| medium |
CVE-2026-40594 — pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev98, the set… |
vulnerability |
nvd |
CVE-2026-40594 |
|
2026-04-21 |
| high |
CVE-2026-40588 — blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, the password change form at… |
vulnerability |
nvd |
CVE-2026-40588 |
|
2026-04-21 |
| medium |
CVE-2026-40587 — blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, when a user changes their pa… |
vulnerability |
nvd |
CVE-2026-40587 |
|
2026-04-21 |
| low |
CVE-2026-6743 — A vulnerability has been found in WebSystems WebTOTUM 2026. This impacts an unknown function of the… |
vulnerability |
nvd |
CVE-2026-6743 |
|
2026-04-21 |
| critical |
CVE-2026-5652 — An insecure direct object reference vulnerability in the Users API component of Crafty Controller al… |
vulnerability |
nvd |
CVE-2026-5652 |
|
2026-04-21 |
| high |
CVE-2026-41191 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, `MailboxesCo… |
vulnerability |
nvd |
CVE-2026-41191 |
|
2026-04-21 |
| high |
CVE-2026-41190 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, when `APP_SH… |
vulnerability |
nvd |
CVE-2026-41190 |
|
2026-04-21 |
| high |
CVE-2026-41189 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, customer-thr… |
vulnerability |
nvd |
CVE-2026-41189 |
|
2026-04-21 |
| medium |
CVE-2026-41183 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the assigned… |
vulnerability |
nvd |
CVE-2026-41183 |
|
2026-04-21 |
| medium |
CVE-2026-40592 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the undo-sen… |
vulnerability |
nvd |
CVE-2026-40592 |
|
2026-04-21 |
| high |
CVE-2026-40591 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the phone-co… |
vulnerability |
nvd |
CVE-2026-40591 |
|
2026-04-21 |
| medium |
CVE-2026-40590 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the Change C… |
vulnerability |
nvd |
CVE-2026-40590 |
|
2026-04-21 |
| high |
CVE-2026-40589 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, a low-privil… |
vulnerability |
nvd |
CVE-2026-40589 |
|
2026-04-21 |
| high |
CVE-2026-40586 — blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, the login form handler perfo… |
vulnerability |
nvd |
CVE-2026-40586 |
|
2026-04-21 |
| high |
CVE-2026-40585 — blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, when a password reset is ini… |
vulnerability |
nvd |
CVE-2026-40585 |
|
2026-04-21 |
| critical |
CVE-2026-40584 — RansomLook is a tool to monitor Ransomware groups and markets and extract their victims. Prior to 1.… |
vulnerability |
nvd |
CVE-2026-40584 |
ransomware |
2026-04-21 |
| unknown |
CVE-2026-40583 — UltraDAG is a minimal DAG-BFT blockchain in Rust. In version 0.1, a non-council attacker can submit… |
vulnerability |
nvd |
CVE-2026-40583 |
|
2026-04-21 |
| critical |
CVE-2026-40576 — excel-mcp-server is a Model Context Protocol server for Excel file manipulation. A path traversal vu… |
vulnerability |
nvd |
CVE-2026-40576 |
|
2026-04-21 |
| medium |
CVE-2026-40574 — OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Prior to 7.15.2… |
vulnerability |
nvd |
CVE-2026-40574 |
|
2026-04-21 |
| unknown |
CVE-2026-40570 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, the `load_cu… |
vulnerability |
nvd |
CVE-2026-40570 |
|
2026-04-21 |
| critical |
CVE-2026-40569 — FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a mass… |
vulnerability |
nvd |
CVE-2026-40569 |
ransomware, phishing |
2026-04-21 |
| high |
CVE-2026-40568 — FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a store… |
vulnerability |
nvd |
CVE-2026-40568 |
phishing |
2026-04-21 |
| medium |
CVE-2026-40566 — FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a Serve… |
vulnerability |
nvd |
CVE-2026-40566 |
|
2026-04-21 |
| low |
CVE-2026-40279 — BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3,… |
vulnerability |
nvd |
CVE-2026-40279, CVE-2026-41475, CVE-2026-41502, CVE-2026-41503 |
|
2026-04-21 |
| high |
CVE-2026-40161 — Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. From 1.0.… |
vulnerability |
nvd |
CVE-2026-40161, CVE-2026-40938 |
|
2026-04-21 |
| critical |
CVE-2026-40050 — CrowdStrike has released security updates to address a critical unauthenticated path traversal vulne… |
vulnerability |
nvd |
CVE-2026-40050 |
|
2026-04-21 |
| critical |
CVE-2026-38835 — Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the formSetUSB… |
vulnerability |
nvd |
CVE-2026-38835 |
|
2026-04-21 |
| high |
CVE-2026-38834 — Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the do_ping_ac… |
vulnerability |
nvd |
CVE-2026-38834 |
|
2026-04-21 |
| medium |
CVE-2026-35451 — Twenty is an open source CRM. Prior to 1.20.6, a Stored Cross-Site Scripting (XSS) vulnerability exi… |
vulnerability |
nvd |
CVE-2026-35451 |
|
2026-04-21 |
| medium |
CVE-2026-30452 — Textpattern CMS 4.9.0 contains a Broken Access Control vulnerability in the article management syste… |
vulnerability |
nvd |
CVE-2026-30452 |
|
2026-04-21 |
| low |
CVE-2026-29179 — October is a Content Management System (CMS) and web platform. Prior to 3.7.16 and 4.1.16, fine-grai… |
vulnerability |
nvd |
CVE-2026-29179 |
|
2026-04-21 |
| low |
CVE-2026-27937 — October is a Content Management System (CMS) and web platform. Prior to 3.7.16 and 4.1.16, a reflect… |
vulnerability |
nvd |
CVE-2026-27937 |
|
2026-04-21 |
| medium |
CVE-2026-26274 — October is a Content Management System (CMS) and web platform. Prior to 3.7.14 and 4.1.10, a vulnera… |
vulnerability |
nvd |
CVE-2026-26274 |
|
2026-04-21 |
| medium |
CVE-2026-26067 — October is a Content Management System (CMS) and web platform. Prior to 3.7.14 and 4.1.10, a server-… |
vulnerability |
nvd |
CVE-2026-26067 |
|
2026-04-21 |
| medium |
CVE-2026-25542 — Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. From 0.43… |
vulnerability |
nvd |
CVE-2026-25542 |
|
2026-04-21 |
| high |
CVE-2026-24189 — NVIDIA CUDA-Q contains a vulnerability in an endpoint, where an unauthenticated attacker could cause… |
vulnerability |
nvd |
CVE-2026-24189 |
|
2026-04-21 |
| high |
CVE-2026-24177 — NVIDIA KAI Scheduler contains a vulnerability where an attacker could access API endpoints without a… |
vulnerability |
nvd |
CVE-2026-24177 |
|
2026-04-21 |
| medium |
CVE-2026-24176 — NVIDIA KAI Scheduler contains a vulnerability where an attacker could cause improper authorization t… |
vulnerability |
nvd |
CVE-2026-24176 |
|
2026-04-21 |
| critical |
CVE-2026-21571 — This Critical severity OS Command Injection vulnerability was introduced in versions 9.6.0, 10.0.0,… |
vulnerability |
nvd |
CVE-2026-21571 |
rce |
2026-04-21 |
| medium |
New NGate variant hides in a trojanized NFC payment app |
threat-intel |
otx |
108.165.230.223 | 6e3eea7fb31b8e81…, d142bb04f32a50db… |
handypay trojanization, brazil targeting, ngate, fake lottery, nfc relay, ai-generated code, pin theft, phantomcard, payment card fraud, ransomware, botnet |
2026-04-21 |
| critical |
CVE-2026-40498 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthent… |
vulnerability |
nvd |
CVE-2026-40498, CVE-2026-40567 |
|
2026-04-21 |
| high |
CVE-2026-37748 — Visitor Management System 1.0 by sanjay1313 is vulnerable to Unrestricted File Upload in vms/php/adm… |
vulnerability |
nvd |
CVE-2026-37748 |
rce |
2026-04-21 |
| unknown |
CVE-2025-41029 — SQL injection vulnerability in Zeon Academy Pro by Zeon Global Tech. This vulnerability allows an at… |
vulnerability |
nvd |
CVE-2025-41029 |
|
2026-04-21 |
| unknown |
CVE-2025-41011 — HTML injection vulnerability in PHP Point of Sale v19.4. This vulnerability allows an attacker to re… |
vulnerability |
nvd |
CVE-2025-41011 |
|
2026-04-21 |
| critical |
CVE-2025-15638 — Net::Dropbear versions before 0.14 for Perl contains a vulnerable version of libtomcrypt. Net::Dropb… |
vulnerability |
nvd |
CVE-2025-15638 |
|
2026-04-21 |
| unknown |
Trojanized Android App Fuels New Wave of NFC Fraud |
news |
general-news |
|
|
2026-04-21 |
| unknown |
22 BRIDGE:BREAK Flaws Expose Thousands of Lantronix and Silex Serial-to-IP Converters |
news |
general-news |
|
|
2026-04-21 |
| critical |
Surge in Bomgar RMM Exploitation Demonstrates Supply Chain Risk |
news |
general-news |
|
ransomware, rce, supply-chain |
2026-04-21 |
| high |
CVE-2026-5789 — Vulnerability related to an unquoted search path in CivetWeb v1.16. This vulnerability allows a loca… |
vulnerability |
nvd |
CVE-2026-5789 |
|
2026-04-21 |
| unknown |
CVE-2026-3298 — The method "sock_recvfrom_into()" of "asyncio.ProacterEventLoop" (Windows only) was missing a bounda… |
vulnerability |
nvd |
CVE-2026-3298 |
|
2026-04-21 |