| high |
CVE-2026-6747 — Use-after-free in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140… |
vulnerability |
nvd |
CVE-2026-6747 |
|
2026-04-21 |
| high |
CVE-2026-6746 — Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firef… |
vulnerability |
nvd |
CVE-2026-6746 |
|
2026-04-21 |
| high |
CVE-2026-40520 — FreePBX api module version 17.0.8 and prior contain a command injection vulnerability in the initiat… |
vulnerability |
nvd |
CVE-2026-40520 |
|
2026-04-21 |
| unknown |
Unchecked AI Agents Cause Cybersecurity Incidents at Two Thirds of Firms |
news |
general-news |
|
|
2026-04-21 |
| unknown |
NGate Campaign Targets Brazil, Trojanizes HandyPay to Steal NFC Data and PINs |
news |
general-news |
|
|
2026-04-21 |
| medium |
[Podcast] It's not you, it's your printer: State-sponsored and phishing threats in 2025 |
advisory |
vendor-blogs |
|
phishing |
2026-04-21 |
| unknown |
CVE-2026-32147 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erla… |
vulnerability |
nvd |
CVE-2026-32147 |
|
2026-04-21 |
| medium |
Highly destructive Lotus Wiper used in a targeted attack |
threat-intel |
otx |
c6d0f67db6a7dbf1… |
destructive attack, targeted campaign, critical infrastructure, batch scripts, venezuela, disk wiping, lotus wiper, energy sector, ransomware |
2026-04-21 |
| high |
Void Dokkaebi Uses Fake Job Interview Lure to Spread Malware via Code Repositories |
threat-intel |
otx |
166.88.4.2, 85.239.62.36, 23.27.20.143, 23.27.202.27, 23.27.120.142, 154.91.0.196, 198.105.127.210, 83.168.68.219 | 834a92277f1bd82d…, a12957e7627cb19f… |
dev#popper rat, omnistealer, git history tampering, vs code exploitation, worm propagation, supply chain attack, fake job interview, blockchain infrastructure, invisibleferret, repository poisoning, north korea, developer targeting, beavertail, ottercookie, supply-chain |
2026-04-21 |
| medium |
Phishing and MFA exploitation: Targeting the keys to the kingdom |
advisory |
vendor-blogs |
|
phishing |
2026-04-21 |
| critical |
Chinese APT Targets Indian Banks, Korean Policy Circles |
news |
general-news |
|
apt |
2026-04-21 |
| high |
Siemens SCALANCE |
advisory |
cisa-advisories, vendor-blogs |
|
ics |
2026-04-21 |
| high |
Siemens RUGGEDCOM CROSSBOW Station Access Controller (SAC) |
advisory |
cisa-advisories, vendor-blogs |
|
ics |
2026-04-21 |
| critical |
Hardy Barth Salia EV Charge Controller |
advisory |
cisa-advisories, vendor-blogs |
|
ics, rce |
2026-04-21 |
| high |
Silex Technology SD-330AC and AMC Manager |
advisory |
cisa-advisories, vendor-blogs |
|
phishing, ics, transport |
2026-04-21 |
| high |
Siemens RUGGEDCOM CROSSBOW Secure Access Manager Primary |
advisory |
cisa-advisories, vendor-blogs |
|
ics |
2026-04-21 |
| high |
Siemens Analytics Toolkit |
advisory |
cisa-advisories, vendor-blogs |
|
ics |
2026-04-21 |
| high |
Zero Motorcycles Firmware |
advisory |
cisa-advisories, vendor-blogs |
|
ics |
2026-04-21 |
| high |
SenseLive X3050 |
advisory |
cisa-advisories, vendor-blogs |
|
phishing, ics |
2026-04-21 |
| high |
Siemens Industrial Edge Management |
advisory |
cisa-advisories, vendor-blogs |
|
ics |
2026-04-21 |
| high |
Siemens TPM 2.0 |
advisory |
cisa-advisories, vendor-blogs |
|
botnet, ics |
2026-04-21 |
| high |
Siemens SINEC NMS |
advisory |
cisa-advisories, vendor-blogs |
|
ics |
2026-04-21 |
| critical |
No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks |
news |
general-news |
|
zeroday, supply-chain |
2026-04-21 |
| unknown |
CVE-2026-41039 — This vulnerability exists in Quantum Networks router due to improper access control and insecure def… |
vulnerability |
nvd |
CVE-2026-41039 |
|
2026-04-21 |
| unknown |
CVE-2026-41038 — This vulnerability exists in Quantum Networks router due to lack of enforcement of strong password p… |
vulnerability |
nvd |
CVE-2026-41038 |
|
2026-04-21 |
| unknown |
Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution |
news |
general-news |
|
|
2026-04-21 |
| unknown |
CVE-2026-6553 — Changing backend users' passwords via the user settings module results in storing the cleartext pass… |
vulnerability |
nvd |
CVE-2026-6553 |
|
2026-04-21 |
| unknown |
CVE-2026-41037 — This vulnerability exists in Quantum Networks router due to missing rate limiting and CAPTCHA protec… |
vulnerability |
nvd |
CVE-2026-41037 |
|
2026-04-21 |
| critical |
CVE-2026-41036 — This vulnerability exists in Quantum Networks router due to inadequate sanitization of user-supplied… |
vulnerability |
nvd |
CVE-2026-41036 |
rce |
2026-04-21 |
| unknown |
CVE-2026-3317 — Reflected Cross-Site Scripting (XSS) vulnerability in Navigate Content Management System. The vulner… |
vulnerability |
nvd |
CVE-2026-3317 |
|
2026-04-21 |
| high |
CVE-2026-39467 — Deserialization of Untrusted Data vulnerability in MetaSlider Responsive Slider by MetaSlider allows… |
vulnerability |
nvd |
CVE-2026-39467 |
|
2026-04-21 |
| unknown |
Bad Apples: Weaponizing native macOS primitives for movement and execution |
advisory |
vendor-blogs |
|
|
2026-04-21 |
| unknown |
CVE-2025-13826 — Zervit's portable HTTP/web server is vulnerable to remote DoS attacks when a configuration reset req… |
vulnerability |
nvd |
CVE-2025-13826 |
|
2026-04-21 |
| unknown |
Vercel Confirms Cyber Incident After Sophisticated Attacker Exploits Third‑Party Tool |
news |
general-news |
|
|
2026-04-21 |
| medium |
Zero-Day Local Privilege Escalation Exploit |
threat-intel |
otx |
57a70c383feb9af6…, 7933bb74a2b3289e… |
redsun, redsun.exe, microsoft defender, windows, zero-day, system access, privilege escalation, tieringengineservice, filesystem manipulation, zeroday |
2026-04-21 |
| unknown |
CVE-2026-41254 |
advisory |
vendor-blogs |
|
|
2026-04-21 |
| medium |
CVE-2026-6712 — The Website LLMs.txt plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin set… |
vulnerability |
nvd |
CVE-2026-6712 |
|
2026-04-21 |
| medium |
CVE-2026-6711 — The Website LLMs.txt plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 't… |
vulnerability |
nvd |
CVE-2026-6711 |
|
2026-04-21 |
| medium |
CVE-2026-31370 — Honor E APP is affected by information leak vulnerability, successful exploitation of this vulnerabi… |
vulnerability |
nvd |
CVE-2026-31370 |
|
2026-04-21 |
| low |
CVE-2026-31369 — PcManager is affected by type privilege bypass, successful exploitation of this vulnerability may af… |
vulnerability |
nvd |
CVE-2026-31369 |
|
2026-04-21 |
| high |
CVE-2026-31368 — AiAssistant is affected by type privilege bypass, successful exploitation of this vulnerability may… |
vulnerability |
nvd |
CVE-2026-31368 |
|
2026-04-21 |
| unknown |
CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines |
news |
general-news |
|
|
2026-04-21 |
| critical |
CVE-2026-5965 — NewSoftOA developed by NewSoft has an OS Command Injection vulnerability, allowing unauthenticated l… |
vulnerability |
nvd |
CVE-2026-5965 |
|
2026-04-21 |
| medium |
CVE-2026-6675 — The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to Una… |
vulnerability |
nvd |
CVE-2026-6675, CVE-2026-6703 |
|
2026-04-21 |
| medium |
CVE-2026-6674 — The Plugin: CMS für Motorrad Werkstätten plugin for WordPress is vulnerable to SQL Injection via the… |
vulnerability |
nvd |
CVE-2026-6674 |
|
2026-04-21 |
| high |
CVE-2026-40497 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, FreeScout's… |
vulnerability |
nvd |
CVE-2026-40497, CVE-2026-40565 |
|
2026-04-21 |
| medium |
CVE-2026-6058 — ** UNSUPPORTED WHEN ASSIGNED ** An improper encoding or escaping vulnerability in the CGI program of… |
vulnerability |
nvd |
CVE-2026-6058 |
|
2026-04-21 |
| critical |
CVE-2026-40496 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, attachment d… |
vulnerability |
nvd |
CVE-2026-40496 |
|
2026-04-21 |
| high |
CVE-2026-39973 — Apktool is a tool for reverse engineering Android APK files. In versions 3.0.0 and 3.0.1, a path tra… |
vulnerability |
nvd |
CVE-2026-39973 |
rce |
2026-04-21 |
| high |
CVE-2026-39886 — OpenEXR provides the specification and reference implementation of the EXR file format, an image sto… |
vulnerability |
nvd |
CVE-2026-39886, CVE-2026-40244, CVE-2026-40250 |
|
2026-04-21 |