| medium |
CVE-2026-41126 — BigBlueButton is an open-source virtual classroom. Versions prior to 3.0.24 have an Open Redirect th… |
vulnerability |
nvd |
CVE-2026-41126 |
|
2026-04-22 |
| critical |
CVE-2026-41064 — WWBN AVideo is an open source video platform. In versions up to and including 29.0, an incomplete fi… |
vulnerability |
nvd |
CVE-2026-41064 |
|
2026-04-22 |
| critical |
CVE-2026-40575 — OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0… |
vulnerability |
nvd |
CVE-2026-40575, CVE-2026-41059 |
|
2026-04-22 |
| medium |
CVE-2026-40343 — free5GC UDR is the user data repository (UDR) for free5GC, an an open-source project for 5th generat… |
vulnerability |
nvd |
CVE-2026-40343 |
|
2026-04-22 |
| high |
CVE-2026-33825 — Microsoft Defender Insufficient Granularity of Access Control Vulnerability |
vulnerability |
cisa-kev, otx |
CVE-2026-33825 | 78.29.48.29, 212.232.23.69 | a2b6c7a9c4490df7… |
undefend, beigeburrow, nightmare-eclipse, cve-2026-33825, redsun, windows defender bypass, bluehammer, fortigate vpn, privilege escalation |
2026-04-22 |
| unknown |
CVE-2026-5921 — A server-side request forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that a… |
vulnerability |
nvd |
CVE-2026-5921 |
|
2026-04-21 |
| unknown |
CVE-2026-5845 — An improper authorization vulnerability in scoped user-to-server (ghu_) token authorization in GitHu… |
vulnerability |
nvd |
CVE-2026-5845 |
|
2026-04-21 |
| unknown |
CVE-2026-5512 — An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed an a… |
vulnerability |
nvd |
CVE-2026-5512 |
|
2026-04-21 |
| unknown |
CVE-2026-4872 — Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. |
vulnerability |
nvd |
CVE-2026-4872, CVE-2026-4049, CVE-2026-31534, CVE-2026-6175 |
|
2026-04-21 |
| unknown |
CVE-2026-4821 — An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Ser… |
vulnerability |
nvd |
CVE-2026-4821 |
|
2026-04-21 |
| unknown |
CVE-2026-4296 — An incorrect regular expression vulnerability was identified in GitHub Enterprise Server that allowe… |
vulnerability |
nvd |
CVE-2026-4296 |
|
2026-04-21 |
| medium |
CVE-2026-41063 — WWBN AVideo is an open source video platform. In versions 29.0 and below, an incomplete XSS fix in A… |
vulnerability |
nvd |
CVE-2026-41063 |
|
2026-04-21 |
| medium |
CVE-2026-41062 — WWBN AVideo is an open source video platform. In versions 29.0 and below, the directory traversal fi… |
vulnerability |
nvd |
CVE-2026-41062 |
|
2026-04-21 |
| medium |
CVE-2026-41061 — WWBN AVideo is an open source video platform. In versions 29.0 and below, the `isValidDuration()` re… |
vulnerability |
nvd |
CVE-2026-41061 |
ransomware |
2026-04-21 |
| high |
CVE-2026-41060 — WWBN AVideo is an open source video platform. In versions 29.0 and below, the `isSSRFSafeURL()` func… |
vulnerability |
nvd |
CVE-2026-41060 |
|
2026-04-21 |
| high |
CVE-2026-41058 — WWBN AVideo is an open source video platform. In versions 29.0 and below, the incomplete fix for AVi… |
vulnerability |
nvd |
CVE-2026-41058 |
botnet |
2026-04-21 |
| high |
CVE-2026-41057 — WWBN AVideo is an open source video platform. In versions 29.0 and below, the CORS origin validation… |
vulnerability |
nvd |
CVE-2026-41057 |
botnet |
2026-04-21 |
| high |
CVE-2026-41056 — WWBN AVideo is an open source video platform. In versions 29.0 and below, the `allowOrigin($allowAll… |
vulnerability |
nvd |
CVE-2026-41056 |
|
2026-04-21 |
| high |
CVE-2026-41055 — WWBN AVideo is an open source video platform. In versions 29.0 and below, an incomplete SSRF fix in… |
vulnerability |
nvd |
CVE-2026-41055 |
|
2026-04-21 |
| medium |
CVE-2026-40935 — WWBN AVideo is an open source video platform. In versions 29.0 and prior, `objects/getCaptcha.php` a… |
vulnerability |
nvd |
CVE-2026-40935 |
|
2026-04-21 |
| medium |
CVE-2026-40929 — WWBN AVideo is an open source video platform. In versions 29.0 and prior, `objects/commentDelete.jso… |
vulnerability |
nvd |
CVE-2026-40929 |
ransomware |
2026-04-21 |
| medium |
CVE-2026-40928 — WWBN AVideo is an open source video platform. In versions 29.0 and prior, multiple AVideo JSON endpo… |
vulnerability |
nvd |
CVE-2026-40928 |
|
2026-04-21 |
| high |
CVE-2026-40926 — WWBN AVideo is an open source video platform. In versions 29.0 and prior, three admin-only JSON endp… |
vulnerability |
nvd |
CVE-2026-40926 |
|
2026-04-21 |
| unknown |
CVE-2026-3307 — An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed an att… |
vulnerability |
nvd |
CVE-2026-3307 |
|
2026-04-21 |
| high |
CVE-2026-6832 — Hermes WebUI contains an arbitrary file deletion vulnerability in the /api/session/delete endpoint t… |
vulnerability |
nvd |
CVE-2026-6832 |
|
2026-04-21 |
| low |
CVE-2026-6830 — nesquena hermes-webui contains an environment variable leakage vulnerability where profile switching… |
vulnerability |
nvd |
CVE-2026-6830 |
|
2026-04-21 |
| medium |
CVE-2026-6829 — nesquena hermes-webui contains a trust-boundary failure vulnerability that allows authenticated atta… |
vulnerability |
nvd |
CVE-2026-6829 |
|
2026-04-21 |
| medium |
CVE-2026-6799 — A security flaw has been discovered in Comfast CF-N1-S 2.6.0.1. Affected by this issue is some unkno… |
vulnerability |
nvd |
CVE-2026-6799 |
|
2026-04-21 |
| medium |
CVE-2026-41527 — KDE Kleopatra before 26.08.0 on Windows allows local users to obtain the privileges of a Kleopatra u… |
vulnerability |
nvd |
CVE-2026-41527 |
|
2026-04-21 |
| unknown |
CVE-2026-40946 — Oxia is a metadata store and coordination system. Prior to 0.16.2, the OIDC authentication provider… |
vulnerability |
nvd |
CVE-2026-40946 |
|
2026-04-21 |
| unknown |
CVE-2026-40945 — Oxia is a metadata store and coordination system. Prior to 0.16.2, when OIDC authentication fails, t… |
vulnerability |
nvd |
CVE-2026-40945 |
|
2026-04-21 |
| unknown |
CVE-2026-40944 — Oxia is a metadata store and coordination system. Prior to 0.16.2, the trustedCertPool() function in… |
vulnerability |
nvd |
CVE-2026-40944 |
|
2026-04-21 |
| unknown |
CVE-2026-40943 — Oxia is a metadata store and coordination system. Prior to 0.16.2, a race condition between session… |
vulnerability |
nvd |
CVE-2026-40943 |
|
2026-04-21 |
| unknown |
CVE-2026-40939 — The Data Sharing Framework (DSF) implements a distributed process engine based on the BPMN 2.0 and F… |
vulnerability |
nvd |
CVE-2026-40939, CVE-2026-40942 |
|
2026-04-21 |
| critical |
CVE-2026-40933 — Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.… |
vulnerability |
nvd |
CVE-2026-40933, CVE-2026-41137, CVE-2026-41138, CVE-2026-41264, CVE-2026-41265, CVE-2026-41266, CVE-2026-41267, CVE-2026-41268, CVE-2026-41269, CVE-2026-41270, CVE-2026-41271, CVE-2026-41272, CVE-2026-41273, CVE-2026-41275, CVE-2026-41276, CVE-2026-41277, CVE-2026-41278, CVE-2026-41279, CVE-2026-41274 |
|
2026-04-21 |
| high |
CVE-2026-40931 — Compressing is a compressing and uncompressing lib for node. Prior to 2.1.1 and 1.10.5, the patch fo… |
vulnerability |
nvd |
CVE-2026-40931 |
|
2026-04-21 |
| high |
CVE-2026-40706 — In NTFS-3G 2022.10.3 before 2026.2.25, a heap buffer overflow exists in ntfs_build_permissions_posix… |
vulnerability |
nvd |
CVE-2026-40706 |
|
2026-04-21 |
| medium |
CVE-2026-1354 — Zero Motorcycles firmware versions 44 and prior enable an attacker to forcibly pair a device with th… |
vulnerability |
nvd |
CVE-2026-1354 |
|
2026-04-21 |
| high |
CVE-2026-6823 — HKUDS OpenHarness prior to PR #147 remediation contains an insecure default configuration vulnerabil… |
vulnerability |
nvd |
CVE-2026-6823 |
|
2026-04-21 |
| medium |
CVE-2026-6797 — A vulnerability was identified in Sanluan PublicCMS up to 6.202506.d. Affected by this vulnerability… |
vulnerability |
nvd |
CVE-2026-6797 |
|
2026-04-21 |
| medium |
CVE-2026-6796 — A vulnerability was determined in Sanluan PublicCMS up to 6.202506.d. Affected is the function log_l… |
vulnerability |
nvd |
CVE-2026-6796 |
|
2026-04-21 |
| medium |
CVE-2026-40927 — Docmost is open-source collaborative wiki and documentation software. Prior to 0.80.0, when leaving… |
vulnerability |
nvd |
CVE-2026-40927 |
|
2026-04-21 |
| high |
CVE-2026-40925 — WWBN AVideo is an open source video platform. In versions 29.0 and prior, `objects/configurationUpda… |
vulnerability |
nvd |
CVE-2026-40925 |
|
2026-04-21 |
| medium |
CVE-2026-40923 — Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Prior to… |
vulnerability |
nvd |
CVE-2026-40923, CVE-2026-40924 |
|
2026-04-21 |
| critical |
CVE-2026-40911 — WWBN AVideo is an open source video platform. In versions 29.0 and prior, the YPTSocket plugin's Web… |
vulnerability |
nvd |
CVE-2026-40911 |
|
2026-04-21 |
| medium |
CVE-2026-40910 — frp is a fast reverse proxy. From 0.43.0 to 0.68.0, frp contains an authentication bypass in the HTT… |
vulnerability |
nvd |
CVE-2026-40910 |
|
2026-04-21 |
| critical |
CVE-2026-40906 — Electric is a Postgres sync engine. From 1.1.12 to before 1.5.0, the order_by parameter in the Elect… |
vulnerability |
nvd |
CVE-2026-40906 |
|
2026-04-21 |
| high |
CVE-2026-40905 — LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, a password reset poisonin… |
vulnerability |
nvd |
CVE-2026-40905 |
|
2026-04-21 |
| high |
CVE-2026-40895 — follow-redirects is an open source, drop-in replacement for Node's `http` and `https` modules that a… |
vulnerability |
nvd |
CVE-2026-40895 |
|
2026-04-21 |
| medium |
CVE-2026-35252 — Vulnerability in the Oracle Security Service product of Oracle Fusion Middleware (component: C Oracl… |
vulnerability |
nvd |
CVE-2026-35252 |
|
2026-04-21 |