| unknown |
CVE-2026-41038 — This vulnerability exists in Quantum Networks router due to lack of enforcement of strong password p… |
vulnerability |
nvd |
CVE-2026-41038 |
|
2026-04-21 |
| unknown |
Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution |
news |
general-news |
|
|
2026-04-21 |
| unknown |
CVE-2026-6553 — Changing backend users' passwords via the user settings module results in storing the cleartext pass… |
vulnerability |
nvd |
CVE-2026-6553 |
|
2026-04-21 |
| unknown |
CVE-2026-41037 — This vulnerability exists in Quantum Networks router due to missing rate limiting and CAPTCHA protec… |
vulnerability |
nvd |
CVE-2026-41037 |
|
2026-04-21 |
| critical |
CVE-2026-41036 — This vulnerability exists in Quantum Networks router due to inadequate sanitization of user-supplied… |
vulnerability |
nvd |
CVE-2026-41036 |
rce |
2026-04-21 |
| unknown |
CVE-2026-3317 — Reflected Cross-Site Scripting (XSS) vulnerability in Navigate Content Management System. The vulner… |
vulnerability |
nvd |
CVE-2026-3317 |
|
2026-04-21 |
| high |
CVE-2026-39467 — Deserialization of Untrusted Data vulnerability in MetaSlider Responsive Slider by MetaSlider allows… |
vulnerability |
nvd |
CVE-2026-39467 |
|
2026-04-21 |
| unknown |
Bad Apples: Weaponizing native macOS primitives for movement and execution |
advisory |
vendor-blogs |
|
|
2026-04-21 |
| unknown |
CVE-2025-13826 — Zervit's portable HTTP/web server is vulnerable to remote DoS attacks when a configuration reset req… |
vulnerability |
nvd |
CVE-2025-13826 |
|
2026-04-21 |
| unknown |
Vercel Confirms Cyber Incident After Sophisticated Attacker Exploits Third‑Party Tool |
news |
general-news |
|
|
2026-04-21 |
| medium |
Zero-Day Local Privilege Escalation Exploit |
threat-intel |
otx |
57a70c383feb9af6…, 7933bb74a2b3289e… |
redsun, redsun.exe, microsoft defender, windows, zero-day, system access, privilege escalation, tieringengineservice, filesystem manipulation, zeroday |
2026-04-21 |
| unknown |
CVE-2026-41254 |
advisory |
vendor-blogs |
|
|
2026-04-21 |
| medium |
CVE-2026-6712 — The Website LLMs.txt plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin set… |
vulnerability |
nvd |
CVE-2026-6712 |
|
2026-04-21 |
| medium |
CVE-2026-6711 — The Website LLMs.txt plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 't… |
vulnerability |
nvd |
CVE-2026-6711 |
|
2026-04-21 |
| medium |
CVE-2026-31370 — Honor E APP is affected by information leak vulnerability, successful exploitation of this vulnerabi… |
vulnerability |
nvd |
CVE-2026-31370 |
|
2026-04-21 |
| low |
CVE-2026-31369 — PcManager is affected by type privilege bypass, successful exploitation of this vulnerability may af… |
vulnerability |
nvd |
CVE-2026-31369 |
|
2026-04-21 |
| high |
CVE-2026-31368 — AiAssistant is affected by type privilege bypass, successful exploitation of this vulnerability may… |
vulnerability |
nvd |
CVE-2026-31368 |
|
2026-04-21 |
| unknown |
CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines |
news |
general-news |
|
|
2026-04-21 |
| critical |
CVE-2026-5965 — NewSoftOA developed by NewSoft has an OS Command Injection vulnerability, allowing unauthenticated l… |
vulnerability |
nvd |
CVE-2026-5965 |
|
2026-04-21 |
| medium |
CVE-2026-6675 — The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to Una… |
vulnerability |
nvd |
CVE-2026-6675, CVE-2026-6703 |
|
2026-04-21 |
| medium |
CVE-2026-6674 — The Plugin: CMS für Motorrad Werkstätten plugin for WordPress is vulnerable to SQL Injection via the… |
vulnerability |
nvd |
CVE-2026-6674 |
|
2026-04-21 |
| high |
CVE-2026-40497 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, FreeScout's… |
vulnerability |
nvd |
CVE-2026-40497, CVE-2026-40565 |
|
2026-04-21 |
| medium |
CVE-2026-6058 — ** UNSUPPORTED WHEN ASSIGNED ** An improper encoding or escaping vulnerability in the CGI program of… |
vulnerability |
nvd |
CVE-2026-6058 |
|
2026-04-21 |
| critical |
CVE-2026-40496 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, attachment d… |
vulnerability |
nvd |
CVE-2026-40496 |
|
2026-04-21 |
| high |
CVE-2026-39973 — Apktool is a tool for reverse engineering Android APK files. In versions 3.0.0 and 3.0.1, a path tra… |
vulnerability |
nvd |
CVE-2026-39973 |
rce |
2026-04-21 |
| high |
CVE-2026-39886 — OpenEXR provides the specification and reference implementation of the EXR file format, an image sto… |
vulnerability |
nvd |
CVE-2026-39886, CVE-2026-40244, CVE-2026-40250 |
|
2026-04-21 |
| high |
CVE-2026-39866 — Lawnchair is a free, open-source home app for Android. Prior to commit fcba413f55dd47f8a392144525284… |
vulnerability |
nvd |
CVE-2026-39866 |
|
2026-04-21 |
| medium |
macOS ClickFix Campaign: AppleScript Stealers & New Terminal Protections |
threat-intel |
otx |
172.94.9.250, 172.94.9.250 | c07a15640065580e…, e12285f507c847b9… |
clickfix, macos, session hijacking, credential harvesting, cryptocurrency wallet theft, applescript, social engineering, browser data exfiltration, infostealer, phishing |
2026-04-21 |
| low |
CVE-2026-40264 — OpenBao is an open source identity-based secrets management system. OpenBao's namespaces provide mul… |
vulnerability |
nvd |
CVE-2026-40264 |
|
2026-04-21 |
| medium |
CVE-2026-39946 — OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, when Ope… |
vulnerability |
nvd |
CVE-2026-39946 |
|
2026-04-21 |
| critical |
CVE-2026-39861 — Claude Code is an agentic coding tool. Prior to version 2.1.64, Claude Code's sandbox did not preven… |
vulnerability |
nvd |
CVE-2026-39861 |
|
2026-04-21 |
| low |
CVE-2026-39396 — OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, `Extract… |
vulnerability |
nvd |
CVE-2026-39396 |
|
2026-04-21 |
| low |
CVE-2026-39388 — OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, OpenBao'… |
vulnerability |
nvd |
CVE-2026-39388 |
|
2026-04-21 |
| high |
CVE-2026-39386 — Neko is a a self-hosted virtual browser that runs in Docker and uses WebRTC In versions 3.0.0 throug… |
vulnerability |
nvd |
CVE-2026-39386 |
|
2026-04-21 |
| medium |
CVE-2026-39377 — The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja… |
vulnerability |
nvd |
CVE-2026-39377, CVE-2026-39378 |
|
2026-04-21 |
| high |
CVE-2026-39320 — Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.25… |
vulnerability |
nvd |
CVE-2026-39320 |
|
2026-04-21 |
| medium |
CVE-2026-41331 — OpenClaw before 2026.3.31 contains a resource consumption vulnerability in Telegram audio preflight… |
vulnerability |
nvd |
CVE-2026-41331 |
|
2026-04-21 |
| medium |
CVE-2026-41330 — OpenClaw before 2026.3.31 contains an environment variable override vulnerability in host exec polic… |
vulnerability |
nvd |
CVE-2026-41330 |
|
2026-04-21 |
| critical |
CVE-2026-41329 — OpenClaw before 2026.3.31 contains a sandbox bypass vulnerability allowing attackers to escalate pri… |
vulnerability |
nvd |
CVE-2026-41329 |
|
2026-04-21 |
| high |
CVE-2026-41303 — OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in Discord text approval co… |
vulnerability |
nvd |
CVE-2026-41303 |
|
2026-04-21 |
| medium |
CVE-2026-41301 — OpenClaw versions 2026.3.22 before 2026.3.31 contain a signature verification bypass vulnerability i… |
vulnerability |
nvd |
CVE-2026-41301 |
|
2026-04-21 |
| medium |
CVE-2026-41300 — OpenClaw before 2026.3.31 contains a trust-decline vulnerability that preserves attacker-discovered… |
vulnerability |
nvd |
CVE-2026-41300 |
|
2026-04-21 |
| high |
CVE-2026-41299 — OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in the chat.send gateway me… |
vulnerability |
nvd |
CVE-2026-41299 |
|
2026-04-21 |
| medium |
CVE-2026-41298 — OpenClaw before 2026.4.2 fails to enforce write scopes on the POST /sessions/:sessionKey/kill endpoi… |
vulnerability |
nvd |
CVE-2026-41298 |
|
2026-04-21 |
| high |
CVE-2026-41297 — OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace pl… |
vulnerability |
nvd |
CVE-2026-41297, CVE-2026-41302 |
|
2026-04-21 |
| high |
CVE-2026-41296 — OpenClaw before 2026.3.31 contains a time-of-check-time-of-use race condition in the remote filesyst… |
vulnerability |
nvd |
CVE-2026-41296 |
|
2026-04-21 |
| high |
CVE-2026-41295 — OpenClaw before 2026.4.2 contains an improper trust boundary vulnerability allowing untrusted worksp… |
vulnerability |
nvd |
CVE-2026-41295 |
|
2026-04-21 |
| high |
CVE-2026-41294 — OpenClaw before 2026.3.28 loads the current working directory .env file before trusted state-dir con… |
vulnerability |
nvd |
CVE-2026-41294 |
|
2026-04-21 |
| medium |
CVE-2026-41285 — In OpenBSD through 7.8, the slaacd and rad daemons have an infinite loop when they receive a crafted… |
vulnerability |
nvd |
CVE-2026-41285 |
|
2026-04-21 |
| medium |
CVE-2026-40045 — OpenClaw before 2026.4.2 accepts non-loopback cleartext ws:// gateway endpoints and transmits stored… |
vulnerability |
nvd |
CVE-2026-40045 |
|
2026-04-21 |