| medium |
CVE-2026-22003 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co… |
vulnerability |
nvd |
CVE-2026-22003 |
|
2026-04-21 |
| medium |
CVE-2026-22001 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). S… |
vulnerability |
nvd |
CVE-2026-22001, CVE-2026-22015 |
|
2026-04-21 |
| medium |
CVE-2026-21999 — Vulnerability in the XML Database component of Oracle Database Server. Supported versions that are a… |
vulnerability |
nvd |
CVE-2026-21999 |
|
2026-04-21 |
| medium |
CVE-2026-21998 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported… |
vulnerability |
nvd |
CVE-2026-21998, CVE-2026-22002, CVE-2026-22005, CVE-2026-22009, CVE-2026-22017, CVE-2026-34267, CVE-2026-34272, CVE-2026-34278, CVE-2026-34303, CVE-2026-35240 |
|
2026-04-21 |
| high |
CVE-2026-21997 — Vulnerability in the Oracle Life Sciences Empirica Signal product of Oracle Life Science Application… |
vulnerability |
nvd |
CVE-2026-21997 |
|
2026-04-21 |
| high |
CVE-2025-70420 — A SQL injection vulnerability exists in Genesys Latitude v25.1.0.420 that allows an authenticated at… |
vulnerability |
nvd |
CVE-2025-70420 |
|
2026-04-21 |
| critical |
Ransomware Negotiator Pleads Guilty to BlackCat Scheme |
news |
general-news |
|
ransomware |
2026-04-21 |
| high |
CVE-2026-6819 — HKUDS OpenHarness prior to PR #156 remediation exposes plugin lifecycle commands including /plugin i… |
vulnerability |
nvd |
CVE-2026-6819 |
|
2026-04-21 |
| medium |
CVE-2026-41320 — Frappe HR is an open-source human resources management solution (HRMS). Prior to versions 15.54.0 an… |
vulnerability |
nvd |
CVE-2026-41320 |
|
2026-04-21 |
| high |
CVE-2026-40909 — WWBN AVideo is an open source video platform. In versions 29.0 and prior, the locale save endpoint (… |
vulnerability |
nvd |
CVE-2026-40909 |
botnet, rce |
2026-04-21 |
| medium |
CVE-2026-40908 — WWBN AVideo is an open source video platform. In versions 29.0 and prior, the file `git.json.php` at… |
vulnerability |
nvd |
CVE-2026-40908 |
|
2026-04-21 |
| medium |
CVE-2026-40907 — WWBN AVideo is an open source video platform. In versions 29.0 and prior, the endpoint `plugin/Live/… |
vulnerability |
nvd |
CVE-2026-40907 |
|
2026-04-21 |
| critical |
CVE-2026-40903 — goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs has an ArtiPACKED vulnerabil… |
vulnerability |
nvd |
CVE-2026-40903 |
|
2026-04-21 |
| high |
CVE-2026-40890 — The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering… |
vulnerability |
nvd |
CVE-2026-40890 |
|
2026-04-21 |
| medium |
CVE-2026-40889 — Frappe HR is an open-source human resources management solution (HRMS). Prior to versions 15.58.2 an… |
vulnerability |
nvd |
CVE-2026-40889 |
|
2026-04-21 |
| unknown |
CVE-2026-40888 — Frappe HR is an open-source human resources management solution (HRMS). Prior to versions 15.58.1 an… |
vulnerability |
nvd |
CVE-2026-40888 |
|
2026-04-21 |
| critical |
CVE-2026-40887 — Vendure is an open-source headless commerce platform. Starting in version 1.7.4 and prior to version… |
vulnerability |
nvd |
CVE-2026-40887 |
|
2026-04-21 |
| critical |
CVE-2026-40885 — goshs is a SimpleHTTPServer written in Go. From 2.0.0-beta.4 to 2.0.0-beta.5, goshs leaks file-based… |
vulnerability |
nvd |
CVE-2026-40885 |
ransomware |
2026-04-21 |
| critical |
CVE-2026-40884 — goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs contains an SFTP authenticat… |
vulnerability |
nvd |
CVE-2026-40884 |
|
2026-04-21 |
| unknown |
CVE-2026-40883 — goshs is a SimpleHTTPServer written in Go. From 2.0.0-beta.4 to 2.0.0-beta.5, goshs contains a cross… |
vulnerability |
nvd |
CVE-2026-40883 |
|
2026-04-21 |
| unknown |
CVE-2026-40881 — ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-network vers… |
vulnerability |
nvd |
CVE-2026-40881 |
|
2026-04-21 |
| unknown |
CVE-2026-40880 — ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and zebra-consensus ve… |
vulnerability |
nvd |
CVE-2026-40880 |
|
2026-04-21 |
| high |
CVE-2026-40879 — Nest is a framework for building scalable Node.js server-side applications. Prior to 11.1.19, when a… |
vulnerability |
nvd |
CVE-2026-40879 |
|
2026-04-21 |
| high |
CVE-2026-40876 — goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs contains an SFTP root escape… |
vulnerability |
nvd |
CVE-2026-40876 |
|
2026-04-21 |
| unknown |
CVE-2026-40872 — mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 20… |
vulnerability |
nvd |
CVE-2026-40872, CVE-2026-40873, CVE-2026-40874, CVE-2026-40875, CVE-2026-40878 |
|
2026-04-21 |
| high |
CVE-2026-40871 — mailcow: dockerized is an open source groupware/email suite based on docker. Versions prior to 2026-… |
vulnerability |
nvd |
CVE-2026-40871 |
|
2026-04-21 |
| high |
CVE-2026-40870 — Decidim is a participatory democracy framework. Starting in version 0.0.1 and prior to versions 0.30… |
vulnerability |
nvd |
CVE-2026-40870 |
|
2026-04-21 |
| high |
CVE-2026-40869 — Decidim is a participatory democracy framework. Starting in version 0.19.0 and prior to versions 0.3… |
vulnerability |
nvd |
CVE-2026-40869 |
|
2026-04-21 |
| critical |
CVE-2026-40372 — Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to… |
vulnerability |
nvd |
CVE-2026-40372 |
|
2026-04-21 |
| high |
CVE-2026-33813 — Parsing a WEBP image with an invalid, large size panics on 32-bit platforms. |
vulnerability |
nvd |
CVE-2026-33813 |
|
2026-04-21 |
| medium |
CVE-2026-33812 — Parsing a malicious font file can cause excessive memory allocation. |
vulnerability |
nvd |
CVE-2026-33812 |
|
2026-04-21 |
| low |
CVE-2026-6745 — A vulnerability was determined in Bagisto up to 2.3.15. Affected by this vulnerability is an unknown… |
vulnerability |
nvd |
CVE-2026-6745 |
|
2026-04-21 |
| medium |
CVE-2026-6744 — A vulnerability was found in Bagisto up to 2.3.15. Affected is the function copy of the component Do… |
vulnerability |
nvd |
CVE-2026-6744 |
|
2026-04-21 |
| unknown |
CVE-2026-41456 — Bludit CMS prior to commit 6732dde contains a reflected cross-site scripting vulnerability in the se… |
vulnerability |
nvd |
CVE-2026-41456 |
|
2026-04-21 |
| high |
CVE-2026-40868 — Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to 1.16.4, ky… |
vulnerability |
nvd |
CVE-2026-40868 |
|
2026-04-21 |
| unknown |
CVE-2026-40867 — Horilla is a free and open source Human Resource Management System (HRMS). In 1.5.0, a broken access… |
vulnerability |
nvd |
CVE-2026-40867 |
|
2026-04-21 |
| unknown |
CVE-2026-40865 — Horilla is a free and open source Human Resource Management System (HRMS). In 1.5.0, an insecure dir… |
vulnerability |
nvd |
CVE-2026-40865, CVE-2026-40866 |
|
2026-04-21 |
| critical |
CVE-2026-40614 — PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier,… |
vulnerability |
nvd |
CVE-2026-40614, CVE-2026-40892, CVE-2026-41415, CVE-2026-41416 |
|
2026-04-21 |
| high |
CVE-2026-40613 — Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.10.0, the STUN/TURN… |
vulnerability |
nvd |
CVE-2026-40613 |
|
2026-04-21 |
| medium |
CVE-2026-22751 — Vulnerability in Spring Spring Security. Applications that explicitly configure One-Time Token login… |
vulnerability |
nvd |
CVE-2026-22751 |
|
2026-04-21 |
| unknown |
Exploits Turn Windows Defender Into Attacker Tool |
news |
general-news |
|
|
2026-04-21 |
| critical |
SystemBC C2 Server Reveals 1,570+ Victims in The Gentlemen Ransomware Operation |
news |
general-news |
|
ransomware, botnet |
2026-04-21 |
| medium |
CVE-2026-41194 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the mailbox… |
vulnerability |
nvd |
CVE-2026-41194 |
|
2026-04-21 |
| critical |
CVE-2026-41193 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, FreeScout's… |
vulnerability |
nvd |
CVE-2026-41193 |
|
2026-04-21 |
| high |
CVE-2026-41192 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the reply an… |
vulnerability |
nvd |
CVE-2026-41192 |
ransomware |
2026-04-21 |
| high |
CVE-2026-40611 — Let's Encrypt client and ACME library written in Go (Lego). Prior to 4.34.0, the webroot HTTP-01 cha… |
vulnerability |
nvd |
CVE-2026-40611 |
|
2026-04-21 |
| medium |
CVE-2026-40608 — Next AI Draw.io is a next.js web application that integrates AI capabilities with draw.io diagrams.… |
vulnerability |
nvd |
CVE-2026-40608 |
|
2026-04-21 |
| medium |
CVE-2026-40606 — mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software… |
vulnerability |
nvd |
CVE-2026-40606 |
|
2026-04-21 |
| medium |
CVE-2026-40602 — The Home Assistant Command-line interface (hass-cli) is a command-line tool for Home Assistant. Up t… |
vulnerability |
nvd |
CVE-2026-40602 |
|
2026-04-21 |
| high |
CVE-2026-40599 — ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies.… |
vulnerability |
nvd |
CVE-2026-40599, CVE-2026-40604 |
|
2026-04-21 |