04-21
high CVE-2026-6761 — Privilege escalation in the Networking component. This vulnerability was fixed in Firefox 150, Firef… vulnerability nvd CVE-2026-6761 2026-04-21
high CVE-2026-6766 — Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Fir… vulnerability nvd CVE-2026-6766, CVE-2026-6772 2026-04-21
high CVE-2026-6769 — Privilege escalation in the Debugger component. This vulnerability was fixed in Firefox 150, Firefox… vulnerability nvd CVE-2026-6769 2026-04-21
high CVE-2026-6773 — Denial-of-service due to integer overflow in the Graphics: WebGPU component. This vulnerability was… vulnerability nvd CVE-2026-6773 2026-04-21
high CVE-2026-6776 — Incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in F… vulnerability nvd CVE-2026-6776 2026-04-21
high CVE-2026-6780 — Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 15… vulnerability nvd CVE-2026-6780, CVE-2026-6781 ransomware 2026-04-21
high CVE-2026-6782 — Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 150 a… vulnerability nvd CVE-2026-6782 2026-04-21
high CVE-2026-6784 — Memory safety bugs present in Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of… vulnerability nvd CVE-2026-6784 2026-04-21
high CVE-2025-14362 — The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if th… vulnerability nvd CVE-2025-14362, CVE-2026-0972 2026-04-21
high CVE-2026-31018 — In Dolibarr ERP & CRM <= 22.0.4, PHP code detection and editing permission enforcement in the Websit… vulnerability nvd CVE-2026-31018 2026-04-21
high CVE-2026-31019 — In the Website module of Dolibarr ERP & CRM 22.0.4 and below, the application uses blacklist-based f… vulnerability nvd CVE-2026-31019 rce 2026-04-21
high CVE-2026-37748 — Visitor Management System 1.0 by sanjay1313 is vulnerable to Unrestricted File Upload in vms/php/adm… vulnerability nvd CVE-2026-37748 rce 2026-04-21
high CVE-2026-24177 — NVIDIA KAI Scheduler contains a vulnerability where an attacker could access API endpoints without a… vulnerability nvd CVE-2026-24177 2026-04-21
high CVE-2026-24189 — NVIDIA CUDA-Q contains a vulnerability in an endpoint, where an unauthenticated attacker could cause… vulnerability nvd CVE-2026-24189 2026-04-21
high CVE-2026-38834 — Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the do_ping_ac… vulnerability nvd CVE-2026-38834 2026-04-21
high CVE-2026-40161 — Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. From 1.0.… vulnerability nvd CVE-2026-40161, CVE-2026-40938 2026-04-21
high CVE-2026-40568 — FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a store… vulnerability nvd CVE-2026-40568 phishing 2026-04-21
high CVE-2026-40585 — blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, when a password reset is ini… vulnerability nvd CVE-2026-40585 2026-04-21
high CVE-2026-40586 — blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, the login form handler perfo… vulnerability nvd CVE-2026-40586 2026-04-21
high CVE-2026-40589 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, a low-privil… vulnerability nvd CVE-2026-40589 2026-04-21
high CVE-2026-40591 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the phone-co… vulnerability nvd CVE-2026-40591 2026-04-21
high CVE-2026-41189 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, customer-thr… vulnerability nvd CVE-2026-41189 2026-04-21
high CVE-2026-41190 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, when `APP_SH… vulnerability nvd CVE-2026-41190 2026-04-21
high CVE-2026-41191 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, `MailboxesCo… vulnerability nvd CVE-2026-41191 2026-04-21
high CVE-2026-40588 — blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, the password change form at… vulnerability nvd CVE-2026-40588 2026-04-21
high CVE-2026-40611 — Let's Encrypt client and ACME library written in Go (Lego). Prior to 4.34.0, the webroot HTTP-01 cha… vulnerability nvd CVE-2026-40611 2026-04-21
high CVE-2026-41192 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the reply an… vulnerability nvd CVE-2026-41192 ransomware 2026-04-21
high CVE-2026-40613 — Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.10.0, the STUN/TURN… vulnerability nvd CVE-2026-40613 2026-04-21
high CVE-2026-40868 — Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to 1.16.4, ky… vulnerability nvd CVE-2026-40868 2026-04-21
high CVE-2026-40869 — Decidim is a participatory democracy framework. Starting in version 0.19.0 and prior to versions 0.3… vulnerability nvd CVE-2026-40869 2026-04-21
high CVE-2026-40870 — Decidim is a participatory democracy framework. Starting in version 0.0.1 and prior to versions 0.30… vulnerability nvd CVE-2026-40870 2026-04-21
high CVE-2026-40871 — mailcow: dockerized is an open source groupware/email suite based on docker. Versions prior to 2026-… vulnerability nvd CVE-2026-40871 2026-04-21
high CVE-2026-40879 — Nest is a framework for building scalable Node.js server-side applications. Prior to 11.1.19, when a… vulnerability nvd CVE-2026-40879 2026-04-21
high CVE-2026-40890 — The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering… vulnerability nvd CVE-2026-40890 2026-04-21
high CVE-2026-40909 — WWBN AVideo is an open source video platform. In versions 29.0 and prior, the locale save endpoint (… vulnerability nvd CVE-2026-40909 botnet, rce 2026-04-21
high CVE-2026-6819 — HKUDS OpenHarness prior to PR #156 remediation exposes plugin lifecycle commands including /plugin i… vulnerability nvd CVE-2026-6819 2026-04-21
high CVE-2026-21997 — Vulnerability in the Oracle Life Sciences Empirica Signal product of Oracle Life Science Application… vulnerability nvd CVE-2026-21997 2026-04-21
high CVE-2026-22007 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition produ… vulnerability nvd CVE-2026-22007, CVE-2026-22013, CVE-2026-22016, CVE-2026-22018, CVE-2026-22021, CVE-2026-34268, CVE-2026-34282 2026-04-21
high CVE-2026-22010 — Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Ora… vulnerability nvd CVE-2026-22010, CVE-2026-34310, CVE-2026-34313, CVE-2026-34314, CVE-2026-34321, CVE-2026-34325 2026-04-21
high CVE-2026-22011 — Vulnerability in the Oracle Applications DBA product of Oracle E-Business Suite (component: ADPatch)… vulnerability nvd CVE-2026-22011 2026-04-21
high CVE-2026-34291 — Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Core). Suppo… vulnerability nvd CVE-2026-34291 2026-04-21
high CVE-2026-34292 — Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). S… vulnerability nvd CVE-2026-34292 2026-04-21
high CVE-2026-34297 — Vulnerability in the Oracle HCM Common Architecture product of Oracle E-Business Suite (component: K… vulnerability nvd CVE-2026-34297 2026-04-21
high CVE-2026-34305 — Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Serv… vulnerability nvd CVE-2026-34305, CVE-2026-34315 2026-04-21
high CVE-2026-34309 — Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Secu… vulnerability nvd CVE-2026-34309 2026-04-21
high CVE-2026-34320 — Vulnerability in the Oracle Financial Services Customer Screening product of Oracle Financial Servic… vulnerability nvd CVE-2026-34320 2026-04-21
high CVE-2026-35229 — Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affect… vulnerability nvd CVE-2026-35229 2026-04-21
high CVE-2026-35230 — Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The su… vulnerability nvd CVE-2026-35230, CVE-2026-35242, CVE-2026-35245, CVE-2026-35246, CVE-2026-35247, CVE-2026-35248, CVE-2026-35249, CVE-2026-35250, CVE-2026-35251 2026-04-21
high CVE-2026-35231 — Vulnerability in the Oracle Financial Services Transaction Filtering product of Oracle Financial Ser… vulnerability nvd CVE-2026-35231 2026-04-21
high CVE-2026-35243 — Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middlew… vulnerability nvd CVE-2026-35243 2026-04-21
high CVE-2026-40905 — LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, a password reset poisonin… vulnerability nvd CVE-2026-40905 2026-04-21
high CVE-2026-40925 — WWBN AVideo is an open source video platform. In versions 29.0 and prior, `objects/configurationUpda… vulnerability nvd CVE-2026-40925 2026-04-21
high CVE-2026-6823 — HKUDS OpenHarness prior to PR #147 remediation contains an insecure default configuration vulnerabil… vulnerability nvd CVE-2026-6823 2026-04-21
high CVE-2026-40706 — In NTFS-3G 2022.10.3 before 2026.2.25, a heap buffer overflow exists in ntfs_build_permissions_posix… vulnerability nvd CVE-2026-40706 2026-04-21
high CVE-2026-40931 — Compressing is a compressing and uncompressing lib for node. Prior to 2.1.1 and 1.10.5, the patch fo… vulnerability nvd CVE-2026-40931 2026-04-21
high CVE-2026-6832 — Hermes WebUI contains an arbitrary file deletion vulnerability in the /api/session/delete endpoint t… vulnerability nvd CVE-2026-6832 2026-04-21
high CVE-2026-40926 — WWBN AVideo is an open source video platform. In versions 29.0 and prior, three admin-only JSON endp… vulnerability nvd CVE-2026-40926 2026-04-21
high CVE-2026-41055 — WWBN AVideo is an open source video platform. In versions 29.0 and below, an incomplete SSRF fix in… vulnerability nvd CVE-2026-41055 2026-04-21
high CVE-2026-41056 — WWBN AVideo is an open source video platform. In versions 29.0 and below, the `allowOrigin($allowAll… vulnerability nvd CVE-2026-41056 2026-04-21
high CVE-2026-41057 — WWBN AVideo is an open source video platform. In versions 29.0 and below, the CORS origin validation… vulnerability nvd CVE-2026-41057 botnet 2026-04-21
high CVE-2026-41058 — WWBN AVideo is an open source video platform. In versions 29.0 and below, the incomplete fix for AVi… vulnerability nvd CVE-2026-41058 botnet 2026-04-21
high CVE-2026-41060 — WWBN AVideo is an open source video platform. In versions 29.0 and below, the `isSSRFSafeURL()` func… vulnerability nvd CVE-2026-41060 2026-04-21
high CVE-2026-41133 — pyLoad is a free and open-source download manager written in Python. Versions up to and including 0.… vulnerability nvd CVE-2026-41133 2026-04-22
high CVE-2026-41135 — free5GC UDR is the Policy Control Function (PCF) for free5GC, an an open-source project for 5th gene… vulnerability nvd CVE-2026-41135 2026-04-22
high CVE-2026-22753 — Vulnerability in Spring Spring Security. If an application is using securityMatchers(String) and a P… vulnerability nvd CVE-2026-22753 2026-04-22
high CVE-2026-22754 — Vulnerability in Spring Spring Security. If an application uses <sec:intercept-url servlet-path="/se… vulnerability nvd CVE-2026-22754 2026-04-22
high CVE-2026-6022 — In Progress® Telerik® UI for AJAX prior to 2026.1.421, RadAsyncUpload contains an uncontrolled resou… vulnerability nvd CVE-2026-6022 2026-04-22
high CVE-2026-6023 — In Progress® Telerik® UI for AJAX versions 2024.4.1114 through 2026.1.421, the RadFilter control is… vulnerability nvd CVE-2026-6023 rce 2026-04-22
high CVE-2026-4132 — The HTTP Headers plugin for WordPress is vulnerable to External Control of File Name or Path leading… vulnerability nvd CVE-2026-4132 rce 2026-04-22
high CVE-2026-6846 — A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a speciall… vulnerability nvd CVE-2026-6846 2026-04-22
high CVE-2026-6855 — A flaw was found in InstructLab. A local attacker could exploit a path traversal vulnerability in th… vulnerability nvd CVE-2026-6855 2026-04-22
high CVE-2026-6857 — A flaw was found in camel-infinispan. This vulnerability involves unsafe deserialization in the Prot… vulnerability nvd CVE-2026-6857 2026-04-22
high CVE-2026-31450 — In the Linux kernel, the following vulnerability has been resolved: ext4: publish jinode after initi… vulnerability nvd CVE-2026-31450 botnet 2026-04-22
high CVE-2026-31456 — In the Linux kernel, the following vulnerability has been resolved: mm/pagewalk: fix race between co… vulnerability nvd CVE-2026-31456 botnet 2026-04-22
high CVE-2026-31479 — In the Linux kernel, the following vulnerability has been resolved: drm/xe: always keep track of rem… vulnerability nvd CVE-2026-31479 botnet 2026-04-22
high CVE-2026-31510 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix null-ptr-d… vulnerability nvd CVE-2026-31510 botnet 2026-04-22
high CVE-2026-33593 — A client can trigger a divide by zero error leading to crash by sending a crafted DNSCrypt query. vulnerability nvd CVE-2026-33593 2026-04-22
high CVE-2026-33608 — An attacker can send a notify request that causes a new secondary domain to be added to the bind bac… vulnerability nvd CVE-2026-33608 2026-04-22
high CVE-2026-41651 — PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way us… vulnerability nvd CVE-2026-41651 2026-04-22
high CVE-2026-6859 — A flaw was found in InstructLab. The `linux_train.py` script hardcodes `trust_remote_code=True` when… vulnerability nvd CVE-2026-6859 2026-04-22
high PowMix botnet targets Czech workforce advisory vendor-blogs botnet 2026-04-16
high Darktrace identifies ZionSiphon malware engineered for OT disruption in Israeli water sector environments advisory vendor-blogs ics 2026-04-21
high CISA warns organizations of supply chain compromise in Axios npm package delivering remote access trojan advisory vendor-blogs supply-chain 2026-04-21
high HSCC warns AI-driven supply chains are outpacing healthcare cybersecurity defenses and oversight models advisory vendor-blogs supply-chain 2026-04-20
high 967486f372064f8edc8695c91660fe436dadb2cd848a251268c8002fccd4f45c malware malware-bazaar 967486f372064f8e…, 177cb7e200e19e8a… 83-142-209-204, exe 2026-04-22
high 3e65e72b82055d6897cde37c80e4bf9fa04a14a88a8a59233fe6688486a1a31d.ps1 malware malware-bazaar 3e65e72b82055d68…, 51d9788d36bd5197… 83-142-209-204, ps1 2026-04-22
high 286640beb0eae8359a4c78ac95b293392943088c60823f7fc269a4488316d885.ps1 malware malware-bazaar 286640beb0eae835…, 83c0c504b4d2ca6d… 83-142-209-204, ps1, botnet 2026-04-22
high 04d05978fdb111358073ab0524e5c1fafc0826615c206987618416b8bd8a4747.zip malware malware-bazaar 1feea0fb9e74f08c…, d22d0f4b9e9f1c86… 83-142-209-204, stego, zip, botnet 2026-04-22
high update.ps1 malware malware-bazaar b95f31100a5e8a33…, 4ea1d81fa5a11e17… 107-173-143-107, ps1 2026-04-22
high archive0331.zip malware malware-bazaar 44671d56654521eb…, 1d23a84bbde85808… lauderdale-dollar-mar-forgot-trycloudflare-com, zip 2026-04-22
high Order List.js malware malware-bazaar 8c4758e6736950e0…, 3adeb1a915fa0151… 107-173-143-107, js 2026-04-22
high 69f215a8744582fdd7f1643be8fd8587cd6edb18834de.exe malware malware-bazaar 69f215a8744582fd…, 73d0fe59ff15619d… exe, RAT, ValleyRAT 2026-04-22
high 1aa21baefecada61d25cf01cd1eb681b.exe malware malware-bazaar f64ccc637b29a400…, 1aa21baefecada61… exe, RedLineStealer, infostealer 2026-04-22
high 最新版收菜软件【内部版】.exe malware malware-bazaar 26d67030c87fe261…, 9c256ee0d49b6d3d… exe, XRed, XRedRAT 2026-04-22
high 商家版.exe malware malware-bazaar 16f75af75110e7a9…, cb2d702aeb37410e… exe, XRed, XRedRAT 2026-04-22
high inst.880233900b.exe malware malware-bazaar 6326aadda1ea3106…, f5836b923aa05cfc… exe, SilverFox, Trojan/SilverFox.bm[lddel], ValleyRAT 2026-04-22
high Chormex33.exe malware malware-bazaar 2cae0bd8e9fc6d05…, 35956895c3e0e955… exe, SilverFox, ValleyRAT 2026-04-22
high ps.ps1 malware malware-bazaar 5c11f39ef919cbe0…, cc60ac8abcd3a80e… booking, lkgkdsjd-com, ps1, pulse-srvc-com 2026-04-22
high 21c07c68a32d37b4dfcdcf4d321e26105f7f41a079d7a6e9c66867737409a935.html malware malware-bazaar 21c07c68a32d37b4…, 338bbb92eac94516… booking, html, lkgkdsjd-com, pulse-srvc-com 2026-04-22
high addae6c82dd407f54d8c0fe9ee223d69011dd2f03cb3428de7ff411924a30f98.dll malware malware-bazaar addae6c82dd407f5…, 5b6ec12d8988d81a… exe, invalid-signature 2026-04-22
high buffer.zip malware malware-bazaar 6b829c2e656f8129…, 3e02a9db64f30f77… booking, HijackLoader, lkgkdsjd-com, pulse-srvc-com, shadowladder, zip 2026-04-22
high Same packet, different magic: Hits India's banking sector and Korea geopolitics threat-intel otx 172.81.60.97 | cc0ff7e25ea68617…, 5abac6560eeb77f7… espionage, chm files, backdoor, south korea diplomacy, lotuslite, dll sideloading, india banking, javascript loader, botnet 2026-04-22
high Mach-O Man Malware: What CISOs Need to Know threat-intel otx 172.86.113.102 | a73ce18952b40fd6… mach-o man, browser stealing, pylangghostrat, social engineering, macos, mach-o binaries, telegram exfiltration, credential theft, clickfix, fintech targeting, apt, phishing 2026-04-22
high Void Dokkaebi Uses Fake Job Interview Lure to Spread Malware via Code Repositories threat-intel otx 166.88.4.2, 85.239.62.36, 23.27.20.143, 23.27.202.27, 23.27.120.142, 154.91.0.196, 198.105.127.210, 83.168.68.219 | 834a92277f1bd82d…, a12957e7627cb19f… dev#popper rat, omnistealer, git history tampering, vs code exploitation, worm propagation, supply chain attack, fake job interview, blockchain infrastructure, invisibleferret, repository poisoning, north korea, developer targeting, beavertail, ottercookie, supply-chain 2026-04-21
high The Gentlemen & SystemBC: A Sneak Peek Behind the Proxy threat-intel otx fe1033335a045c69…, c9d004384de06bbc… cobalt-strike, domain-compromise, the gentlemen, psexec, systembc, esxi-encryption, lateral-movement, cobalt strike, anydesk, ransomware-as-a-service, mimikatz, group-policy-deployment, ransomware, botnet 2026-04-20
high Iranian APT Seedworm Targets Global Organizations via Microsoft Teams threat-intel otx ddf75e118db8a561…, f8560b9a893eeb21… muddywater infrastructure, in-memory execution, seedworm, microsoft teams, dindoor, social engineering, dindoor backdoor, iran apt, deno runtime, dinodance, apt, phishing, botnet 2026-04-17
high Takes Aim at the Ransomware Throne threat-intel otx d68ce82e82801cd4… aes encryption, blackbasta affiliates, edr evasion, blackbasta, spam bombing, direct system calls, payouts king, quick assist, microsoft teams, cactus, rsa encryption, ransomware, phishing 2026-04-17
high Dissecting macOS intrusion from lure to compromise threat-intel otx 83.136.209.22, 188.227.196.252, 104.145.210.107, 83.136.208.246, 83.136.208.48, 83.136.210.180 | a05400000843fbad… social engineering, north korea, systemupdate.app, tcc bypass, com.google.chromes.updaters, applescript, services, softwareupdate.app, cryptocurrency theft, com.apple.cli, macos, sapphire sleet, credential harvesting, icloudz, phishing 2026-04-17
high New npm supply-chain attack self-spreads to steal auth tokens news general-news supply-chain 2026-04-22
high Researchers Detect ZionSiphon Malware Targeting Israeli Water, Desalination OT Systems news general-news ics 2026-04-20
high Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic news general-news botnet 2026-04-16
high Mirai Botnet Targets Flaw in Discontinued D-Link Routers news general-news botnet 2026-04-22
high Are SBOMs Failing? Supply Chain Attacks Rise as Security Teams Struggle With SBOM Data news general-news supply-chain 2026-04-22
high ZionSiphon Malware Targets Water Infrastructure Systems news general-news ics 2026-04-20
high Attackers Exploit DVR Command Injection Flaw to Deploy Mirai-Based Botnet news general-news botnet 2026-04-20
high Why the Axios attack proves AI is mandatory for supply chain security news general-news supply-chain 2026-04-20
medium CVE-2026-3299 — The WP YouTube Lyte plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin… vulnerability nvd CVE-2026-3299 2026-04-16
medium CVE-2026-40962 — FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC (Common Encrypt… vulnerability nvd CVE-2026-40962 2026-04-16
medium CVE-2026-3885 — The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Si… vulnerability nvd CVE-2026-3885 2026-04-16
medium CVE-2026-3878 — The WP Docs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpdocs_option… vulnerability nvd CVE-2026-3878 2026-04-16
medium CVE-2026-4032 — The CodeColorer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' pa… vulnerability nvd CVE-2026-4032 2026-04-16
medium CVE-2026-5070 — The Vantage theme for WordPress is vulnerable to Stored Cross-Site Scripting via Gallery block text… vulnerability nvd CVE-2026-5070 2026-04-16
medium CVE-2026-22615 — Due to improper input validation in one of the Eaton Intelligent Power Protector (IPP) XML, it is po… vulnerability nvd CVE-2026-22615 2026-04-16
medium CVE-2026-22616 — Eaton Intelligent Power Protector (IPP) software allows repeated authentication attempts against the… vulnerability nvd CVE-2026-22616 2026-04-16
medium CVE-2026-22617 — Eaton Intelligent Power Protector (IPP) uses an insecure cookie configuration, which could allow a n… vulnerability nvd CVE-2026-22617 2026-04-16
medium CVE-2026-22618 — A security misconfiguration was identified in Eaton Intelligent Power Protector (IPP), where an HTTP… vulnerability nvd CVE-2026-22618 2026-04-16
medium CVE-2026-3551 — The Custom New User Notification plugin for WordPress is vulnerable to Stored Cross-Site Scripting v… vulnerability nvd CVE-2026-3551 2026-04-16
medium CVE-2026-3581 — The Basic Google Maps Placemarks plugin for WordPress is vulnerable to authorization bypass in versi… vulnerability nvd CVE-2026-3581 2026-04-16
medium CVE-2026-3595 — The Riaxe Product Customizer plugin for WordPress is vulnerable to authorization bypass in all versi… vulnerability nvd CVE-2026-3595 2026-04-16
medium CVE-2026-3773 — The Accessibility Suite by Ability, Inc plugin for WordPress is vulnerable to SQL Injection via the… vulnerability nvd CVE-2026-3773 2026-04-16
medium CVE-2025-13364 — The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for… vulnerability nvd CVE-2025-13364 2026-04-16
medium CVE-2026-1572 — The Livemesh Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of… vulnerability nvd CVE-2026-1572 2026-04-16
medium CVE-2026-3355 — The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scri… vulnerability nvd CVE-2026-3355 2026-04-16
medium CVE-2026-3861 — LINE client for iOS versions prior to 26.3.0 contains a vulnerability in the in-app browser where op… vulnerability nvd CVE-2026-3861 2026-04-16
medium CVE-2026-3875 — The BetterDocs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'betterdocs… vulnerability nvd CVE-2026-3875 2026-04-16
medium CVE-2026-3995 — The OPEN-BRAIN plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'API Key' s… vulnerability nvd CVE-2026-3995 2026-04-16
medium CVE-2026-41030 — In ONLYOFFICE DesktopEditors before 9.3.0, the update service allows attackers to perform actions on… vulnerability nvd CVE-2026-41030 2026-04-16
medium CVE-2026-41034 — ONLYOFFICE DocumentServer before 9.3.0 has an untrusted pointer dereference in XLS processing/conver… vulnerability nvd CVE-2026-41034 2026-04-16
medium CVE-2026-0718 — The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vu… vulnerability nvd CVE-2026-0718 2026-04-16
medium CVE-2025-6024 — The authentication endpoint fails to encode user-supplied input before rendering it in the web page,… vulnerability nvd CVE-2025-6024 2026-04-16
medium CVE-2025-12624 — Active access tokens are not revoked or invalidated when a user account is locked within WSO2 Identi… vulnerability nvd CVE-2025-12624 2026-04-16
medium CVE-2026-3369 — The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to Stored Cr… vulnerability nvd CVE-2026-3369 2026-04-16
medium CVE-2026-6414 — @fastify/static versions 8.0.0 through 9.1.0 decode percent-encoded path separators (%2F) before fil… vulnerability nvd CVE-2026-6414 2026-04-16
medium CVE-2026-4160 — The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin fo… vulnerability nvd CVE-2026-4160 2026-04-16
medium CVE-2026-6410 — @fastify/static versions 8.0.0 through 9.1.0 allow path traversal when directory listing is enabled… vulnerability nvd CVE-2026-6410 2026-04-16
medium CVE-2026-2840 — The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to… vulnerability nvd CVE-2026-2840 2026-04-16
medium CVE-2026-37100 — An issue in the Bluetooth Low Energy (BLE) control interface of the Yamaha SR-B30A sound bar firmwar… vulnerability nvd CVE-2026-37100 2026-04-16
medium CVE-2025-36579 — Dell Client Platform BIOS contains a Weak Password Recovery Mechanism vulnerability. An unauthentica… vulnerability nvd CVE-2025-36579 2026-04-16
medium CVE-2025-43883 — Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper check for unusual or excepti… vulnerability nvd CVE-2025-43883 2026-04-16
medium CVE-2026-24749 — The Silverstripe Assets Module is a required component of Silverstripe Framework. In versions prior… vulnerability nvd CVE-2026-24749 2026-04-16
medium CVE-2025-43935 — Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper resource shutdown or release… vulnerability nvd CVE-2025-43935 2026-04-16
medium CVE-2025-43937 — Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an insertion of sensitive information in… vulnerability nvd CVE-2025-43937 2026-04-16
medium CVE-2026-33472 — Cryptomator is an open-source client-side encryption application for cloud storage. Version 1.19.1 c… vulnerability nvd CVE-2026-33472 2026-04-16
medium CVE-2026-34164 — Valtimo is an open-source business process automation platform. In versions 13.0.0 through 13.21.0,… vulnerability nvd CVE-2026-34164 2026-04-16
medium CVE-2026-40253 — openCryptoki is a PKCS#11 library and provides tooling for Linux and AIX. In versions 3.26.0 and bel… vulnerability nvd CVE-2026-40253 2026-04-16
medium CVE-2026-40255 — AdonisJS HTTP Server is a package for handling HTTP requests in the AdonisJS framework. In @adonisjs… vulnerability nvd CVE-2026-40255 2026-04-16
medium CVE-2026-40265 — Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the asset downloa… vulnerability nvd CVE-2026-40265 2026-04-17
medium CVE-2026-40922 — SiYuan is an open-source personal knowledge management system. In versions 3.6.1 through 3.6.3, a pr… vulnerability nvd CVE-2026-40922 2026-04-17
medium CVE-2026-3488 — The WP Statistics plugin for WordPress is vulnerable to Missing Authorization in all versions up to,… vulnerability nvd CVE-2026-3488 2026-04-17
medium CVE-2026-4817 — The MasterStudy LMS WordPress Plugin for Online Courses and Education plugin for WordPress is vulner… vulnerability nvd CVE-2026-4817 2026-04-17
medium CVE-2026-5162 — The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via… vulnerability nvd CVE-2026-5162 ransomware 2026-04-17
medium CVE-2026-4666 — The wpForo Forum plugin for WordPress is vulnerable to unauthorized modification of data due to the… vulnerability nvd CVE-2026-4666 2026-04-17
medium CVE-2026-5052 — Vault’s PKI engine’s ACME validation did not reject local targets when issuing http-01 and tls-alpn-… vulnerability nvd CVE-2026-5052 2026-04-17
medium CVE-2026-3330 — The Form Maker by 10Web plugin for WordPress is vulnerable to SQL Injection via the 'ip_search', 'st… vulnerability nvd CVE-2026-3330 ransomware 2026-04-17
medium CVE-2026-4853 — The JetBackup – Backup, Restore & Migrate plugin for WordPress is vulnerable to Path Traversal leadi… vulnerability nvd CVE-2026-4853 2026-04-17
medium CVE-2026-5234 — The LatePoint plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions… vulnerability nvd CVE-2026-5234 2026-04-17
medium CVE-2026-5427 — The Kubio plugin for WordPress is vulnerable to Arbitrary File Upload in versions up to and includin… vulnerability nvd CVE-2026-5427 2026-04-17
medium CVE-2026-5502 — The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthori… vulnerability nvd CVE-2026-5502 2026-04-17
medium CVE-2026-6080 — The Tutor LMS plugin for WordPress is vulnerable to SQL Injection in versions up to and including 3.… vulnerability nvd CVE-2026-6080 2026-04-17
medium CVE-2026-5797 — The Quiz And Survey Master plugin for WordPress is vulnerable to Arbitrary Shortcode Execution in ve… vulnerability nvd CVE-2026-5797 ransomware 2026-04-17
medium CVE-2026-6441 — The Canto plugin for WordPress is vulnerable to Missing Authorization in versions up to and includin… vulnerability nvd CVE-2026-6441 2026-04-17
medium CVE-2026-40002 — Red Magic 11 Pro (NX809J) contains a vulnerability that allows non-privileged applications to trigge… vulnerability nvd CVE-2026-40002 2026-04-17
medium CVE-2026-6451 — The cms-fuer-motorrad-werkstaetten plugin for WordPress is vulnerable to Cross-Site Request Forgery… vulnerability nvd CVE-2026-6451 2026-04-17
medium CVE-2026-6439 — The VideoZen plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and… vulnerability nvd CVE-2026-6439 2026-04-17
medium CVE-2026-6494 — A flaw was found in the AAP MCP server. An unauthenticated remote attacker can exploit a log injecti… vulnerability nvd CVE-2026-6494 phishing 2026-04-17
medium CVE-2026-35072 — Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 th… vulnerability nvd CVE-2026-35072, CVE-2026-35073, CVE-2026-35074, CVE-2026-35153 2026-04-17
medium CVE-2026-6487 — A flaw has been found in Qihui jtbc5 CMS 5.0.3.6. Affected is an unknown function of the file /dev/c… vulnerability nvd CVE-2026-6487 2026-04-17
medium CVE-2026-6488 — A vulnerability was identified in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. This… vulnerability nvd CVE-2026-6488 2026-04-17
medium CVE-2026-6489 — A security flaw has been discovered in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593.… vulnerability nvd CVE-2026-6489 2026-04-17
medium CVE-2025-70795 — STProcessMonitor 11.11.4.0, part of the Safetica Application suite, allows an admin-privileged user… vulnerability nvd CVE-2025-70795 2026-04-17
medium CVE-2026-40458 — PAC4J is vulnerable to Cross-Site Request Forgery (CSRF). A malicious attacker can craft a specially… vulnerability nvd CVE-2026-40458 2026-04-17
medium CVE-2026-6491 — A security vulnerability has been detected in libvips up to 8.18.2. The affected element is the func… vulnerability nvd CVE-2026-6491 2026-04-17
medium CVE-2026-6492 — A vulnerability was detected in arnobt78 Hotel Booking Management System up to f8922d0e0f6ac1cc76197… vulnerability nvd CVE-2026-6492 botnet 2026-04-17
medium CVE-2026-41153 — In JetBrains Junie before 252.549.29 command execution was possible via malicious project file vulnerability nvd CVE-2026-41153 2026-04-17
medium CVE-2026-6496 — A vulnerability was found in prasathmani TinyFileManager up to 2.6. Affected is an unknown function… vulnerability nvd CVE-2026-6496 2026-04-17
medium CVE-2026-21709 — A vulnerability allowing a local attacker with administrator privileges to bypass Windows Driver Sig… vulnerability nvd CVE-2026-21709 2026-04-17
medium CVE-2026-6497 — A vulnerability was determined in prasathmani TinyFileManager up to 2.6. Affected by this vulnerabil… vulnerability nvd CVE-2026-6497 2026-04-17
medium CVE-2026-6437 — Improper neutralization of argument delimiters in the volume handling component in AWS EFS CSI Drive… vulnerability nvd CVE-2026-6437 2026-04-17
medium CVE-2026-31927 — Anviz CX7 Firmware is vulnerable to an authenticated CSV upload which allows path traversal to overw… vulnerability nvd CVE-2026-31927 2026-04-17
medium CVE-2026-32648 — Anviz CX2 Lite and CX7 are vulnerable to unauthenticated access that discloses debug configuration d… vulnerability nvd CVE-2026-32648 2026-04-17
medium CVE-2026-33093 — Anviz CX7 Firmware is vulnerable to an unauthenticated POST to the device that captures a photo with… vulnerability nvd CVE-2026-33093 2026-04-17
medium CVE-2026-33569 — Anviz CX2 Lite and CX7 administrative sessions occur over HTTP, enabling on‑path attackers to sniff… vulnerability nvd CVE-2026-33569 2026-04-17
medium CVE-2026-35061 — Anviz CX7 Firmware is vulnerable to the most recently captured test photo that can be retrieved with… vulnerability nvd CVE-2026-35061 2026-04-17
medium CVE-2026-33145 — xrdp is an open source RDP server. Versions through 0.10.5 allow an authenticated remote user to exe… vulnerability nvd CVE-2026-33145 2026-04-17
medium CVE-2026-40155 — The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. In… vulnerability nvd CVE-2026-40155 2026-04-17
medium CVE-2026-40293 — OpenFGA is an authorization/permission engine built for developers. In versions 0.1.4 through 1.13.1… vulnerability nvd CVE-2026-40293 ransomware 2026-04-17
medium CVE-2026-40301 — DOMSanitizer is a DOM/SVG/MathML Sanitizer for PHP 7.3+. Prior to version 1.0.10, DOMSanitizer::sani… vulnerability nvd CVE-2026-40301 2026-04-17
medium CVE-2026-40302 — zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, the… vulnerability nvd CVE-2026-40302, CVE-2026-40304 2026-04-17
medium CVE-2026-2434 — The Pz-LinkCard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blogcard'… vulnerability nvd CVE-2026-2434 2026-04-17
medium CVE-2026-40479 — Kimai is an open-source time tracking application. In versions 1.16.3 through 2.52.0, the escapeForH… vulnerability nvd CVE-2026-40479 2026-04-17
medium CVE-2026-40486 — Kimai is an open-source time tracking application. In versions 2.52.0 and below, the User Preference… vulnerability nvd CVE-2026-40486 2026-04-17
medium CVE-2026-40333 — libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, two funct… vulnerability nvd CVE-2026-40333 botnet 2026-04-18
medium CVE-2026-40335 — libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-o… vulnerability nvd CVE-2026-40335, CVE-2026-40338, CVE-2026-40339, CVE-2026-40340 2026-04-18
medium CVE-2026-40337 — The Sentry kernel is a high security level micro-kernel implementation made for high security embedd… vulnerability nvd CVE-2026-40337 2026-04-18
medium CVE-2026-40347 — Python-Multipart is a streaming multipart parser for Python. Versions prior to 0.0.26 have a denial… vulnerability nvd CVE-2026-40347 2026-04-18
medium CVE-2026-40483 — ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the Pledge Editor… vulnerability nvd CVE-2026-40483 2026-04-18
medium CVE-2026-40485 — ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the public API log… vulnerability nvd CVE-2026-40485 2026-04-18
medium CVE-2026-40593 — ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the User Editor (U… vulnerability nvd CVE-2026-40593 2026-04-18
medium CVE-2026-1559 — The Youzify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'checkin_place… vulnerability nvd CVE-2026-1559 2026-04-18
medium CVE-2026-1838 — The Hostel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shortcode_i… vulnerability nvd CVE-2026-1838 2026-04-18
medium CVE-2026-40490 — The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and async… vulnerability nvd CVE-2026-40490 2026-04-18
medium CVE-2026-40491 — gdown is a Google Drive public file/folder downloader. Versions prior to 5.2.2 are vulnerable to a P… vulnerability nvd CVE-2026-40491 rce 2026-04-18
medium CVE-2026-4801 — The Page Builder Gutenberg Blocks – CoBlocks plugin for WordPress is vulnerable to Stored Cross-Site… vulnerability nvd CVE-2026-4801 2026-04-18
medium CVE-2026-6048 — The Flipbox Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting vi… vulnerability nvd CVE-2026-6048 2026-04-18
medium CVE-2026-41253 — In iTerm2 through 3.6.9, displaying a .txt file can cause code execution via DCS 2000p and OSC 135 d… vulnerability nvd CVE-2026-41253 ransomware 2026-04-18
medium CVE-2026-41254 — Little CMS (lcms2) through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow… vulnerability nvd CVE-2026-41254 2026-04-18
medium CVE-2026-0894 — The Content Blocks (Custom Post Widget) plugin for WordPress is vulnerable to Stored Cross-Site Scri… vulnerability nvd CVE-2026-0894 2026-04-18
medium CVE-2026-2505 — The Categories Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions… vulnerability nvd CVE-2026-2505 2026-04-18
medium CVE-2026-2986 — The Contextual Related Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via t… vulnerability nvd CVE-2026-2986 2026-04-18
medium CVE-2026-40948 — The Keycloak authentication manager in `apache-airflow-providers-keycloak` did not generate or valid… vulnerability nvd CVE-2026-40948 2026-04-18
medium CVE-2026-0868 — The EMC – Easily Embed Calendly Scheduling Features plugin for WordPress is vulnerable to Stored Cro… vulnerability nvd CVE-2026-0868 2026-04-19
medium CVE-2026-6559 — A weakness has been identified in Wavlink WL-WN579A3 220323. This affects the function sub_401F80 of… vulnerability nvd CVE-2026-6559 2026-04-19
medium CVE-2026-6561 — A vulnerability was detected in EyouCMS up to 1.7.1. This issue affects the function edit_adminlogo… vulnerability nvd CVE-2026-6561 2026-04-19
medium CVE-2026-6564 — A vulnerability was found in EMQ EMQX Enterprise up to 6.1.0. The impacted element is an unknown fun… vulnerability nvd CVE-2026-6564 2026-04-19
medium CVE-2026-6571 — A weakness has been identified in kodcloud KodExplorer up to 4.52. Affected by this vulnerability is… vulnerability nvd CVE-2026-6571 2026-04-19
medium CVE-2026-6572 — A security vulnerability has been detected in Collabora KodExplorer up to 4.52. Affected by this iss… vulnerability nvd CVE-2026-6572 2026-04-19
medium CVE-2026-6573 — A vulnerability was detected in PHPEMS 11.0. This affects the function temppage of the file /app/exa… vulnerability nvd CVE-2026-6573 2026-04-19
medium CVE-2026-6576 — A vulnerability was determined in liangliangyy DjangoBlog up to 2.1.0.0. The affected element is the… vulnerability nvd CVE-2026-6576 2026-04-19
medium CVE-2026-6578 — A security flaw has been discovered in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknow… vulnerability nvd CVE-2026-6578 2026-04-19
medium CVE-2026-6579 — A weakness has been identified in liangliangyy DjangoBlog up to 2.1.0.0. This impacts an unknown fun… vulnerability nvd CVE-2026-6579 2026-04-19
medium CVE-2026-6583 — A vulnerability has been found in TransformerOptimus SuperAGI up to 0.0.14. This affects the functio… vulnerability nvd CVE-2026-6583 2026-04-19
medium CVE-2026-6584 — A vulnerability was found in TransformerOptimus SuperAGI up to 0.0.14. This vulnerability affects th… vulnerability nvd CVE-2026-6584 2026-04-20
medium CVE-2026-6585 — A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This issue affects the f… vulnerability nvd CVE-2026-6585 2026-04-20
medium CVE-2026-6586 — A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Impacted is the function… vulnerability nvd CVE-2026-6586 2026-04-20
medium CVE-2026-6587 — A security flaw has been discovered in vibrantlabsai RAGAS up to 0.4.3. The affected element is the… vulnerability nvd CVE-2026-6587 2026-04-20
medium CVE-2026-6588 — A weakness has been identified in serge-chat serge up to 1.4TB. The impacted element is the function… vulnerability nvd CVE-2026-6588 2026-04-20
medium CVE-2026-6589 — A security vulnerability has been detected in ComfyUI up to 0.13.0. This affects the function create… vulnerability nvd CVE-2026-6589 2026-04-20
medium CVE-2026-6590 — A vulnerability was detected in ComfyUI up to 0.13.0. This impacts the function get_model_preview of… vulnerability nvd CVE-2026-6590 2026-04-20
medium CVE-2026-6591 — A flaw has been found in ComfyUI up to 0.13.0. Affected is the function folder_paths.get_annotated_f… vulnerability nvd CVE-2026-6591 2026-04-20
medium CVE-2026-32957 — SD-330AC and AMC Manager provided by silex technology, Inc. contain a missing authentication for cri… vulnerability nvd CVE-2026-32957, CVE-2026-32962 2026-04-20
medium CVE-2026-32958 — SD-330AC and AMC Manager provided by silex technology, Inc. use a hard-coded cryptographic key. An a… vulnerability nvd CVE-2026-32958 2026-04-20
medium CVE-2026-32959 — SD-330AC and AMC Manager provided by silex technology, Inc. contain an issue with a use of a broken… vulnerability nvd CVE-2026-32959 2026-04-20
medium CVE-2026-32960 — SD-330AC and AMC Manager provided by silex technology, Inc. contain an issue with a sensitive inform… vulnerability nvd CVE-2026-32960 2026-04-20
medium CVE-2026-32964 — SD-330AC and AMC Manager provided by silex technology, Inc. contain an improper neutralization of CR… vulnerability nvd CVE-2026-32964 2026-04-20
medium CVE-2026-6598 — A security vulnerability has been detected in langflow-ai langflow up to 1.8.3. The affected element… vulnerability nvd CVE-2026-6598 2026-04-20
medium CVE-2026-6599 — A vulnerability was detected in langflow-ai langflow up to 1.8.3. The impacted element is the functi… vulnerability nvd CVE-2026-6599 2026-04-20
medium CVE-2026-6601 — A vulnerability has been found in Lagom WHMCS Template up to 2.4.2. This impacts an unknown function… vulnerability nvd CVE-2026-6601 2026-04-20
medium CVE-2026-6607 — A security vulnerability has been detected in lm-sys fastchat up to 0.2.36. This issue affects the f… vulnerability nvd CVE-2026-6607 botnet 2026-04-20
medium CVE-2026-6608 — A vulnerability was detected in lm-sys fastchat up to 0.2.36. Impacted is the function add_text of t… vulnerability nvd CVE-2026-6608 2026-04-20
medium CVE-2026-6609 — A flaw has been found in liangliangyy DjangoBlog up to 2.1.0.0. The affected element is the function… vulnerability nvd CVE-2026-6609 2026-04-20
medium CVE-2026-6612 — A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This impacts the functio… vulnerability nvd CVE-2026-6612 2026-04-20
medium CVE-2026-6613 — A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Affected is the function… vulnerability nvd CVE-2026-6613 2026-04-20
medium CVE-2026-6614 — A security flaw has been discovered in TransformerOptimus SuperAGI up to 0.0.14. Affected by this vu… vulnerability nvd CVE-2026-6614 2026-04-20
medium CVE-2026-41282 — ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL expression injection. This affects use of -env-var… vulnerability nvd CVE-2026-41282 2026-04-20
medium CVE-2026-6616 — A security vulnerability has been detected in TransformerOptimus SuperAGI up to 0.0.14. This affects… vulnerability nvd CVE-2026-6616 2026-04-20
medium CVE-2026-6617 — A vulnerability was detected in langgenius dify up to 0.6.9. This vulnerability affects the function… vulnerability nvd CVE-2026-6617 2026-04-20
medium CVE-2026-6618 — A flaw has been found in langgenius dify up to 1.13.3. This issue affects the function parse_openai_… vulnerability nvd CVE-2026-6618 2026-04-20
medium CVE-2026-6620 — A vulnerability was found in SonicCloudOrg sonic-server up to 2.0.0. The affected element is the fun… vulnerability nvd CVE-2026-6620 2026-04-20
medium CVE-2026-6626 — A vulnerability was detected in Cockpit-HQ Cockpit up to 2.13.5. Affected by this issue is some unkn… vulnerability nvd CVE-2026-6626 2026-04-20
medium CVE-2026-6628 — A flaw has been found in phili67 Ecclesia CRM up to 8.0.0. This affects the function ValidateInput o… vulnerability nvd CVE-2026-6628 2026-04-20
medium CVE-2026-6654 — Double-Free / Use-After-Free (UAF) in the `IntoIter::drop` and `ThinVec::clear` functions in the thi… vulnerability nvd CVE-2026-6654 2026-04-20
medium CVE-2026-6634 — A weakness has been identified in usememos memos up to 0.22.1. This affects the function memos_acces… vulnerability nvd CVE-2026-6634 2026-04-20
medium CVE-2026-6636 — A vulnerability was detected in p2r3 convert up to 6998584ace3e11db66dff0b423612a5cf91de75b. Affecte… vulnerability nvd CVE-2026-6636 2026-04-20
medium CVE-2025-66335 — Apache Doris MCP Server versions earlier than 0.6.1 are affected by an improper neutralization flaw… vulnerability nvd CVE-2025-66335 2026-04-20
medium CVE-2026-33558 — Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component… vulnerability nvd CVE-2026-33558 2026-04-20
medium CVE-2026-6649 — A vulnerability was determined in Qibo CMS 1.0. Affected by this issue is some unknown functionality… vulnerability nvd CVE-2026-6649 2026-04-20
medium CVE-2026-34429 — Vvveb prior to 1.0.8.1 contains a stored cross-site scripting vulnerability that allows authenticate… vulnerability nvd CVE-2026-34429 rce 2026-04-20
medium CVE-2026-40896 — OpenProject is open-source, web-based project management software. Prior to version 17.3.0, a user w… vulnerability nvd CVE-2026-40896 2026-04-20
medium CVE-2026-41245 — Junrar is an open source java RAR archive library. Prior to version 7.5.10, a path traversal vulnera… vulnerability nvd CVE-2026-41245 2026-04-20
medium CVE-2026-6650 — A vulnerability was identified in Z-BlogPHP 1.7.5. This affects the function App::UnPack of the file… vulnerability nvd CVE-2026-6650 2026-04-20
medium CVE-2026-6652 — A weakness has been identified in Pagekit CMS up to 1.0.18. This issue affects the function evaluate… vulnerability nvd CVE-2026-6652 2026-04-20
medium CVE-2025-66954 — A vulnerability exists in the Buffalo Link Station version 1.85-0.01 that allows unauthenticated or… vulnerability nvd CVE-2025-66954 2026-04-20
medium CVE-2026-22761 — Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain a command injection vulnerability. A… vulnerability nvd CVE-2026-22761 2026-04-20
medium CVE-2026-26942 — Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain(s) an Improper Neutralization of Spe… vulnerability nvd CVE-2026-26942 2026-04-20
medium CVE-2026-28684 — python-dotenv reads key-value pairs from a .env file and can set them as environment variables. Prio… vulnerability nvd CVE-2026-28684 2026-04-20
medium CVE-2026-35154 — Dell PowerProtect Data Domain appliances, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions… vulnerability nvd CVE-2026-35154 2026-04-20
medium CVE-2026-23752 — GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the template grou… vulnerability nvd CVE-2026-23752 2026-04-20
medium CVE-2026-23753 — GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the language mana… vulnerability nvd CVE-2026-23753 2026-04-20
medium CVE-2026-23756 — GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the Troubleshoote… vulnerability nvd CVE-2026-23756 2026-04-20
medium CVE-2026-23757 — GFI HelpDesk before 4.99.10 contains a stored cross-site scripting vulnerability in the Reports modu… vulnerability nvd CVE-2026-23757 2026-04-20
medium CVE-2026-26399 — A stack-use-after-return issue exists in the Arduino_Core_STM32 library prior to version 1.7.0. The… vulnerability nvd CVE-2026-26399 2026-04-20
medium CVE-2026-39112 — Cross Site Scripting vulnerability in Apartment Visitors Management System Apartment Visitors Manage… vulnerability nvd CVE-2026-39112 2026-04-20
medium CVE-2026-41389 — OpenClaw versions 2026.4.7 before 2026.4.15 fail to enforce local-root containment on tool-result me… vulnerability nvd CVE-2026-41389 2026-04-20
medium CVE-2026-6060 — A vulnerability in the SQL Box in the admin interface of OTRS leads to an uncontrolled resource cons… vulnerability nvd CVE-2026-6060 2026-04-20
medium CVE-2026-6550 — Cryptographic algorithm downgrade in the caching layer of Amazon AWS Encryption SDK for Python befor… vulnerability nvd CVE-2026-6550 2026-04-20
medium CVE-2026-29647 — In OpenXiangShan NEMU, insufficient Smstateen permission enforcement allows lower-privileged code to… vulnerability nvd CVE-2026-29647 2026-04-20
medium CVE-2026-4852 — The Image Source Control Lite – Show Image Credits and Captions plugin for WordPress is vulnerable t… vulnerability nvd CVE-2026-4852 2026-04-20
medium CVE-2026-6729 — HKUDS OpenHarness prior to PR #159 remediation contains a session key derivation vulnerability that… vulnerability nvd CVE-2026-6729 2026-04-20
medium CVE-2026-5721 — The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress i… vulnerability nvd CVE-2026-5721 2026-04-20
medium CVE-2026-35588 — Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Cassand… vulnerability nvd CVE-2026-35588 2026-04-21
medium CVE-2026-40045 — OpenClaw before 2026.4.2 accepts non-loopback cleartext ws:// gateway endpoints and transmits stored… vulnerability nvd CVE-2026-40045 2026-04-21
medium CVE-2026-41285 — In OpenBSD through 7.8, the slaacd and rad daemons have an infinite loop when they receive a crafted… vulnerability nvd CVE-2026-41285 2026-04-21
medium CVE-2026-41298 — OpenClaw before 2026.4.2 fails to enforce write scopes on the POST /sessions/:sessionKey/kill endpoi… vulnerability nvd CVE-2026-41298 2026-04-21
medium CVE-2026-41300 — OpenClaw before 2026.3.31 contains a trust-decline vulnerability that preserves attacker-discovered… vulnerability nvd CVE-2026-41300 2026-04-21
medium CVE-2026-41301 — OpenClaw versions 2026.3.22 before 2026.3.31 contain a signature verification bypass vulnerability i… vulnerability nvd CVE-2026-41301 2026-04-21
medium CVE-2026-41330 — OpenClaw before 2026.3.31 contains an environment variable override vulnerability in host exec polic… vulnerability nvd CVE-2026-41330 2026-04-21
medium CVE-2026-41331 — OpenClaw before 2026.3.31 contains a resource consumption vulnerability in Telegram audio preflight… vulnerability nvd CVE-2026-41331 2026-04-21
medium CVE-2026-39377 — The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja… vulnerability nvd CVE-2026-39377, CVE-2026-39378 2026-04-21
medium CVE-2026-39886 — OpenEXR provides the specification and reference implementation of the EXR file format, an image sto… vulnerability nvd CVE-2026-39886, CVE-2026-40244, CVE-2026-40250 2026-04-21
medium CVE-2026-6058 — ** UNSUPPORTED WHEN ASSIGNED ** An improper encoding or escaping vulnerability in the CGI program of… vulnerability nvd CVE-2026-6058 2026-04-21
medium CVE-2026-6674 — The Plugin: CMS für Motorrad Werkstätten plugin for WordPress is vulnerable to SQL Injection via the… vulnerability nvd CVE-2026-6674 2026-04-21
medium CVE-2026-6675 — The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to Una… vulnerability nvd CVE-2026-6675, CVE-2026-6703 2026-04-21
medium CVE-2026-31370 — Honor E APP is affected by information leak vulnerability, successful exploitation of this vulnerabi… vulnerability nvd CVE-2026-31370 2026-04-21
medium CVE-2026-6711 — The Website LLMs.txt plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 't… vulnerability nvd CVE-2026-6711 2026-04-21
medium CVE-2026-6712 — The Website LLMs.txt plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin set… vulnerability nvd CVE-2026-6712 2026-04-21
medium CVE-2026-6755 — Mitigation bypass in the DOM: postMessage component. This vulnerability was fixed in Firefox 150 and… vulnerability nvd CVE-2026-6755 2026-04-21
medium CVE-2026-6763 — Mitigation bypass in the File Handling component. This vulnerability was fixed in Firefox 150, Firef… vulnerability nvd CVE-2026-6763 2026-04-21
medium CVE-2026-6764 — Incorrect boundary conditions in the DOM: Device Interfaces component. This vulnerability was fixed… vulnerability nvd CVE-2026-6764 2026-04-21
medium CVE-2026-6765 — Information disclosure in the Form Autofill component. This vulnerability was fixed in Firefox 150,… vulnerability nvd CVE-2026-6765 2026-04-21
medium CVE-2026-6767 — Other issue in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox… vulnerability nvd CVE-2026-6767 2026-04-21
medium CVE-2026-6770 — Other issue in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 150, Firefo… vulnerability nvd CVE-2026-6770 2026-04-21
medium CVE-2026-6774 — Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150 and Th… vulnerability nvd CVE-2026-6774 2026-04-21
medium CVE-2026-6775 — Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150 a… vulnerability nvd CVE-2026-6775 2026-04-21
medium CVE-2026-6777 — Other issue in the Networking: DNS component. This vulnerability was fixed in Firefox 150 and Thunde… vulnerability nvd CVE-2026-6777 2026-04-21
medium CVE-2026-6778 — Invalid pointer in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150… vulnerability nvd CVE-2026-6778 ransomware 2026-04-21
medium CVE-2026-6779 — Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150 and Thun… vulnerability nvd CVE-2026-6779 2026-04-21
medium CVE-2026-6783 — Incorrect boundary conditions, integer overflow in the Audio/Video: Playback component. This vulnera… vulnerability nvd CVE-2026-6783 ransomware 2026-04-21
medium CVE-2025-1241 — Encrypted values in Fortra's GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior to v… vulnerability nvd CVE-2025-1241 2026-04-21
medium CVE-2025-31981 — HCL BigFix Service Management (SM) Discovery is vulnerable to unenforced encryption due to port 80 (… vulnerability nvd CVE-2025-31981 2026-04-21
medium CVE-2026-0971 — An improper session timeout issue in Fortra's GoAnywhere MFT prior to version 7.10.0 results in SAML… vulnerability nvd CVE-2026-0971 2026-04-21
medium CVE-2026-1089 — User‑Controlled HTTP Header in Fortra's GoAnywhere MFT prior to version 7.10.0 allows attackers to t… vulnerability nvd CVE-2026-1089 2026-04-21
medium CVE-2026-31013 — Dovestones Softwares ADPhonebook <4.0.1.1 has a reflected cross-site scripting (XSS) vulnerability i… vulnerability nvd CVE-2026-31013 2026-04-21
medium CVE-2026-31014 — Dovestones Softwares AD Self Update <4.0.0.5 is vulnerable to Cross Site Request Forgery (CSRF). The… vulnerability nvd CVE-2026-31014 2026-04-21
medium CVE-2026-40498 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthent… vulnerability nvd CVE-2026-40498, CVE-2026-40567 2026-04-21
medium CVE-2026-24176 — NVIDIA KAI Scheduler contains a vulnerability where an attacker could cause improper authorization t… vulnerability nvd CVE-2026-24176 2026-04-21
medium CVE-2026-25542 — Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. From 0.43… vulnerability nvd CVE-2026-25542 2026-04-21
medium CVE-2026-26067 — October is a Content Management System (CMS) and web platform. Prior to 3.7.14 and 4.1.10, a server-… vulnerability nvd CVE-2026-26067 2026-04-21
medium CVE-2026-26274 — October is a Content Management System (CMS) and web platform. Prior to 3.7.14 and 4.1.10, a vulnera… vulnerability nvd CVE-2026-26274 2026-04-21
medium CVE-2026-35451 — Twenty is an open source CRM. Prior to 1.20.6, a Stored Cross-Site Scripting (XSS) vulnerability exi… vulnerability nvd CVE-2026-35451 2026-04-21
medium CVE-2026-40566 — FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a Serve… vulnerability nvd CVE-2026-40566 2026-04-21
medium CVE-2026-40574 — OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Prior to 7.15.2… vulnerability nvd CVE-2026-40574 2026-04-21
medium CVE-2026-40590 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the Change C… vulnerability nvd CVE-2026-40590 2026-04-21
medium CVE-2026-40592 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the undo-sen… vulnerability nvd CVE-2026-40592 2026-04-21
medium CVE-2026-41183 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the assigned… vulnerability nvd CVE-2026-41183 2026-04-21
medium CVE-2026-40587 — blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, when a user changes their pa… vulnerability nvd CVE-2026-40587 2026-04-21
medium CVE-2026-40594 — pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev98, the set… vulnerability nvd CVE-2026-40594 2026-04-21
medium CVE-2026-40602 — The Home Assistant Command-line interface (hass-cli) is a command-line tool for Home Assistant. Up t… vulnerability nvd CVE-2026-40602 2026-04-21
medium CVE-2026-40606 — mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software… vulnerability nvd CVE-2026-40606 2026-04-21
medium CVE-2026-40608 — Next AI Draw.io is a next.js web application that integrates AI capabilities with draw.io diagrams.… vulnerability nvd CVE-2026-40608 2026-04-21
medium CVE-2026-41194 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the mailbox… vulnerability nvd CVE-2026-41194 2026-04-21
medium CVE-2026-22751 — Vulnerability in Spring Spring Security. Applications that explicitly configure One-Time Token login… vulnerability nvd CVE-2026-22751 2026-04-21
medium CVE-2026-6744 — A vulnerability was found in Bagisto up to 2.3.15. Affected is the function copy of the component Do… vulnerability nvd CVE-2026-6744 2026-04-21
medium CVE-2026-33812 — Parsing a malicious font file can cause excessive memory allocation. vulnerability nvd CVE-2026-33812 2026-04-21
medium CVE-2026-40889 — Frappe HR is an open-source human resources management solution (HRMS). Prior to versions 15.58.2 an… vulnerability nvd CVE-2026-40889 2026-04-21
medium CVE-2026-40907 — WWBN AVideo is an open source video platform. In versions 29.0 and prior, the endpoint `plugin/Live/… vulnerability nvd CVE-2026-40907 2026-04-21
medium CVE-2026-40908 — WWBN AVideo is an open source video platform. In versions 29.0 and prior, the file `git.json.php` at… vulnerability nvd CVE-2026-40908 2026-04-21
medium CVE-2026-41320 — Frappe HR is an open-source human resources management solution (HRMS). Prior to versions 15.54.0 an… vulnerability nvd CVE-2026-41320 2026-04-21
medium CVE-2026-21998 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported… vulnerability nvd CVE-2026-21998, CVE-2026-22002, CVE-2026-22005, CVE-2026-22009, CVE-2026-22017, CVE-2026-34267, CVE-2026-34272, CVE-2026-34278, CVE-2026-34303, CVE-2026-35240 2026-04-21
medium CVE-2026-21999 — Vulnerability in the XML Database component of Oracle Database Server. Supported versions that are a… vulnerability nvd CVE-2026-21999 2026-04-21
medium CVE-2026-22001 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). S… vulnerability nvd CVE-2026-22001, CVE-2026-22015 2026-04-21
medium CVE-2026-22003 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co… vulnerability nvd CVE-2026-22003 2026-04-21
medium CVE-2026-22004 — Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions th… vulnerability nvd CVE-2026-22004, CVE-2026-34304, CVE-2026-35236, CVE-2026-35237, CVE-2026-35238 2026-04-21
medium CVE-2026-22006 — Vulnerability in the PeopleSoft Enterprise HCM Human Resources product of Oracle PeopleSoft (compone… vulnerability nvd CVE-2026-22006, CVE-2026-34280 2026-04-21
medium CVE-2026-22019 — Vulnerability in the PeopleSoft Enterprise HCM Shared Components product of Oracle PeopleSoft (compo… vulnerability nvd CVE-2026-22019 2026-04-21
medium CVE-2026-34266 — Vulnerability in the PeopleSoft Enterprise HCM Absence Management product of Oracle PeopleSoft (comp… vulnerability nvd CVE-2026-34266 2026-04-21
medium CVE-2026-34269 — Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Port… vulnerability nvd CVE-2026-34269 2026-04-21
medium CVE-2026-34270 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plug… vulnerability nvd CVE-2026-34270, CVE-2026-34271, CVE-2026-34276 2026-04-21
medium CVE-2026-34273 — Vulnerability in Oracle GoldenGate (component: Libraries). Supported versions that are affected are… vulnerability nvd CVE-2026-34273 2026-04-21
medium CVE-2026-34274 — Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: User Interfa… vulnerability nvd CVE-2026-34274 2026-04-21
medium CVE-2026-34277 — Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Flui… vulnerability nvd CVE-2026-34277 2026-04-21
medium CVE-2026-34281 — Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported ver… vulnerability nvd CVE-2026-34281 2026-04-21
medium CVE-2026-34283 — Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: Identit… vulnerability nvd CVE-2026-34283 2026-04-21
medium CVE-2026-34284 — Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware (c… vulnerability nvd CVE-2026-34284 2026-04-21
medium CVE-2026-34293 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versio… vulnerability nvd CVE-2026-34293, CVE-2026-35239 2026-04-21
medium CVE-2026-34295 — Vulnerability in the PeopleSoft Enterprise SCM Purchasing product of Oracle PeopleSoft (component: P… vulnerability nvd CVE-2026-34295 2026-04-21
medium CVE-2026-34296 — Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply… vulnerability nvd CVE-2026-34296 supply-chain 2026-04-21
medium CVE-2026-34298 — Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Pe… vulnerability nvd CVE-2026-34298 2026-04-21
medium CVE-2026-34299 — Vulnerability in the PeopleSoft Enterprise FIN Maintenance Management product of Oracle PeopleSoft (… vulnerability nvd CVE-2026-34299, CVE-2026-34301 2026-04-21
medium CVE-2026-34300 — Vulnerability in the PeopleSoft Enterprise FIN Contracts product of Oracle PeopleSoft (component: Co… vulnerability nvd CVE-2026-34300 2026-04-21
medium CVE-2026-34302 — Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Workflow Loader)… vulnerability nvd CVE-2026-34302 2026-04-21
medium CVE-2026-34306 — Vulnerability in the PeopleSoft Enterprise FIN Project Costing product of Oracle PeopleSoft (compone… vulnerability nvd CVE-2026-34306 2026-04-21
medium CVE-2026-34307 — Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Work… vulnerability nvd CVE-2026-34307 2026-04-21
medium CVE-2026-34308 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: JSON). Supported versi… vulnerability nvd CVE-2026-34308 2026-04-21
medium CVE-2026-34317 — Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client). Supported… vulnerability nvd CVE-2026-34317, CVE-2026-34318, CVE-2026-34319 2026-04-21
medium CVE-2026-34323 — Vulnerability in the Oracle Life Sciences InForm product of Oracle Life Science Applications (compon… vulnerability nvd CVE-2026-34323, CVE-2026-34324 2026-04-21
medium CVE-2026-35232 — Vulnerability in Oracle Fusion Middleware (component: Dynamic Monitoring Service). Supported version… vulnerability nvd CVE-2026-35232 2026-04-21
medium CVE-2026-35234 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported… vulnerability nvd CVE-2026-35234 2026-04-21
medium CVE-2026-35235 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Supported versio… vulnerability nvd CVE-2026-35235 2026-04-21
medium CVE-2026-35241 — Vulnerability in the PeopleSoft Enterprise CS Student Records product of Oracle PeopleSoft (componen… vulnerability nvd CVE-2026-35241 2026-04-21
medium CVE-2026-35244 — Vulnerability in the Oracle Hyperion Infrastructure Technology product of Oracle Hyperion (component… vulnerability nvd CVE-2026-35244 2026-04-21
medium CVE-2026-35252 — Vulnerability in the Oracle Security Service product of Oracle Fusion Middleware (component: C Oracl… vulnerability nvd CVE-2026-35252 2026-04-21
medium CVE-2026-40910 — frp is a fast reverse proxy. From 0.43.0 to 0.68.0, frp contains an authentication bypass in the HTT… vulnerability nvd CVE-2026-40910 2026-04-21
medium CVE-2026-40923 — Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Prior to… vulnerability nvd CVE-2026-40923, CVE-2026-40924 2026-04-21
medium CVE-2026-40927 — Docmost is open-source collaborative wiki and documentation software. Prior to 0.80.0, when leaving… vulnerability nvd CVE-2026-40927 2026-04-21
medium CVE-2026-6796 — A vulnerability was determined in Sanluan PublicCMS up to 6.202506.d. Affected is the function log_l… vulnerability nvd CVE-2026-6796 2026-04-21
medium CVE-2026-6797 — A vulnerability was identified in Sanluan PublicCMS up to 6.202506.d. Affected by this vulnerability… vulnerability nvd CVE-2026-6797 2026-04-21
medium CVE-2026-1354 — Zero Motorcycles firmware versions 44 and prior enable an attacker to forcibly pair a device with th… vulnerability nvd CVE-2026-1354 2026-04-21
medium CVE-2026-41527 — KDE Kleopatra before 26.08.0 on Windows allows local users to obtain the privileges of a Kleopatra u… vulnerability nvd CVE-2026-41527 2026-04-21
medium CVE-2026-6799 — A security flaw has been discovered in Comfast CF-N1-S 2.6.0.1. Affected by this issue is some unkno… vulnerability nvd CVE-2026-6799 2026-04-21
medium CVE-2026-6829 — nesquena hermes-webui contains a trust-boundary failure vulnerability that allows authenticated atta… vulnerability nvd CVE-2026-6829 2026-04-21
medium CVE-2026-40928 — WWBN AVideo is an open source video platform. In versions 29.0 and prior, multiple AVideo JSON endpo… vulnerability nvd CVE-2026-40928 2026-04-21
medium CVE-2026-40929 — WWBN AVideo is an open source video platform. In versions 29.0 and prior, `objects/commentDelete.jso… vulnerability nvd CVE-2026-40929 ransomware 2026-04-21
medium CVE-2026-40935 — WWBN AVideo is an open source video platform. In versions 29.0 and prior, `objects/getCaptcha.php` a… vulnerability nvd CVE-2026-40935 2026-04-21
medium CVE-2026-41061 — WWBN AVideo is an open source video platform. In versions 29.0 and below, the `isValidDuration()` re… vulnerability nvd CVE-2026-41061 ransomware 2026-04-21
medium CVE-2026-41062 — WWBN AVideo is an open source video platform. In versions 29.0 and below, the directory traversal fi… vulnerability nvd CVE-2026-41062 2026-04-21
medium CVE-2026-41063 — WWBN AVideo is an open source video platform. In versions 29.0 and below, an incomplete XSS fix in A… vulnerability nvd CVE-2026-41063 2026-04-21
medium CVE-2026-41126 — BigBlueButton is an open-source virtual classroom. Versions prior to 3.0.24 have an Open Redirect th… vulnerability nvd CVE-2026-41126 2026-04-22
medium CVE-2026-41127 — BigBlueButton is an open-source virtual classroom. Versions prior to 3.0.24 have a missing authoriza… vulnerability nvd CVE-2026-41127 2026-04-22
medium CVE-2026-41131 — OpenFGA is an authorization/permission engine built for developers. Prior to version 1.14.1, in spec… vulnerability nvd CVE-2026-41131 2026-04-22
medium CVE-2026-6833 — The a+HRD developed by aEnrich has a SQL Injection vulnerability, allowing authenticated remote atta… vulnerability nvd CVE-2026-6833 2026-04-22
medium CVE-2026-6834 — The a+HRD developed by aEnrich has a Missing Authorization vulnerability, allowing authenticated rem… vulnerability nvd CVE-2026-6834 2026-04-22
medium CVE-2026-6835 — The a+HCM developed by aEnrich has an Arbitrary File Upload vulnerability, allowing unauthenticated… vulnerability nvd CVE-2026-6835 2026-04-22
medium CVE-2026-22747 — Vulnerability in Spring Spring Security. SubjectX500PrincipalExtractor does not correctly handle cer… vulnerability nvd CVE-2026-22747 2026-04-22
medium CVE-2026-22748 — Vulnerability in Spring Spring Security. When an application configures JWT decoding with NimbusJwtD… vulnerability nvd CVE-2026-22748 2026-04-22
medium CVE-2026-40448 — Potential Integer overflow in tensor allocation size calculation could lead to insufficient memory a… vulnerability nvd CVE-2026-40448 2026-04-22
medium CVE-2026-40449 — Integer overflow in buffer size calculation could result in out of bounds memory access when handlin… vulnerability nvd CVE-2026-40449 2026-04-22
medium CVE-2026-40450 — Integer overflow in output tensor copy size calculation in Samsung Open Source ONE could cause incor… vulnerability nvd CVE-2026-40450 2026-04-22
medium CVE-2026-41664 — Integer overflow in memory copy size calculation in Samsung Open Source ONE could lead to invalid me… vulnerability nvd CVE-2026-41664 2026-04-22
medium CVE-2026-41665 — Integer overflow in scratch buffer initialization size calculation in Samsung Open Source ONE cause… vulnerability nvd CVE-2026-41665 2026-04-22
medium CVE-2026-41666 — Integer overflow in tensor copy size calculation in Samsung Open Source ONE could lead to out of bou… vulnerability nvd CVE-2026-41666 2026-04-22
medium CVE-2026-41667 — Integer overflow in constant tensor data size calculation in Samsung Open Source ONE could cause inc… vulnerability nvd CVE-2026-41667 2026-04-22
medium CVE-2026-6839 — Improper validation of STRING tensor offsets could allows malformed string metadata to trigger out o… vulnerability nvd CVE-2026-6839 2026-04-22
medium CVE-2026-6840 — Missing bounds validation for operator could allow out of range operator-code lookup during model lo… vulnerability nvd CVE-2026-6840 2026-04-22
medium CVE-2026-1379 — The HTTP Headers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin setting… vulnerability nvd CVE-2026-1379 2026-04-22
medium CVE-2026-1845 — The Real Estate Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin sett… vulnerability nvd CVE-2026-1845 2026-04-22
medium CVE-2026-2714 — The Institute Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '… vulnerability nvd CVE-2026-2714 2026-04-22
medium CVE-2026-2717 — The HTTP Headers plugin for WordPress is vulnerable to CRLF Injection in all versions up to, and inc… vulnerability nvd CVE-2026-2717 2026-04-22
medium CVE-2026-2719 — The Private WP suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Exce… vulnerability nvd CVE-2026-2719 2026-04-22
medium CVE-2026-3362 — The Short Comment Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '… vulnerability nvd CVE-2026-3362 2026-04-22
medium CVE-2026-4074 — The Quran Live Multilanguage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via t… vulnerability nvd CVE-2026-4074 2026-04-22
medium CVE-2026-4076 — The Slider Bootstrap Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via… vulnerability nvd CVE-2026-4076 2026-04-22
medium CVE-2026-4082 — The ER Swiffy Insert plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the [swif… vulnerability nvd CVE-2026-4082 2026-04-22
medium CVE-2026-4085 — The Easy Social Photos Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via… vulnerability nvd CVE-2026-4085 2026-04-22
medium CVE-2026-4088 — The Switch CTA Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wppw_c… vulnerability nvd CVE-2026-4088 2026-04-22
medium CVE-2026-4089 — The Twittee Text Tweet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id… vulnerability nvd CVE-2026-4089 2026-04-22
medium CVE-2026-4090 — The Inquiry Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up… vulnerability nvd CVE-2026-4090 2026-04-22
medium CVE-2026-4117 — The CalJ plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and incl… vulnerability nvd CVE-2026-4117 2026-04-22
medium CVE-2026-4118 — The Call To Action Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all ve… vulnerability nvd CVE-2026-4118 2026-04-22
medium CVE-2026-4121 — The Kcaptcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to… vulnerability nvd CVE-2026-4121 2026-04-22
medium CVE-2026-4125 — The WPMK Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' sho… vulnerability nvd CVE-2026-4125 2026-04-22
medium CVE-2026-4126 — The Table Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versio… vulnerability nvd CVE-2026-4126 2026-04-22
medium CVE-2026-4128 — The TP Restore Categories And Taxonomies plugin for WordPress is vulnerable to Missing Authorization… vulnerability nvd CVE-2026-4128 2026-04-22
medium CVE-2026-4131 — The WP Responsive Popup + Optin plugin for WordPress is vulnerable to Cross-Site Request Forgery in… vulnerability nvd CVE-2026-4131 2026-04-22
medium CVE-2026-4133 — The TextP2P Texting Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all v… vulnerability nvd CVE-2026-4133 2026-04-22
medium CVE-2026-4138 — The DX Unanswered Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all v… vulnerability nvd CVE-2026-4138 2026-04-22
medium CVE-2026-4139 — The mCatFilter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up t… vulnerability nvd CVE-2026-4139 2026-04-22
medium CVE-2026-4140 — The Ni WooCommerce Order Export plugin for WordPress is vulnerable to Cross-Site Request Forgery in… vulnerability nvd CVE-2026-4140 2026-04-22
medium CVE-2026-4142 — The Sentence To SEO (keywords, description and tags) plugin for WordPress is vulnerable to Stored Cr… vulnerability nvd CVE-2026-4142 2026-04-22
medium CVE-2026-4279 — The Bread & Butter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'breadb… vulnerability nvd CVE-2026-4279 2026-04-22
medium CVE-2026-4280 — The Breaking News WP plugin for WordPress is vulnerable to Local File Inclusion in all versions up t… vulnerability nvd CVE-2026-4280 2026-04-22
medium CVE-2026-4353 — The CI HUB Connector plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id'… vulnerability nvd CVE-2026-4353 2026-04-22
medium CVE-2026-5748 — The Text Snippets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's… vulnerability nvd CVE-2026-5748 2026-04-22
medium CVE-2026-5767 — The SlideShowPro SC plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin… vulnerability nvd CVE-2026-5767 2026-04-22
medium CVE-2026-5820 — The Zypento Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table o… vulnerability nvd CVE-2026-5820 2026-04-22
medium CVE-2026-6041 — The Buzz Comments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Custom… vulnerability nvd CVE-2026-6041 2026-04-22
medium CVE-2026-6236 — The Posts map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' short… vulnerability nvd CVE-2026-6236 2026-04-22
medium CVE-2026-6246 — The Simple Random Posts Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting… vulnerability nvd CVE-2026-6246 2026-04-22
medium CVE-2026-6294 — The Google PageRank Display plugin for WordPress is vulnerable to Cross-Site Request Forgery in vers… vulnerability nvd CVE-2026-6294 ransomware 2026-04-22
medium CVE-2026-6396 — The Fast & Fancy Filter – 3F plugin for WordPress is vulnerable to Cross-Site Request Forgery in ver… vulnerability nvd CVE-2026-6396 2026-04-22
medium CVE-2026-6843 — A flaw was found in nano. A local user could exploit a format string vulnerability in the `statuslin… vulnerability nvd CVE-2026-6843 ransomware 2026-04-22
medium CVE-2026-6844 — A flaw was found in the `readelf` utility of the binutils package. A local attacker could exploit tw… vulnerability nvd CVE-2026-6844 2026-04-22
medium CVE-2026-6845 — A flaw was found in binutils, specifically within the `readelf` utility. This vulnerability allows a… vulnerability nvd CVE-2026-6845 2026-04-22
medium CVE-2026-1395 — The Gutentools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Slider… vulnerability nvd CVE-2026-1395 2026-04-22
medium CVE-2026-1913 — The Gallagher Website Design plugin for WordPress is vulnerable to Stored Cross-Site Scripting via t… vulnerability nvd CVE-2026-1913 2026-04-22
medium CVE-2026-1930 — The Emailchef plugin for WordPress is vulnerable to unauthorized modification of data due to a missi… vulnerability nvd CVE-2026-1930 2026-04-22
medium CVE-2026-33256 — An attacker can send a web request that causes unlimited memory allocation in the internal web serve… vulnerability nvd CVE-2026-33256, CVE-2026-33257, CVE-2026-33260 2026-04-22
medium CVE-2026-33258 — By publishing and querying a crafted zone an attacker can cause allocation of large entries in the n… vulnerability nvd CVE-2026-33258 2026-04-22
medium CVE-2026-33259 — Having many concurrent transfers of the same RPZ can lead to inconsistent RPZ data, use after free a… vulnerability nvd CVE-2026-33259 2026-04-22
medium CVE-2026-33261 — A zone transition from NSEC to NSEC3 might trigger an internal inconsistency and cause a denial of s… vulnerability nvd CVE-2026-33261 2026-04-22
medium CVE-2026-33262 — An attacker can send replies that result in a null pointer dereference, caused by a missing consiste… vulnerability nvd CVE-2026-33262 2026-04-22
medium CVE-2026-33600 — An RPZ sent by a malicious authoritative server can result in a null pointer dereference, caused by… vulnerability nvd CVE-2026-33600 2026-04-22
medium CVE-2026-33601 — If you use the zoneToCache function with a malicious authoritative server, an attacker can send a zo… vulnerability nvd CVE-2026-33601 2026-04-22
medium CVE-2026-6848 — A flaw was found in Red Hat Quay. When Red Hat Quay requests password re-verification for sensitive… vulnerability nvd CVE-2026-6848 ransomware 2026-04-22
medium CVE-2026-33254 — An attacker can create a large number of concurrent DoQ or DoH3 connections, causing unlimited memor… vulnerability nvd CVE-2026-33254 2026-04-22
medium CVE-2026-33594 — A client can trigger excessive memory allocation by generating a lot of queries that are routed to a… vulnerability nvd CVE-2026-33594 2026-04-22
medium CVE-2026-33595 — A client can trigger excessive memory allocation by generating a lot of errors responses over a sing… vulnerability nvd CVE-2026-33595 2026-04-22
medium CVE-2026-33598 — A cached crafted response can cause an out-of-bounds read if custom Lua code calls getDomainListByAd… vulnerability nvd CVE-2026-33598 2026-04-22
medium CVE-2026-33602 — A rogue backend can send a crafted UDP response with a query ID off by one related to the maximum co… vulnerability nvd CVE-2026-33602 2026-04-22
medium CVE-2026-33609 — Incomplete escaping of LDAP queries when running with 8bit-dns enabled allows users to perform queri… vulnerability nvd CVE-2026-33609 2026-04-22
medium CVE-2026-33610 — A rogue primary server may cause file descriptor exhaustion and eventually a denial of service, when… vulnerability nvd CVE-2026-33610 2026-04-22
medium CVE-2026-33611 — An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS… vulnerability nvd CVE-2026-33611 2026-04-22
medium CVE-2026-6861 — A flaw was found in GNU Emacs. This vulnerability, a memory corruption issue, occurs when Emacs proc… vulnerability nvd CVE-2026-6861 2026-04-22
medium CVE-2026-6862 — A flaw was found in libefiboot, a component of efivar. The device path node parser in libefiboot fai… vulnerability nvd CVE-2026-6862 2026-04-22
medium IR Trends Q1 2026: Phishing reemerges as top initial access vector, as attacks targeting public administration persist advisory vendor-blogs phishing 2026-04-22
medium [Podcast] It's not you, it's your printer: State-sponsored and phishing threats in 2025 advisory vendor-blogs phishing 2026-04-21
medium Phishing and MFA exploitation: Targeting the keys to the kingdom advisory vendor-blogs phishing 2026-04-21
medium payload: undefined threat-intel threatfox EnmityStealer, ClickFix, finger-tcp79, fingerfix, win.fingerfix, finger-delivery, Mirax 2026-04-22
medium New NGate variant hides in a trojanized NFC payment app threat-intel otx 108.165.230.223 | 6e3eea7fb31b8e81…, d142bb04f32a50db… handypay trojanization, brazil targeting, ngate, fake lottery, nfc relay, ai-generated code, pin theft, phantomcard, payment card fraud, ransomware, botnet 2026-04-21
medium March 2026 Phishing Email Trends Report threat-intel otx 0e9bd0c9991b21b1… agenttesla, phishing email, trojan campaigns, fake invoices, remcosrat, script-based attacks, credential theft, html phishing, phishing, botnet, infostealer 2026-04-22
medium Highly destructive Lotus Wiper used in a targeted attack threat-intel otx c6d0f67db6a7dbf1… destructive attack, targeted campaign, critical infrastructure, batch scripts, venezuela, disk wiping, lotus wiper, energy sector, ransomware 2026-04-21
medium Nightmare-Eclipse Tooling Seen in Real-World Intrusion threat-intel otx CVE-2026-33825 | 78.29.48.29, 212.232.23.69 | a2b6c7a9c4490df7… undefend, beigeburrow, nightmare-eclipse, cve-2026-33825, redsun, windows defender bypass, bluehammer, fortigate vpn, privilege escalation 2026-04-20
medium macOS ClickFix Campaign: AppleScript Stealers & New Terminal Protections threat-intel otx 172.94.9.250, 172.94.9.250 | c07a15640065580e…, e12285f507c847b9… clickfix, macos, session hijacking, credential harvesting, cryptocurrency wallet theft, applescript, social engineering, browser data exfiltration, infostealer, phishing 2026-04-21
medium Abusing OAuth Device Code Flow threat-intel otx persistent access, microsoft entra id, device code flow, graph api, oauth, phishing, credential theft, token hijacking 2026-04-20
medium StepDrainer MaaS Platform Targeting Multi-Chain Crypto Wallets and NFT Assets threat-intel otx 7fd19c564761e2c8… smart contract, stager api, stepdrainer, maas, infostealer, crypto 2026-04-21
medium Zero-Day Local Privilege Escalation Exploit threat-intel otx 57a70c383feb9af6…, 7933bb74a2b3289e… redsun, redsun.exe, microsoft defender, windows, zero-day, system access, privilege escalation, tieringengineservice, filesystem manipulation, zeroday 2026-04-21
medium FlowerStorm Phishing Kit Targeting Microsoft Credentials via Cloudflare-Backed Infrastructure threat-intel otx flowerstorm, iocs, cloudflare, phishing 2026-04-20
medium FakeWallet crypto stealer spreading in the App Store threat-intel otx fd0dc5d4bba740c7… provisioning profiles, fakewallet, chinese targeting, enterprise certificates, ios, phishing apps, cryptocurrency, sparkkitty, phishing, supply-chain 2026-04-20
medium Untangling a Linux Incident With an OpenAI Twist threat-intel otx CVE-2025-47812 | 62.60.246.210 codex ai, multi-actor, living-off-the-land, linux compromise, edr evasion, credential theft, monero mining, cryptominer, phishing 2026-04-17
medium From fake Proton VPN sites to gaming mods, this Windows infostealer is everywhere threat-intel otx e97cb6cbcf2583fe…, 15b2bb2a3d57e255… nwhstealer, fake vpn, dll hijacking, infostealer, process injection, cryptocurrency wallet theft, browser data theft, uac bypass, cryptocurrency theft, fake websites, botnet 2026-04-17
medium Operation PhantomCLR: Stealth Execution via AppDomain Hijacking and In-Memory .NET Abuse threat-intel otx f2266b45d60f5443…, c84e5bb76d90607b… financial sector, reflective loading, jit trampolining, middle east targeting, cloudfront domain fronting, syscall usage, sandbox evasion, appdomainmanager hijacking, apt, phishing, botnet 2026-04-18
medium Joomla SEO Spam Injector: Obfuscated PHP Backdoor Hijacking Site Visitors threat-intel otx obfuscation, php backdoor, dynamic content injection, remote loader, joomla, search engine manipulation, command-and-control, seo spam, ransomware, botnet 2026-04-17
medium Direct-Sys Loader and CGrabber Stealer Five-Stage Malware Chain threat-intel otx fd8bba8b570050cb…, ed770654eb36947e… information stealer, cryptocurrency theft, syscall, direct-sys loader, cgrabber stealer, anti-analysis, dll sideloading, github distribution 2026-04-17
medium Beyond the breach: inside a cargo theft actor's post-compromise playbook threat-intel otx f4977bfeae2a957a…, 03b8a9da7ca89c13… cargo theft, freight fraud, screenconnect, rmm tools, transportation targeting, cryptocurrency stealer, load board compromise, signing-as-a-service, ransomware 2026-04-16
medium CVE-2026-39987 update: How attackers weaponized marimo to deploy a blockchain botnet via HuggingFace threat-intel otx CVE-2017-5638, CVE-2026-39987 | 111.90.145.139, 160.30.128.96, 185.225.17.176, 38.147.173.172, 120.227.46.184, 185.187.207.193, 45.147.97.11, 60.249.14.39, 92.208.115.60 | f2960805f89990cb…, bdcb5867f73beae8… huggingface, cve-2026-39987, nkn blockchain, marimo, botnet, rce, supply-chain 2026-04-16
medium [Webinar] Eliminate Ghost Identities Before They Expose Your Enterprise Data news general-news phishing 2026-04-18
medium Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Finance, Crypto Attacks news general-news phishing 2026-04-16
medium Tycoon 2FA Phishers Scatter, Adopt Device Code Phishing news general-news phishing 2026-04-17
medium Surge in Silent Subject Phishing Attacks Targets VIP Users news general-news phishing 2026-04-22
low CVE-2026-40505 — MuPDF before 1.27 contains an ANSI injection vulnerability in mutool that allows attackers to inject… vulnerability nvd CVE-2026-40505 ransomware, phishing 2026-04-16
low CVE-2026-3155 — The OneSignal – Web Push Notifications plugin for WordPress is vulnerable to authorization bypass in… vulnerability nvd CVE-2026-3155 2026-04-16
low CVE-2026-41080 — libexpat before 2.7.6 uses insufficient entropy, and thus hash flooding can occur via a crafted XML… vulnerability nvd CVE-2026-41080 2026-04-16
low CVE-2026-40263 — Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the login endpoin… vulnerability nvd CVE-2026-40263 2026-04-17
low CVE-2026-6486 — A vulnerability was detected in classroombookings up to 2.17.0. This impacts the function read of th… vulnerability nvd CVE-2026-6486 ransomware 2026-04-17
low CVE-2026-6493 — A flaw has been found in lukevella rallly up to 4.7.4. This affects an unknown function of the file… vulnerability nvd CVE-2026-6493 2026-04-17
low CVE-2026-33436 — Stirling-PDF is a locally hosted web application that facilitates various operations on PDF files. I… vulnerability nvd CVE-2026-33436 2026-04-17
low CVE-2026-40334 — libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, a missing… vulnerability nvd CVE-2026-40334 2026-04-18
low CVE-2026-40336 — libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have a memory… vulnerability nvd CVE-2026-40336 botnet 2026-04-18
low CVE-2026-40341 — libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, an out of… vulnerability nvd CVE-2026-40341 2026-04-18
low CVE-2026-32690 — Secrets in Variables saved as JSON dictionaries were not properly redacted - in case thee variables… vulnerability nvd CVE-2026-32690 2026-04-18
low CVE-2026-6570 — A security flaw has been discovered in kodcloud KodExplorer up to 4.52. Affected is the function ini… vulnerability nvd CVE-2026-6570 2026-04-19
low CVE-2026-6592 — A vulnerability has been found in ComfyUI up to 0.13.0. Affected by this vulnerability is the functi… vulnerability nvd CVE-2026-6592 2026-04-20
low CVE-2026-6593 — A vulnerability was found in ComfyUI up to 0.13.0. Affected by this issue is some unknown functional… vulnerability nvd CVE-2026-6593 2026-04-20
low CVE-2026-6597 — A weakness has been identified in langflow-ai langflow up to 1.8.3. Impacted is the function remove_… vulnerability nvd CVE-2026-6597 2026-04-20
low CVE-2026-6600 — A flaw has been found in langflow-ai langflow up to 1.8.3. This affects an unknown function of the f… vulnerability nvd CVE-2026-6600 2026-04-20
low CVE-2026-6610 — A vulnerability has been found in liangliangyy DjangoBlog up to 2.1.0.0. The impacted element is an… vulnerability nvd CVE-2026-6610 2026-04-20
low CVE-2026-6611 — A vulnerability was found in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknown function… vulnerability nvd CVE-2026-6611 2026-04-20
low CVE-2026-6619 — A vulnerability has been found in langgenius dify up to 1.13.3. Impacted is the function openInNewTa… vulnerability nvd CVE-2026-6619 2026-04-20
low CVE-2026-6622 — A vulnerability was identified in BichitroGan ISP Billing Software 2025.3.20. This affects an unknow… vulnerability nvd CVE-2026-6622 2026-04-20
low CVE-2026-6623 — A security flaw has been discovered in BichitroGan ISP Billing Software 2025.3.20. This impacts an u… vulnerability nvd CVE-2026-6623 2026-04-20
low CVE-2026-6624 — A weakness has been identified in BichitroGan ISP Billing Software 2025.3.20. Affected is an unknown… vulnerability nvd CVE-2026-6624 2026-04-20
low CVE-2026-6633 — A security flaw has been discovered in Yifang CMS up to 2.0.5. The impacted element is the function… vulnerability nvd CVE-2026-6633 2026-04-20
low CVE-2026-6648 — A vulnerability was found in Qibo CMS 1.0. Affected by this vulnerability is an unknown functionalit… vulnerability nvd CVE-2026-6648 2026-04-20
low CVE-2026-6651 — A security flaw has been discovered in erponline.xyz ERP Online up to 4.0.0. This vulnerability affe… vulnerability nvd CVE-2026-6651 2026-04-20
low CVE-2026-39396 — OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, `Extract… vulnerability nvd CVE-2026-39396 2026-04-21
low CVE-2026-31369 — PcManager is affected by type privilege bypass, successful exploitation of this vulnerability may af… vulnerability nvd CVE-2026-31369 2026-04-21
low CVE-2025-31958 — HCL BigFix Service Management is susceptible to HTTP Request Smuggling. HTTP request smuggling vulne… vulnerability nvd CVE-2025-31958 2026-04-21
low CVE-2026-27937 — October is a Content Management System (CMS) and web platform. Prior to 3.7.16 and 4.1.16, a reflect… vulnerability nvd CVE-2026-27937 2026-04-21
low CVE-2026-29179 — October is a Content Management System (CMS) and web platform. Prior to 3.7.16 and 4.1.16, fine-grai… vulnerability nvd CVE-2026-29179 2026-04-21
low CVE-2026-40279 — BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3,… vulnerability nvd CVE-2026-40279 2026-04-21
low CVE-2026-6743 — A vulnerability has been found in WebSystems WebTOTUM 2026. This impacts an unknown function of the… vulnerability nvd CVE-2026-6743 2026-04-21
low CVE-2026-6745 — A vulnerability was determined in Bagisto up to 2.3.15. Affected by this vulnerability is an unknown… vulnerability nvd CVE-2026-6745 2026-04-21
low CVE-2026-22008 — Vulnerability in Oracle Java SE (component: Libraries). The supported version that is affected is Or… vulnerability nvd CVE-2026-22008 2026-04-21
low CVE-2026-22014 — Vulnerability in the Oracle User Management product of Oracle E-Business Suite (component: Workflow… vulnerability nvd CVE-2026-22014 2026-04-21
low CVE-2026-34312 — Vulnerability in the RDBMS component of Oracle Database Server. Supported versions that are affected… vulnerability nvd CVE-2026-34312 2026-04-21
low CVE-2026-6830 — nesquena hermes-webui contains an environment variable leakage vulnerability where profile switching… vulnerability nvd CVE-2026-6830 2026-04-21
low CVE-2026-41144 — F´ (F Prime) is a framework that enables development and deployment of spaceflight and other embedde… vulnerability nvd CVE-2026-41144 rce 2026-04-22
low CVE-2026-6392 — Tanium addressed an information disclosure vulnerability in Threat Response. vulnerability nvd CVE-2026-6392 2026-04-22
low CVE-2026-6408 — Tanium addressed an information disclosure vulnerability in Tanium Server. vulnerability nvd CVE-2026-6408 2026-04-22
low CVE-2026-6416 — Tanium addressed an uncontrolled resource consumption vulnerability in Interact. vulnerability nvd CVE-2026-6416 2026-04-22
low CVE-2026-22746 — Vulnerability in Spring Spring Security. If an application is using the UserDetails#isEnabled, #isAc… vulnerability nvd CVE-2026-22746 2026-04-22
low CVE-2026-6842 — A flaw was found in nano. In environments with permissive umask settings, a local attacker can explo… vulnerability nvd CVE-2026-6842 2026-04-22
low CVE-2026-33596 — A client might theoretically be able to cause a mismatch between queries sent to a backend and the r… vulnerability nvd CVE-2026-33596 2026-04-22
low CVE-2026-33597 — PRSD detection denial of service vulnerability nvd CVE-2026-33597 2026-04-22
low CVE-2026-33599 — A rogue backend can send a crafted SVCB response to a Discovery of Designated Resolvers request, whe… vulnerability nvd CVE-2026-33599 2026-04-22
unknown CISA Adds Eight Known Exploited Vulnerabilities to Catalog advisory cisa-advisories 2026-04-20
unknown CISA Adds One Known Exploited Vulnerability to Catalog advisory cisa-advisories 2026-04-16
unknown CVE-2026-1880 — An Incorrect Permission Assignment for Critical Resource vulnerability in the ASUS DriverHub update… vulnerability nvd CVE-2026-1880 2026-04-16
unknown CVE-2026-3428 — A Download of Code Without Integrity Check vulnerability in the update modules in ASUS Member Center… vulnerability nvd CVE-2026-3428 2026-04-16
unknown CVE-2026-6349 — The iSherlock developed by HGiga has an OS Command Injection vulnerability, allowing unauthenticated… vulnerability nvd CVE-2026-6349 2026-04-16
unknown CVE-2026-40118 — UDP Console provided by Arcserve contains an incorrectly specified destination in a communication ch… vulnerability nvd CVE-2026-40118 2026-04-16
unknown CVE-2025-15621 — Insufficiently Protected Credentials in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client do… vulnerability nvd CVE-2025-15621 2026-04-16
unknown CVE-2026-6409 — A Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of unt… vulnerability nvd CVE-2026-6409 2026-04-16
unknown CVE-2026-27820 — zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3… vulnerability nvd CVE-2026-27820 2026-04-16
unknown CVE-2026-2336 — A privilege escalation vulnerability in Microchip IStaX allows an authenticated low-privileged user… vulnerability nvd CVE-2026-2336 2026-04-16
unknown CVE-2025-54510 — A missing lock verification in AMD Secure Processor (ASP) firmware may permit a locally authenticate… vulnerability nvd CVE-2025-54510 2026-04-16
unknown CVE-2025-54502 — Incorrect use of boot service in the AMD Platform Configuration Blob (APCB) SMM driver could allow a… vulnerability nvd CVE-2025-54502 2026-04-16
unknown CVE-2026-35469 — spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and bel… vulnerability nvd CVE-2026-35469 2026-04-16
unknown CVE-2026-39313 — mcp-framework is a framework for building Model Context Protocol (MCP) servers. In versions 0.2.21 a… vulnerability nvd CVE-2026-39313 2026-04-16
unknown CVE-2026-40308 — My Calendar is a WordPress plugin for managing calendar events. In versions 3.7.6 and below, the mc_… vulnerability nvd CVE-2026-40308 2026-04-16
unknown CVE-2026-40260 — pypdf is a free and open-source pure-python PDF library. In versions prior to 6.10.0, manipulated XM… vulnerability nvd CVE-2026-40260 2026-04-17
unknown CVE-2026-21719 — An OS command injection vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with… vulnerability nvd CVE-2026-21719 2026-04-17
unknown CVE-2026-35496 — A path traversal vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an adm… vulnerability nvd CVE-2026-35496 2026-04-17
unknown CVE-2026-6482 — The Rapid7 Insight Agent (versions > 4.1.0.2) is vulnerable to a local privilege escalation attack t… vulnerability nvd CVE-2026-6482 2026-04-17
unknown CVE-2025-15622 — Insufficiently Protected Credentials vulnerability in Sparx Systems Pty Ltd. Sparx Enterprise Archit… vulnerability nvd CVE-2025-15622 2026-04-17
unknown CVE-2025-15623 — Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System In… vulnerability nvd CVE-2025-15623 2026-04-17
unknown CVE-2025-15624 — Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server. In a… vulnerability nvd CVE-2025-15624 2026-04-17
unknown CVE-2025-15625 — Unauthenticated user is able to execute arbitrary SQL commands in Sparx Pro Cloud Server database in… vulnerability nvd CVE-2025-15625 2026-04-17
unknown CVE-2026-5131 — GREENmod uses named pipes for communication between plugins, the web portal, and the system service,… vulnerability nvd CVE-2026-5131 2026-04-17
unknown CVE-2026-40319 — Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the RegexMa… vulnerability nvd CVE-2026-40319 2026-04-17
unknown CVE-2026-40320 — Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the Conform… vulnerability nvd CVE-2026-40320 2026-04-17
unknown CVE-2026-32105 — xrdp is an open source RDP server. In versions through 0.10.5, xrdp does not implement verification… vulnerability nvd CVE-2026-32105 2026-04-17
unknown CVE-2026-33516 — xrdp is an open source RDP server. Versions through 0.10.5 contain an out-of-bounds read vulnerabili… vulnerability nvd CVE-2026-33516 2026-04-17
unknown CVE-2026-33689 — xrdp is an open source RDP server. Versions through 0.10.5 have an out-of-bounds read vulnerability… vulnerability nvd CVE-2026-33689 2026-04-17
unknown CVE-2026-35402 — mcp-neo4j-cypher is an MCP server for executing Cypher queries against Neo4j databases. In versions… vulnerability nvd CVE-2026-35402 2026-04-17
unknown CVE-2026-35603 — Claude Code is an agentic coding tool. In versions prior to 2.1.75 on Windows, Claude Code loaded th… vulnerability nvd CVE-2026-35603 2026-04-17
unknown CVE-2026-40299 — next-intl provides internationalization for Next.js. Applications using the `next-intl` middleware p… vulnerability nvd CVE-2026-40299 2026-04-17
unknown CVE-2026-29013 — libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling wher… vulnerability nvd CVE-2026-29013 2026-04-17
unknown CVE-2026-40353 — wger is a free, open-source workout and fitness manager. In versions 2.5 and below, the attribution_… vulnerability nvd CVE-2026-40353 2026-04-17
unknown CVE-2026-40476 — graphql-go is a Go implementation of GraphQL. In versions 15.31.4 and below, the OverlappingFieldsCa… vulnerability nvd CVE-2026-40476 2026-04-17
unknown CVE-2026-5720 — miniupnpd contains an integer underflow vulnerability in SOAPAction header parsing that allows remot… vulnerability nvd CVE-2026-5720 2026-04-17
unknown CVE-2026-40481 — monetr is a budgeting application for recurring expenses. In versions 1.12.3 and below, the public S… vulnerability nvd CVE-2026-40481 2026-04-17
unknown CVE-2026-5250 — Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. vulnerability nvd CVE-2026-5250, CVE-2026-6056, CVE-2026-4872 2026-04-17
unknown CVE-2026-40323 — SP1 is a zero‑knowledge virtual machine that proves the correct execution of programs compiled for t… vulnerability nvd CVE-2026-40323 2026-04-18
unknown CVE-2026-40346 — NocoBase is an AI-powered no-code/low-code platform for building business applications and enterpris… vulnerability nvd CVE-2026-40346 2026-04-18
unknown CVE-2026-40480 — ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the GET /api/perso… vulnerability nvd CVE-2026-40480 2026-04-18
unknown CVE-2026-40482 — ChurchCRM is an open-source church management system. Versions prior to 7.2.0 have SQL injection in… vulnerability nvd CVE-2026-40482 2026-04-18
unknown CVE-2026-40582 — ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the /api/public/us… vulnerability nvd CVE-2026-40582 2026-04-18
unknown CVE-2026-40489 — editorconfig-core-c is an EditorConfig core library for use by plugins supporting EditorConfig parsi… vulnerability nvd CVE-2026-40489 2026-04-18
unknown CVE-2026-41242 — protobufjs compiles protobuf definitions into JavaScript (JS) functions. In versions prior to 8.0.1… vulnerability nvd CVE-2026-41242 2026-04-18
unknown CVE-2026-32963 — SD-330AC and AMC Manager provided by silex technology, Inc. contain a reflected cross-site scripting… vulnerability nvd CVE-2026-32963 2026-04-20
unknown CVE-2026-39454 — SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. configure the installation folder… vulnerability nvd CVE-2026-39454 2026-04-20
unknown CVE-2025-13480 — Fudo Enterprise in versions from 5.5.0 through 5.6.2 allows low privileged users to access certain a… vulnerability nvd CVE-2025-13480 2026-04-20
unknown CVE-2026-31429 — In the Linux kernel, the following vulnerability has been resolved: net: skb: fix cross-cache free o… vulnerability nvd CVE-2026-31429 2026-04-20
unknown CVE-2026-31430 — In the Linux kernel, the following vulnerability has been resolved: X.509: Fix out-of-bounds access… vulnerability nvd CVE-2026-31430 2026-04-20
unknown CVE-2026-5958 — When sed is invoked with both -i (in-place edit) and --follow-symlinks, the function open_next_file(… vulnerability nvd CVE-2026-5958 2026-04-20
unknown CVE-2026-6369 — An improper access control vulnerability in the canonical-livepatch snap client prior to version 10.… vulnerability nvd CVE-2026-6369 2026-04-20
unknown CVE-2026-3219 — pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is… vulnerability nvd CVE-2026-3219 2026-04-20
unknown CVE-2026-23758 — GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the ticket subjec… vulnerability nvd CVE-2026-23758 2026-04-20
unknown CVE-2025-11249 — Rejected reason: This CVE id was assigned as a duplicate of CVE-2025-66414. vulnerability nvd CVE-2025-11249 2026-04-20
unknown CVE-2026-32135 — NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Versions prior to 0.24.11 have… vulnerability nvd CVE-2026-32135 2026-04-20
unknown CVE-2026-32311 — Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, tr… vulnerability nvd CVE-2026-32311 2026-04-20
unknown CVE-2026-33031 — Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, a user who was di… vulnerability nvd CVE-2026-33031 2026-04-20
unknown CVE-2026-33431 — Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to vers… vulnerability nvd CVE-2026-33431 2026-04-20
unknown CVE-2026-33432 — Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions u… vulnerability nvd CVE-2026-33432 2026-04-20
unknown CVE-2026-34403 — Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.5, all WebSocket end… vulnerability nvd CVE-2026-34403 2026-04-20
unknown CVE-2026-5358 — Rejected reason: REJECTED: CVE-2026-5358 is rejected for two reasons. Firstly it has been discovered… vulnerability nvd CVE-2026-5358 2026-04-20
unknown CVE-2026-0930 — Potential read out of bounds case with wolfSSHd on Windows while handling a terminal resize request.… vulnerability nvd CVE-2026-0930 2026-04-20
unknown CVE-2026-22051 — StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9.0.13 and 12.0.0.6 are susceptible… vulnerability nvd CVE-2026-22051 2026-04-20
unknown CVE-2026-34082 — Dify is an open-source LLM app development platform. Prior to 1.13.1, the method `DELETE /console/ap… vulnerability nvd CVE-2026-34082 2026-04-20
unknown CVE-2026-34839 — Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Glances… vulnerability nvd CVE-2026-34839 2026-04-21
unknown CVE-2026-35587 — Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, a Server-Si… vulnerability nvd CVE-2026-35587 2026-04-21
unknown CVE-2026-39388 — OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, OpenBao'… vulnerability nvd CVE-2026-39388 2026-04-21
unknown CVE-2026-39861 — Claude Code is an agentic coding tool. Prior to version 2.1.64, Claude Code's sandbox did not preven… vulnerability nvd CVE-2026-39861 2026-04-21
unknown CVE-2026-39946 — OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, when Ope… vulnerability nvd CVE-2026-39946 2026-04-21
unknown CVE-2026-40264 — OpenBao is an open source identity-based secrets management system. OpenBao's namespaces provide mul… vulnerability nvd CVE-2026-40264 2026-04-21
unknown CVE-2026-39866 — Lawnchair is a free, open-source home app for Android. Prior to commit fcba413f55dd47f8a392144525284… vulnerability nvd CVE-2026-39866 2026-04-21
unknown CVE-2026-40496 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, attachment d… vulnerability nvd CVE-2026-40496 2026-04-21
unknown CVE-2025-13826 — Zervit's portable HTTP/web server is vulnerable to remote DoS attacks when a configuration reset req… vulnerability nvd CVE-2025-13826 2026-04-21
unknown CVE-2026-3317 — Reflected Cross-Site Scripting (XSS) vulnerability in Navigate Content Management System. The vulner… vulnerability nvd CVE-2026-3317 2026-04-21
unknown CVE-2026-41037 — This vulnerability exists in Quantum Networks router due to missing rate limiting and CAPTCHA protec… vulnerability nvd CVE-2026-41037 2026-04-21
unknown CVE-2026-6553 — Changing backend users' passwords via the user settings module results in storing the cleartext pass… vulnerability nvd CVE-2026-6553 2026-04-21
unknown CVE-2026-41038 — This vulnerability exists in Quantum Networks router due to lack of enforcement of strong password p… vulnerability nvd CVE-2026-41038 2026-04-21
unknown CVE-2026-41039 — This vulnerability exists in Quantum Networks router due to improper access control and insecure def… vulnerability nvd CVE-2026-41039 2026-04-21
unknown CVE-2026-32147 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erla… vulnerability nvd CVE-2026-32147 2026-04-21
unknown CVE-2026-6756 — Mitigation bypass in Firefox for Android. This vulnerability was fixed in Firefox 150. vulnerability nvd CVE-2026-6756 2026-04-21
unknown CVE-2026-6757 — Invalid pointer in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 15… vulnerability nvd CVE-2026-6757 2026-04-21
unknown CVE-2026-6762 — Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firef… vulnerability nvd CVE-2026-6762 2026-04-21
unknown CVE-2025-10354 — Cross-Site Scripting (XSS) vulnerability reflected in Semantic MediaWiki. This vulnerability allows… vulnerability nvd CVE-2025-10354 2026-04-21
unknown CVE-2026-3298 — The method "sock_recvfrom_into()" of "asyncio.ProacterEventLoop" (Windows only) was missing a bounda… vulnerability nvd CVE-2026-3298 2026-04-21
unknown CVE-2026-5789 — Vulnerability related to an unquoted search path in CivetWeb v1.16. This vulnerability allows a loca… vulnerability nvd CVE-2026-5789 2026-04-21
unknown CVE-2025-41011 — HTML injection vulnerability in PHP Point of Sale v19.4. This vulnerability allows an attacker to re… vulnerability nvd CVE-2025-41011 2026-04-21
unknown CVE-2025-41029 — SQL injection vulnerability in Zeon Academy Pro by Zeon Global Tech. This vulnerability allows an at… vulnerability nvd CVE-2025-41029 2026-04-21
unknown CVE-2026-30452 — Textpattern CMS 4.9.0 contains a Broken Access Control vulnerability in the article management syste… vulnerability nvd CVE-2026-30452 2026-04-21
unknown CVE-2026-38835 — Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the formSetUSB… vulnerability nvd CVE-2026-38835 2026-04-21
unknown CVE-2026-40570 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, the `load_cu… vulnerability nvd CVE-2026-40570 2026-04-21
unknown CVE-2026-40583 — UltraDAG is a minimal DAG-BFT blockchain in Rust. In version 0.1, a non-council attacker can submit… vulnerability nvd CVE-2026-40583 2026-04-21
unknown CVE-2026-40599 — ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies.… vulnerability nvd CVE-2026-40599, CVE-2026-40604 2026-04-21
unknown CVE-2026-40614 — PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier,… vulnerability nvd CVE-2026-40614, CVE-2026-40892 2026-04-21
unknown CVE-2026-40865 — Horilla is a free and open source Human Resource Management System (HRMS). In 1.5.0, an insecure dir… vulnerability nvd CVE-2026-40865, CVE-2026-40866 2026-04-21
unknown CVE-2026-40867 — Horilla is a free and open source Human Resource Management System (HRMS). In 1.5.0, a broken access… vulnerability nvd CVE-2026-40867 2026-04-21
unknown CVE-2026-41456 — Bludit CMS prior to commit 6732dde contains a reflected cross-site scripting vulnerability in the se… vulnerability nvd CVE-2026-41456 2026-04-21
unknown CVE-2026-33813 — Parsing a WEBP image with an invalid, large size panics on 32-bit platforms. vulnerability nvd CVE-2026-33813 2026-04-21
unknown CVE-2026-40872 — mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 20… vulnerability nvd CVE-2026-40872, CVE-2026-40873, CVE-2026-40874, CVE-2026-40875, CVE-2026-40878 2026-04-21
unknown CVE-2026-40876 — goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs contains an SFTP root escape… vulnerability nvd CVE-2026-40876 2026-04-21
unknown CVE-2026-40880 — ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and zebra-consensus ve… vulnerability nvd CVE-2026-40880 2026-04-21
unknown CVE-2026-40881 — ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-network vers… vulnerability nvd CVE-2026-40881 2026-04-21
unknown CVE-2026-40883 — goshs is a SimpleHTTPServer written in Go. From 2.0.0-beta.4 to 2.0.0-beta.5, goshs contains a cross… vulnerability nvd CVE-2026-40883 2026-04-21
unknown CVE-2026-40888 — Frappe HR is an open-source human resources management solution (HRMS). Prior to versions 15.58.1 an… vulnerability nvd CVE-2026-40888 2026-04-21
unknown CVE-2025-70420 — A SQL injection vulnerability exists in Genesys Latitude v25.1.0.420 that allows an authenticated at… vulnerability nvd CVE-2025-70420 2026-04-21
unknown CVE-2026-40895 — follow-redirects is an open source, drop-in replacement for Node's `http` and `https` modules that a… vulnerability nvd CVE-2026-40895 2026-04-21
unknown CVE-2026-40939 — The Data Sharing Framework (DSF) implements a distributed process engine based on the BPMN 2.0 and F… vulnerability nvd CVE-2026-40939, CVE-2026-40942 2026-04-21
unknown CVE-2026-40943 — Oxia is a metadata store and coordination system. Prior to 0.16.2, a race condition between session… vulnerability nvd CVE-2026-40943 2026-04-21
unknown CVE-2026-40944 — Oxia is a metadata store and coordination system. Prior to 0.16.2, the trustedCertPool() function in… vulnerability nvd CVE-2026-40944 2026-04-21
unknown CVE-2026-40945 — Oxia is a metadata store and coordination system. Prior to 0.16.2, when OIDC authentication fails, t… vulnerability nvd CVE-2026-40945 2026-04-21
unknown CVE-2026-40946 — Oxia is a metadata store and coordination system. Prior to 0.16.2, the OIDC authentication provider… vulnerability nvd CVE-2026-40946 2026-04-21
unknown CVE-2026-3307 — An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed an att… vulnerability nvd CVE-2026-3307 2026-04-21
unknown CVE-2026-4296 — An incorrect regular expression vulnerability was identified in GitHub Enterprise Server that allowe… vulnerability nvd CVE-2026-4296 2026-04-21
unknown CVE-2026-4821 — An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Ser… vulnerability nvd CVE-2026-4821 2026-04-21
unknown CVE-2026-5512 — An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed an a… vulnerability nvd CVE-2026-5512 2026-04-21
unknown CVE-2026-5845 — An improper authorization vulnerability in scoped user-to-server (ghu_) token authorization in GitHu… vulnerability nvd CVE-2026-5845 2026-04-21
unknown CVE-2026-5921 — A server-side request forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that a… vulnerability nvd CVE-2026-5921 2026-04-21
unknown CVE-2026-40343 — free5GC UDR is the user data repository (UDR) for free5GC, an an open-source project for 5th generat… vulnerability nvd CVE-2026-40343 2026-04-22
unknown CVE-2026-41128 — Craft CMS is a content management system (CMS). In versions 5.6.0 through 5.9.14, the `actionSavePer… vulnerability nvd CVE-2026-41128 2026-04-22
unknown CVE-2026-41129 — Craft CMS is a content management system (CMS). Versions on the 4.x branch through 4.17.8 and the 5.… vulnerability nvd CVE-2026-41129 2026-04-22
unknown CVE-2026-41130 — Craft CMS is a content management system (CMS). In versions on the 4.x branch through 4.17.8 and the… vulnerability nvd CVE-2026-41130 2026-04-22
unknown CVE-2026-41136 — free5GC AMF provides Access & Mobility Management Function (AMF) for free5GC, an an open-source proj… vulnerability nvd CVE-2026-41136 2026-04-22
unknown CVE-2026-40344 — MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prio… vulnerability nvd CVE-2026-40344, CVE-2026-41145 2026-04-22
unknown CVE-2026-41146 — facil.io is a C micro-framework for web applications. Prior to commit 5128747363055201d3ecf0e29bf0a9… vulnerability nvd CVE-2026-41146 2026-04-22
unknown CVE-2026-41457 — OwnTone Server versions 28.4 through 29.0 contain a SQL injection vulnerability in DAAP query and fi… vulnerability nvd CVE-2026-41457 2026-04-22
unknown CVE-2026-41458 — OwnTone Server versions 28.4 through 29.0 contain a race condition vulnerability in the DAAP login h… vulnerability nvd CVE-2026-41458 2026-04-22
unknown CVE-2026-5398 — The implementation of TIOCNOTTY failed to clear a back-pointer from the structure representing the c… vulnerability nvd CVE-2026-5398 2026-04-22
unknown CVE-2026-6386 — In order to apply a particular protection key to an address range, the kernel must update the corres… vulnerability nvd CVE-2026-6386 2026-04-22
unknown CVE-2026-40451 — DeepL Chrome browser extension versions from v1.22.0 to v.1.23.0 contain a cross-site scripting vuln… vulnerability nvd CVE-2026-40451 2026-04-22
unknown CVE-2026-40542 — Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the cli… vulnerability nvd CVE-2026-40542 2026-04-22
unknown CVE-2026-31431 — In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to o… vulnerability nvd CVE-2026-31431 2026-04-22
unknown CVE-2026-31432 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix OOB write in QUERY_IN… vulnerability nvd CVE-2026-31432 2026-04-22
unknown CVE-2026-31433 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix potencial OOB in get_… vulnerability nvd CVE-2026-31433 2026-04-22
unknown CVE-2026-0539 — Incorrect Default Permissions in pcvisit service binary on Windows allows a low-privileged local att… vulnerability nvd CVE-2026-0539 2026-04-22
unknown CVE-2026-31192 — Insufficient validation of Chrome extension identifiers in Raindrop.io Bookmark Manager Web App 5.6.… vulnerability nvd CVE-2026-31192 2026-04-22
unknown CVE-2026-31434 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix leak of kobject name… vulnerability nvd CVE-2026-31434 2026-04-22
unknown CVE-2026-31435 — In the Linux kernel, the following vulnerability has been resolved: netfs: Fix read abandonment duri… vulnerability nvd CVE-2026-31435 2026-04-22
unknown CVE-2026-31436 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix possible wr… vulnerability nvd CVE-2026-31436 2026-04-22
unknown CVE-2026-31437 — In the Linux kernel, the following vulnerability has been resolved: netfs: Fix NULL pointer derefere… vulnerability nvd CVE-2026-31437 2026-04-22
unknown CVE-2026-31438 — In the Linux kernel, the following vulnerability has been resolved: netfs: Fix kernel BUG in netfs_l… vulnerability nvd CVE-2026-31438 2026-04-22
unknown CVE-2026-31439 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: xilinx: xdma: Fix reg… vulnerability nvd CVE-2026-31439 2026-04-22
unknown CVE-2026-31440 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix leaking eve… vulnerability nvd CVE-2026-31440 2026-04-22
unknown CVE-2026-31441 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix memory leak… vulnerability nvd CVE-2026-31441 2026-04-22
unknown CVE-2026-31442 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix possible in… vulnerability nvd CVE-2026-31442 2026-04-22
unknown CVE-2026-31443 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix crash when… vulnerability nvd CVE-2026-31443 2026-04-22
unknown CVE-2026-31444 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free and NU… vulnerability nvd CVE-2026-31444 2026-04-22
unknown CVE-2026-31445 — In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: avoid use of half… vulnerability nvd CVE-2026-31445 2026-04-22
unknown CVE-2026-31446 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix use-after-free in upda… vulnerability nvd CVE-2026-31446 2026-04-22
unknown CVE-2026-31447 — In the Linux kernel, the following vulnerability has been resolved: ext4: reject mount if bigalloc w… vulnerability nvd CVE-2026-31447 2026-04-22
unknown CVE-2026-31448 — In the Linux kernel, the following vulnerability has been resolved: ext4: avoid infinite loops cause… vulnerability nvd CVE-2026-31448 2026-04-22
unknown CVE-2026-31449 — In the Linux kernel, the following vulnerability has been resolved: ext4: validate p_idx bounds in e… vulnerability nvd CVE-2026-31449 2026-04-22
unknown CVE-2026-31451 — In the Linux kernel, the following vulnerability has been resolved: ext4: replace BUG_ON with proper… vulnerability nvd CVE-2026-31451 2026-04-22
unknown CVE-2026-31452 — In the Linux kernel, the following vulnerability has been resolved: ext4: convert inline data to ext… vulnerability nvd CVE-2026-31452 2026-04-22
unknown CVE-2026-31453 — In the Linux kernel, the following vulnerability has been resolved: xfs: avoid dereferencing log ite… vulnerability nvd CVE-2026-31453 2026-04-22
unknown CVE-2026-31454 — In the Linux kernel, the following vulnerability has been resolved: xfs: save ailp before dropping t… vulnerability nvd CVE-2026-31454 2026-04-22
unknown CVE-2026-31455 — In the Linux kernel, the following vulnerability has been resolved: xfs: stop reclaim before pushing… vulnerability nvd CVE-2026-31455 2026-04-22
unknown CVE-2026-31457 — In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: check contexts->… vulnerability nvd CVE-2026-31457, CVE-2026-31458 2026-04-22
unknown CVE-2026-31459 — In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: fix param_ctx le… vulnerability nvd CVE-2026-31459 2026-04-22
unknown CVE-2026-31462 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: prevent immediate PA… vulnerability nvd CVE-2026-31462 2026-04-22
unknown CVE-2026-31463 — In the Linux kernel, the following vulnerability has been resolved: iomap: fix invalid folio access… vulnerability nvd CVE-2026-31463 2026-04-22
unknown CVE-2026-31464 — In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Fix OOB access in… vulnerability nvd CVE-2026-31464 2026-04-22
unknown CVE-2026-31465 — In the Linux kernel, the following vulnerability has been resolved: writeback: don't block sync for… vulnerability nvd CVE-2026-31465 2026-04-22
unknown CVE-2026-31466 — In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: fix folio isn't… vulnerability nvd CVE-2026-31466 2026-04-22
unknown CVE-2026-31467 — In the Linux kernel, the following vulnerability has been resolved: erofs: add GFP_NOIO in the bio c… vulnerability nvd CVE-2026-31467 2026-04-22
unknown CVE-2026-31468 — In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Fix double free in dma… vulnerability nvd CVE-2026-31468 2026-04-22
unknown CVE-2026-31469 — In the Linux kernel, the following vulnerability has been resolved: virtio_net: Fix UAF on dst_ops w… vulnerability nvd CVE-2026-31469 2026-04-22
unknown CVE-2026-31470 — In the Linux kernel, the following vulnerability has been resolved: virt: tdx-guest: Fix handling of… vulnerability nvd CVE-2026-31470 2026-04-22
unknown CVE-2026-31471 — In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: only publish mode_d… vulnerability nvd CVE-2026-31471 2026-04-22
unknown CVE-2026-31472 — In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: validate inner IPv4… vulnerability nvd CVE-2026-31472 2026-04-22
unknown CVE-2026-31473 — In the Linux kernel, the following vulnerability has been resolved: media: mc, v4l2: serialize REINI… vulnerability nvd CVE-2026-31473 2026-04-22
unknown CVE-2026-31474 — In the Linux kernel, the following vulnerability has been resolved: can: isotp: fix tx.buf use-after… vulnerability nvd CVE-2026-31474 2026-04-22
unknown CVE-2026-31475 — In the Linux kernel, the following vulnerability has been resolved: ASoC: sma1307: fix double free o… vulnerability nvd CVE-2026-31475 2026-04-22
unknown CVE-2026-31476 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: do not expire session on… vulnerability nvd CVE-2026-31476 2026-04-22
unknown CVE-2026-31477 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix memory leaks and NULL… vulnerability nvd CVE-2026-31477 2026-04-22
unknown CVE-2026-31478 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: replace hardcoded hdr2_le… vulnerability nvd CVE-2026-31478 2026-04-22
unknown CVE-2026-31480 — In the Linux kernel, the following vulnerability has been resolved: tracing: Fix potential deadlock… vulnerability nvd CVE-2026-31480 2026-04-22
unknown CVE-2026-31481 — In the Linux kernel, the following vulnerability has been resolved: tracing: Drain deferred trigger… vulnerability nvd CVE-2026-31481 2026-04-22
unknown CVE-2026-31482 — In the Linux kernel, the following vulnerability has been resolved: s390/entry: Scrub r12 register o… vulnerability nvd CVE-2026-31482 2026-04-22
unknown CVE-2026-31483 — In the Linux kernel, the following vulnerability has been resolved: s390/syscalls: Add spectre bound… vulnerability nvd CVE-2026-31483 2026-04-22
unknown CVE-2026-31484 — In the Linux kernel, the following vulnerability has been resolved: io_uring/fdinfo: fix OOB read in… vulnerability nvd CVE-2026-31484 2026-04-22
unknown CVE-2026-31485 — In the Linux kernel, the following vulnerability has been resolved: spi: spi-fsl-lpspi: fix teardown… vulnerability nvd CVE-2026-31485 2026-04-22
unknown CVE-2026-31486 — In the Linux kernel, the following vulnerability has been resolved: hwmon: (pmbus/core) Protect regu… vulnerability nvd CVE-2026-31486 2026-04-22
unknown CVE-2026-31487 — In the Linux kernel, the following vulnerability has been resolved: spi: use generic driver_override… vulnerability nvd CVE-2026-31487 2026-04-22
unknown CVE-2026-31489 — In the Linux kernel, the following vulnerability has been resolved: spi: meson-spicc: Fix double-put… vulnerability nvd CVE-2026-31489 2026-04-22
unknown CVE-2026-31490 — In the Linux kernel, the following vulnerability has been resolved: drm/xe/pf: Fix use-after-free in… vulnerability nvd CVE-2026-31490 2026-04-22
unknown CVE-2026-31491 — In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Harden depth calcula… vulnerability nvd CVE-2026-31491 2026-04-22
unknown CVE-2026-31492 — In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Initialize free_qp c… vulnerability nvd CVE-2026-31492 2026-04-22
unknown CVE-2026-31493 — In the Linux kernel, the following vulnerability has been resolved: RDMA/efa: Fix use of completion… vulnerability nvd CVE-2026-31493 2026-04-22
unknown CVE-2026-31494 — In the Linux kernel, the following vulnerability has been resolved: net: macb: use the current queue… vulnerability nvd CVE-2026-31494 2026-04-22
unknown CVE-2026-31495 — In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: use netlin… vulnerability nvd CVE-2026-31495 2026-04-22
unknown CVE-2026-31496 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_expect:… vulnerability nvd CVE-2026-31496 2026-04-22
unknown CVE-2026-31497 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: clamp SCO alts… vulnerability nvd CVE-2026-31497 2026-04-22
unknown CVE-2026-31498 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix ERTM re-in… vulnerability nvd CVE-2026-31498 2026-04-22
unknown CVE-2026-31499 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix deadlock i… vulnerability nvd CVE-2026-31499 2026-04-22
unknown CVE-2026-31500 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel: serialize bt… vulnerability nvd CVE-2026-31500 2026-04-22
unknown CVE-2026-31501 — In the Linux kernel, the following vulnerability has been resolved: net: ti: icssg-prueth: fix use-a… vulnerability nvd CVE-2026-31501 2026-04-22
unknown CVE-2026-31502 — In the Linux kernel, the following vulnerability has been resolved: team: fix header_ops type confus… vulnerability nvd CVE-2026-31502 2026-04-22
unknown CVE-2026-31503 — In the Linux kernel, the following vulnerability has been resolved: udp: Fix wildcard bind conflict… vulnerability nvd CVE-2026-31503 2026-04-22
unknown CVE-2026-31504 — In the Linux kernel, the following vulnerability has been resolved: net: fix fanout UAF in packet_re… vulnerability nvd CVE-2026-31504 2026-04-22
unknown CVE-2026-31505 — In the Linux kernel, the following vulnerability has been resolved: iavf: fix out-of-bounds writes i… vulnerability nvd CVE-2026-31505 2026-04-22
unknown CVE-2026-31506 — In the Linux kernel, the following vulnerability has been resolved: net: bcmasp: fix double free of… vulnerability nvd CVE-2026-31506 2026-04-22
unknown CVE-2026-31507 — In the Linux kernel, the following vulnerability has been resolved: net/smc: fix double-free of smc_… vulnerability nvd CVE-2026-31507 2026-04-22
unknown CVE-2026-31508 — In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: Avoid releasin… vulnerability nvd CVE-2026-31508 2026-04-22
unknown CVE-2026-31509 — In the Linux kernel, the following vulnerability has been resolved: nfc: nci: fix circular locking d… vulnerability nvd CVE-2026-31509 2026-04-22
unknown CVE-2026-31511 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix dangling po… vulnerability nvd CVE-2026-31511 2026-04-22
unknown CVE-2026-31512 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Validate PDU l… vulnerability nvd CVE-2026-31512 2026-04-22
unknown CVE-2026-31513 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix stack-out-… vulnerability nvd CVE-2026-31513 2026-04-22
unknown CVE-2026-31514 — In the Linux kernel, the following vulnerability has been resolved: erofs: set fileio bio failed in… vulnerability nvd CVE-2026-31514 2026-04-22
unknown CVE-2026-31515 — In the Linux kernel, the following vulnerability has been resolved: af_key: validate families in pfk… vulnerability nvd CVE-2026-31515 2026-04-22
unknown CVE-2026-31516 — In the Linux kernel, the following vulnerability has been resolved: xfrm: prevent policy_hthresh.wor… vulnerability nvd CVE-2026-31516 2026-04-22
unknown CVE-2026-31517 — In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: fix skb_put() panic… vulnerability nvd CVE-2026-31517 2026-04-22
unknown CVE-2026-31518 — In the Linux kernel, the following vulnerability has been resolved: esp: fix skb leak with espintcp… vulnerability nvd CVE-2026-31518 2026-04-22
unknown CVE-2026-31519 — In the Linux kernel, the following vulnerability has been resolved: btrfs: set BTRFS_ROOT_ORPHAN_CLE… vulnerability nvd CVE-2026-31519 2026-04-22
unknown CVE-2026-31520 — In the Linux kernel, the following vulnerability has been resolved: HID: apple: avoid memory leak in… vulnerability nvd CVE-2026-31520 2026-04-22
unknown CVE-2026-31521 — In the Linux kernel, the following vulnerability has been resolved: module: Fix kernel panic when a… vulnerability nvd CVE-2026-31521 2026-04-22
unknown CVE-2026-31522 — In the Linux kernel, the following vulnerability has been resolved: HID: magicmouse: avoid memory le… vulnerability nvd CVE-2026-31522 2026-04-22
unknown CVE-2026-31523 — In the Linux kernel, the following vulnerability has been resolved: nvme-pci: ensure we're polling a… vulnerability nvd CVE-2026-31523 2026-04-22
unknown CVE-2026-31524 — In the Linux kernel, the following vulnerability has been resolved: HID: asus: avoid memory leak in… vulnerability nvd CVE-2026-31524 2026-04-22
unknown CVE-2026-31525 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix undefined behavior in i… vulnerability nvd CVE-2026-31525 2026-04-22
unknown CVE-2026-31526 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix exception exit lock che… vulnerability nvd CVE-2026-31526 2026-04-22
unknown CVE-2026-31527 — In the Linux kernel, the following vulnerability has been resolved: driver core: platform: use gener… vulnerability nvd CVE-2026-31527 2026-04-22
unknown CVE-2026-31528 — In the Linux kernel, the following vulnerability has been resolved: perf: Make sure to use pmu_ctx->… vulnerability nvd CVE-2026-31528 2026-04-22
unknown CVE-2026-31529 — In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fix leakage in __con… vulnerability nvd CVE-2026-31529 2026-04-22
unknown CVE-2026-31530 — In the Linux kernel, the following vulnerability has been resolved: cxl/port: Fix use after free of… vulnerability nvd CVE-2026-31530 2026-04-22
unknown CVE-2026-5749 — Inadequate access control in the registration process in Fullstep V5, which could allow unauthentica… vulnerability nvd CVE-2026-5749 2026-04-22
unknown CVE-2026-5750 — An insecure direct object reference (IDOR) vulnerability in the Fullstep V5 registration process all… vulnerability nvd CVE-2026-5750 2026-04-22
unknown CVE-2026-6355 — A vulnerability in the web application allows unauthorized users to access and manipulate sensitive… vulnerability nvd CVE-2026-6355 2026-04-22
unknown CVE-2026-6356 — A vulnerability in the web application allows standard users to escalate their privileges to those o… vulnerability nvd CVE-2026-6356 2026-04-22
unknown CVE-2026-32223 Windows USB Printing Stack (usbprint.sys) Elevation of Privilege Vulnerability advisory vendor-blogs 2026-04-21
unknown CVE-2026-26168 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability advisory vendor-blogs 2026-04-21
unknown CVE-2026-40372 ASP.NET Core Elevation of Privilege Vulnerability advisory vendor-blogs 2026-04-21
unknown CVE-2026-32288 Unbounded allocation for old GNU sparse in archive/tar advisory vendor-blogs 2026-04-21
unknown CVE-2026-41254 advisory vendor-blogs 2026-04-21
unknown CVE-2026-32077 Windows UPnP Device Host Elevation of Privilege Vulnerability advisory vendor-blogs 2026-04-20
unknown CVE-2026-26149 Microsoft Power Apps Spoofing Vulnerability advisory vendor-blogs 2026-04-20
unknown CVE-2026-5160 advisory vendor-blogs 2026-04-19
unknown CVE-2026-6100 Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure advisory vendor-blogs 2026-04-19
unknown CVE-2026-4786 Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open() advisory vendor-blogs 2026-04-19
unknown CVE-2026-33056 tar-rs: unpack_in can chmod arbitrary directories by following symlinks advisory vendor-blogs 2026-04-19
unknown CVE-2026-33055 tar-rs incorrectly ignores PAX size headers if header size is nonzero advisory vendor-blogs 2026-04-19
unknown Chromium: CVE-2026-6296 Heap buffer overflow in ANGLE advisory vendor-blogs 2026-04-17
unknown Chromium: CVE-2026-6363 Type Confusion in V8 advisory vendor-blogs 2026-04-17
unknown Chromium: CVE-2026-6359 Use after free in Video advisory vendor-blogs 2026-04-17
unknown Chromium: CVE-2026-6364 Out of bounds read in Skia advisory vendor-blogs 2026-04-17
unknown Chromium: CVE-2026-6362 Use after free in Codecs advisory vendor-blogs 2026-04-17
unknown Chromium: CVE-2026-6313 Insufficient policy enforcement in CORS advisory vendor-blogs 2026-04-17
unknown Chromium: CVE-2026-6314 Out of bounds write in GPU advisory vendor-blogs 2026-04-17
unknown Chromium: CVE-2026-6361 Heap buffer overflow in PDFium advisory vendor-blogs 2026-04-17
unknown Chromium: CVE-2026-6310 Use after free in Dawn advisory vendor-blogs 2026-04-17
unknown Chromium: CVE-2026-6360 Use after free in FileSystem advisory vendor-blogs 2026-04-17
unknown Chromium: CVE-2026-6316 Use after free in Forms advisory vendor-blogs 2026-04-17
unknown Chromium: CVE-2026-6309 Use after free in Viz advisory vendor-blogs 2026-04-17
unknown Chromium: CVE-2026-6311 Uninitialized Use in Accessibility advisory vendor-blogs 2026-04-17
unknown Chromium: CVE-2026-6307 Type Confusion in Turbofan advisory vendor-blogs 2026-04-17
unknown Chromium: CVE-2026-6308 Out of bounds read in Media advisory vendor-blogs 2026-04-17
unknown Chromium: CVE-2026-6300 Use after free in CSS advisory vendor-blogs 2026-04-17
unknown Chromium: CVE-2026-6304 Use after free in Graphite advisory vendor-blogs 2026-04-17
unknown Chromium: CVE-2026-6317 Use after free in Cast advisory vendor-blogs 2026-04-17
unknown Chromium: CVE-2026-6312 Insufficient policy enforcement in Passwords advisory vendor-blogs 2026-04-17
unknown Chromium: CVE-2026-6298 Heap buffer overflow in Skia advisory vendor-blogs 2026-04-17
unknown Chromium: CVE-2026-6297 Use after free in Proxy advisory vendor-blogs 2026-04-17
unknown Chromium: CVE-2026-6299 Use after free in Prerender advisory vendor-blogs 2026-04-17
unknown CVE-2026-33948 jq: Embedded-NUL Truncation in CLI JSON Input Path Causes Prefix-Only Validation of Malformed Input advisory vendor-blogs 2026-04-17
unknown CVE-2026-40164 jq: Algorithmic complexity DoS via hardcoded MurmurHash3 seed advisory vendor-blogs 2026-04-17
unknown CVE-2026-35469 SpdyStream: DOS on CRI advisory vendor-blogs 2026-04-17
unknown CVE-2026-39956 jq: Missing runtime type checks for _strindices lead to crash and limited memory disclosure advisory vendor-blogs 2026-04-17
unknown CVE-2026-35201 Discount has an Out-of-bounds Read in rdiscount advisory vendor-blogs 2026-04-17
unknown CVE-2026-32316 jq: Integer overflow in jvp_string_append() allows Heap-based Buffer Overflow advisory vendor-blogs 2026-04-17
unknown CVE-2026-33947 jq: Unbounded Recursion in jv_setpath(), jv_getpath() and delpaths_sorted() advisory vendor-blogs 2026-04-17
unknown CVE-2026-39979 jq: Out-of-Bounds Read in jv_parse_sized() Error Formatting for Non-NUL-Terminated Counted Buffers advisory vendor-blogs 2026-04-17
unknown CVE-2026-41035 advisory vendor-blogs 2026-04-17
unknown CVE-2026-35199 SymCrypt SymCryptXmssSign function - Heap overflow via 64->32-bit leaf-count truncation advisory vendor-blogs 2026-04-17
unknown CVE-2025-14821 Libssh: libssh: insecure default configuration leads to local man-in-the-middle attacks on windows advisory vendor-blogs 2026-04-17
unknown CVE-2026-40179 Prometheus: Stored XSS via metric names and label values in web UI tooltips and metrics explorer advisory vendor-blogs 2026-04-17
unknown CVE-2026-2673 OpenSSL TLS 1.3 server may choose unexpected key agreement group advisory vendor-blogs 2026-04-17
unknown CVE-2025-64669 Windows Admin Center Elevation of Privilege Vulnerability advisory vendor-blogs 2026-04-16
unknown Bad Apples: Weaponizing native macOS primitives for movement and execution advisory vendor-blogs 2026-04-21
unknown Foxit, LibRaw vulnerabilities advisory vendor-blogs 2026-04-16
unknown The Q1 vulnerability pulse advisory vendor-blogs 2026-04-16
unknown More than pretty pictures: Wendy Bishop on visual storytelling in tech advisory vendor-blogs 2026-04-16
unknown SSH brings PrivX OT to Nokia Industrial Edge to secure remote access in OT environments advisory vendor-blogs 2026-04-21
unknown TXOne introduces Stellar Discover to extend OT security from discovery to risk insight advisory vendor-blogs 2026-04-21
unknown Industrial Defender partners with KYrON to boost OT resilience and NIS2 readiness in France advisory vendor-blogs 2026-04-21
unknown Semperis extends Purple Knight identity security assessment tool to US federal, defense GCC High environments advisory vendor-blogs 2026-04-21
unknown WEF urges intelligence sharing as port cyber threats outpace siloed defences advisory vendor-blogs 2026-04-20
unknown New GoGra malware for Linux uses Microsoft Graph API for comms news general-news 2026-04-22
unknown Microsoft releases emergency patches for critical ASP.NET flaw news general-news 2026-04-22
unknown French govt agency confirms breach as hacker offers to sell data news general-news 2026-04-21
unknown New Lotus data wiper used against Venezuelan energy, utility firms news general-news 2026-04-21
unknown CISA flags new SD-WAN flaw as actively exploited in attacks news general-news 2026-04-21
unknown Actively exploited Apache ActiveMQ flaw impacts 6,400 servers news general-news 2026-04-21
unknown NGate Android malware uses HandyPay NFC app to steal card data news general-news 2026-04-21
unknown Lotus Wiper Malware Targets Venezuelan Energy Systems in Destructive Attack news general-news 2026-04-22
unknown Toxic Combinations: When Cross-App Permissions Stack into Risk news general-news 2026-04-22
unknown Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug news general-news 2026-04-22
unknown Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape news general-news 2026-04-22
unknown 22 BRIDGE:BREAK Flaws Expose Thousands of Lantronix and Silex Serial-to-IP Converters news general-news 2026-04-21
unknown NGate Campaign Targets Brazil, Trojanizes HandyPay to Steal NFC Data and PINs news general-news 2026-04-21
unknown Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution news general-news 2026-04-21
unknown CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines news general-news 2026-04-21
unknown ⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More news general-news 2026-04-20
unknown Vercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials news general-news 2026-04-20
unknown $13.74M Hack Shuts Down Sanctioned Grinex Exchange After Intelligence Claims news general-news 2026-04-18
unknown NIST Limits CVE Enrichment After 263% Surge in Vulnerability Submissions news general-news 2026-04-17
unknown Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation news general-news 2026-04-17
unknown Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution news general-news 2026-04-16
unknown UAC-0247 Targets Ukrainian Clinics and Government in Data-Theft Malware Campaign news general-news 2026-04-16
unknown DPRK Fake Job Scams Self-Propagate in 'Contagious Interview' news general-news 2026-04-22
unknown Exploits Turn Windows Defender Into Attacker Tool news general-news 2026-04-21
unknown Vercel Employee's AI Tool Access Led to Data Breach news general-news 2026-04-20
unknown Serial-to-IP Devices Hide Thousands of Old &amp; New Bugs news general-news 2026-04-20
unknown WhatsApp Leaks User Metadata to Attackers news general-news 2026-04-20
unknown Every Old Vulnerability Is Now an AI Vulnerability news general-news 2026-04-17
unknown Coast Guard's New Cybersecurity Rules Offer Lessons for CISOs news general-news transport 2026-04-17
unknown NIST Revamps CVE Framework to Focus on High-Impact Vulnerabilities news general-news 2026-04-16
unknown North Korea Uses ClickFix to Target macOS Users' Data news general-news 2026-04-16
unknown 'Harmless' Global Adware Transforms Into an AV Killer news general-news 2026-04-16
unknown Microsoft's Original Windows Secure Boot Certificate Is Expiring news general-news 2026-04-16
unknown After Bluesky, Mastodon Targeted in DDoS Attack news general-news 2026-04-22
unknown Most Serious Cyberattacks Against the UK Now From Russia, Iran and China, Cyber Chief Says news general-news 2026-04-22
unknown New Wiper Malware Targeted Venezuelan Energy Sector Prior to US Intervention  news general-news 2026-04-22
unknown North Korean Hackers Use AppleScript, ClickFix in Fresh macOS Attacks news general-news 2026-04-22
unknown Oracle Patches 450 Vulnerabilities With April 2026 CPU news general-news 2026-04-22
unknown UK Faces a Cyber ‘Perfect Storm’ Driven by Tech Advances and Nation State Threats, NCSC Warns news general-news 2026-04-22
unknown Trojanized Android App Fuels New Wave of NFC Fraud news general-news 2026-04-21
unknown Unchecked AI Agents Cause Cybersecurity Incidents at Two Thirds of Firms news general-news 2026-04-21
unknown Vercel Confirms Cyber Incident After Sophisticated Attacker Exploits Third‑Party Tool news general-news 2026-04-21
unknown Formbook Malware Campaign Uses Multiple Obfuscation Techniques to Avoid Detection news general-news 2026-04-20
unknown NCSC Outlines Coordinated Plan to Boost NHS Cyber Resilience news general-news 2026-04-20
unknown Commercial AI Models Show Rapid Gains in Vulnerability Research news general-news 2026-04-17
unknown APK Malformation Found in Thousands of Android Malware Samples news general-news 2026-04-16
unknown NIST Drops NVD Enrichment for Pre-March 2026 Vulnerabilities news general-news 2026-04-16
unknown Systemic Flaw in MCP Protocol Could Expose 150 Million Downloads news general-news 2026-04-16
unknown UK cyber agency handling four major incidents a week as nation-state attacks surge news general-news 2026-04-22
unknown The AI era demands a different kind of CISO news general-news 2026-04-22
unknown Scottish man pleads guilty to attack spree that created Scattered Spider’s notoriety news general-news 2026-04-21
unknown Mythos can find the vulnerability. It can’t tell you what to do about it. news general-news 2026-04-21
unknown Vercel’s security breach started with malware disguised as Roblox cheats news general-news 2026-04-20
unknown Network ‘background noise’ may predict the next big edge-device vulnerability news general-news 2026-04-20