| unknown |
CVE-2026-4786 Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open() |
advisory |
vendor-blogs |
|
|
2026-04-22 |
| low |
CVE-2026-6842 — A flaw was found in nano. In environments with permissive umask settings, a local attacker can explo… |
vulnerability |
nvd |
CVE-2026-6842 |
|
2026-04-22 |
| high |
CVE-2026-6023 — In Progress® Telerik® UI for AJAX versions 2024.4.1114 through 2026.1.421, the RadFilter control is… |
vulnerability |
nvd |
CVE-2026-6023 |
rce |
2026-04-22 |
| high |
CVE-2026-6022 — In Progress® Telerik® UI for AJAX prior to 2026.1.421, RadAsyncUpload contains an uncontrolled resou… |
vulnerability |
nvd |
CVE-2026-6022 |
|
2026-04-22 |
| high |
CVE-2026-40542 — Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the cli… |
vulnerability |
nvd |
CVE-2026-40542 |
|
2026-04-22 |
| unknown |
UK Faces a Cyber ‘Perfect Storm’ Driven by Tech Advances and Nation State Threats, NCSC Warns |
news |
general-news |
|
|
2026-04-22 |
| unknown |
CVE-2026-31429 net: skb: fix cross-cache free of KFENCE-allocated skb head |
advisory |
vendor-blogs |
|
|
2026-04-22 |
| unknown |
CVE-2026-31430 X.509: Fix out-of-bounds access when parsing extensions |
advisory |
vendor-blogs |
|
|
2026-04-22 |
| critical |
Mustang Panda’s New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles |
news |
general-news |
|
apt, botnet |
2026-04-22 |
| medium |
CVE-2026-6840 — Missing bounds validation for operator could allow out of range operator-code lookup during model lo… |
vulnerability |
nvd |
CVE-2026-6840 |
|
2026-04-22 |
| medium |
CVE-2026-6839 — Improper validation of STRING tensor offsets could allows malformed string metadata to trigger out o… |
vulnerability |
nvd |
CVE-2026-6839 |
|
2026-04-22 |
| medium |
CVE-2026-41667 — Integer overflow in constant tensor data size calculation in Samsung Open Source ONE could cause inc… |
vulnerability |
nvd |
CVE-2026-41667 |
|
2026-04-22 |
| medium |
CVE-2026-41666 — Integer overflow in tensor copy size calculation in Samsung Open Source ONE could lead to out of bou… |
vulnerability |
nvd |
CVE-2026-41666 |
|
2026-04-22 |
| medium |
CVE-2026-41665 — Integer overflow in scratch buffer initialization size calculation in Samsung Open Source ONE cause… |
vulnerability |
nvd |
CVE-2026-41665 |
|
2026-04-22 |
| medium |
CVE-2026-41664 — Integer overflow in memory copy size calculation in Samsung Open Source ONE could lead to invalid me… |
vulnerability |
nvd |
CVE-2026-41664 |
|
2026-04-22 |
| medium |
CVE-2026-40450 — Integer overflow in output tensor copy size calculation in Samsung Open Source ONE could cause incor… |
vulnerability |
nvd |
CVE-2026-40450 |
|
2026-04-22 |
| medium |
CVE-2026-40449 — Integer overflow in buffer size calculation could result in out of bounds memory access when handlin… |
vulnerability |
nvd |
CVE-2026-40449 |
|
2026-04-22 |
| medium |
CVE-2026-40448 — Potential Integer overflow in tensor allocation size calculation could lead to insufficient memory a… |
vulnerability |
nvd |
CVE-2026-40448 |
|
2026-04-22 |
| unknown |
Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape |
news |
general-news |
|
|
2026-04-22 |
| medium |
March 2026 Phishing Email Trends Report |
threat-intel |
otx |
0e9bd0c9991b21b1… |
agenttesla, phishing email, trojan campaigns, fake invoices, remcosrat, script-based attacks, credential theft, html phishing, phishing, botnet, infostealer |
2026-04-22 |
| high |
CVE-2026-22754 — Vulnerability in Spring Spring Security. If an application uses <sec:intercept-url servlet-path="/se… |
vulnerability |
nvd |
CVE-2026-22754 |
|
2026-04-22 |
| high |
CVE-2026-22753 — Vulnerability in Spring Spring Security. If an application is using securityMatchers(String) and a P… |
vulnerability |
nvd |
CVE-2026-22753 |
|
2026-04-22 |
| medium |
CVE-2026-22748 — Vulnerability in Spring Spring Security. When an application configures JWT decoding with NimbusJwtD… |
vulnerability |
nvd |
CVE-2026-22748 |
|
2026-04-22 |
| medium |
CVE-2026-22747 — Vulnerability in Spring Spring Security. SubjectX500PrincipalExtractor does not correctly handle cer… |
vulnerability |
nvd |
CVE-2026-22747 |
|
2026-04-22 |
| low |
CVE-2026-22746 — Vulnerability in Spring Spring Security. If an application is using the UserDetails#isEnabled, #isAc… |
vulnerability |
nvd |
CVE-2026-22746 |
|
2026-04-22 |
| unknown |
CVE-2026-40451 — DeepL Chrome browser extension versions from v1.22.0 to v.1.23.0 contain a cross-site scripting vuln… |
vulnerability |
nvd |
CVE-2026-40451 |
|
2026-04-22 |
| medium |
CVE-2026-6835 — The a+HCM developed by aEnrich has an Arbitrary File Upload vulnerability, allowing unauthenticated… |
vulnerability |
nvd |
CVE-2026-6835 |
|
2026-04-22 |
| medium |
CVE-2026-6834 — The a+HRD developed by aEnrich has a Missing Authorization vulnerability, allowing authenticated rem… |
vulnerability |
nvd |
CVE-2026-6834 |
|
2026-04-22 |
| medium |
CVE-2026-6833 — The a+HRD developed by aEnrich has a SQL Injection vulnerability, allowing authenticated remote atta… |
vulnerability |
nvd |
CVE-2026-6833 |
|
2026-04-22 |
| low |
CVE-2026-6416 — Tanium addressed an uncontrolled resource consumption vulnerability in Interact. |
vulnerability |
nvd |
CVE-2026-6416 |
|
2026-04-22 |
| low |
CVE-2026-6408 — Tanium addressed an information disclosure vulnerability in Tanium Server. |
vulnerability |
nvd |
CVE-2026-6408 |
|
2026-04-22 |
| low |
CVE-2026-6392 — Tanium addressed an information disclosure vulnerability in Threat Response. |
vulnerability |
nvd |
CVE-2026-6392 |
|
2026-04-22 |
| medium |
CVE-2026-6386 — In order to apply a particular protection key to an address range, the kernel must update the corres… |
vulnerability |
nvd |
CVE-2026-6386 |
|
2026-04-22 |
| high |
CVE-2026-5398 — The implementation of TIOCNOTTY failed to clear a back-pointer from the structure representing the c… |
vulnerability |
nvd |
CVE-2026-5398 |
|
2026-04-22 |
| unknown |
CVE-2026-41458 — OwnTone Server versions 28.4 through 29.0 contain a race condition vulnerability in the DAAP login h… |
vulnerability |
nvd |
CVE-2026-41458 |
|
2026-04-22 |
| unknown |
CVE-2026-41457 — OwnTone Server versions 28.4 through 29.0 contain a SQL injection vulnerability in DAAP query and fi… |
vulnerability |
nvd |
CVE-2026-41457 |
|
2026-04-22 |
| unknown |
CVE-2026-41146 — facil.io is a C micro-framework for web applications. Prior to commit 5128747363055201d3ecf0e29bf0a9… |
vulnerability |
nvd |
CVE-2026-41146 |
|
2026-04-22 |
| high |
Same packet, different magic: Hits India's banking sector and Korea geopolitics |
threat-intel |
otx |
172.81.60.97 | cc0ff7e25ea68617…, 5abac6560eeb77f7… |
espionage, chm files, backdoor, south korea diplomacy, lotuslite, dll sideloading, india banking, javascript loader, botnet |
2026-04-22 |
| high |
Mach-O Man Malware: What CISOs Need to Know |
threat-intel |
otx |
172.86.113.102 | a73ce18952b40fd6… |
mach-o man, browser stealing, pylangghostrat, social engineering, macos, mach-o binaries, telegram exfiltration, credential theft, clickfix, fintech targeting, apt, phishing |
2026-04-22 |
| unknown |
CVE-2026-40344 — MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prio… |
vulnerability |
nvd |
CVE-2026-40344, CVE-2026-41145 |
|
2026-04-22 |
| critical |
CVE-2026-41304 — WWBN AVideo is an open source video platform. In versions 29.0 and below, the `cloneServer.json.php`… |
vulnerability |
nvd |
CVE-2026-41304 |
botnet, rce |
2026-04-22 |
| low |
CVE-2026-41144 — F´ (F Prime) is a framework that enables development and deployment of spaceflight and other embedde… |
vulnerability |
nvd |
CVE-2026-41144 |
rce |
2026-04-22 |
| medium |
CVE-2026-41136 — free5GC AMF provides Access & Mobility Management Function (AMF) for free5GC, an an open-source proj… |
vulnerability |
nvd |
CVE-2026-41136 |
|
2026-04-22 |
| high |
CVE-2026-41135 — free5GC UDR is the Policy Control Function (PCF) for free5GC, an an open-source project for 5th gene… |
vulnerability |
nvd |
CVE-2026-41135 |
|
2026-04-22 |
| high |
CVE-2026-41133 — pyLoad is a free and open-source download manager written in Python. Versions up to and including 0.… |
vulnerability |
nvd |
CVE-2026-41133 |
|
2026-04-22 |
| medium |
CVE-2026-41131 — OpenFGA is an authorization/permission engine built for developers. Prior to version 1.14.1, in spec… |
vulnerability |
nvd |
CVE-2026-41131 |
|
2026-04-22 |
| unknown |
CVE-2026-41130 — Craft CMS is a content management system (CMS). In versions on the 4.x branch through 4.17.8 and the… |
vulnerability |
nvd |
CVE-2026-41130 |
|
2026-04-22 |
| unknown |
CVE-2026-41129 — Craft CMS is a content management system (CMS). Versions on the 4.x branch through 4.17.8 and the 5.… |
vulnerability |
nvd |
CVE-2026-41129 |
|
2026-04-22 |
| unknown |
CVE-2026-41128 — Craft CMS is a content management system (CMS). In versions 5.6.0 through 5.9.14, the `actionSavePer… |
vulnerability |
nvd |
CVE-2026-41128 |
|
2026-04-22 |
| medium |
CVE-2026-41127 — BigBlueButton is an open-source virtual classroom. Versions prior to 3.0.24 have a missing authoriza… |
vulnerability |
nvd |
CVE-2026-41127 |
|
2026-04-22 |