| medium |
CVE-2026-35588 — Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Cassand… |
vulnerability |
nvd |
CVE-2026-35588 |
|
2026-04-21 |
| high |
CVE-2026-35587 — Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, a Server-Si… |
vulnerability |
nvd |
CVE-2026-35587 |
|
2026-04-21 |
| high |
CVE-2026-35570 — OpenClaude is an open-source coding-agent command line interface for cloud and local model providers… |
vulnerability |
nvd |
CVE-2026-35570 |
|
2026-04-21 |
| medium |
CVE-2026-34839 — Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Glances… |
vulnerability |
nvd |
CVE-2026-34839 |
|
2026-04-21 |
| medium |
CVE-2026-5721 — The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress i… |
vulnerability |
nvd |
CVE-2026-5721 |
|
2026-04-20 |
| medium |
CVE-2026-34082 — Dify is an open-source LLM app development platform. Prior to 1.13.1, the method `DELETE /console/ap… |
vulnerability |
nvd |
CVE-2026-34082 |
|
2026-04-20 |
| medium |
CVE-2026-6729 — HKUDS OpenHarness prior to PR #159 remediation contains a session key derivation vulnerability that… |
vulnerability |
nvd |
CVE-2026-6729 |
|
2026-04-20 |
| high |
CVE-2026-29643 — XiangShan (Open-source high-performance RISC-V processor) commit edb1dfaf7d290ae99724594507dc46c2c21… |
vulnerability |
nvd |
CVE-2026-29643, CVE-2026-29644 |
botnet |
2026-04-20 |
| unknown |
CVE-2026-22051 — StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9.0.13 and 12.0.0.6 are susceptible… |
vulnerability |
nvd |
CVE-2026-22051 |
|
2026-04-20 |
| medium |
CVE-2026-0930 — Potential read out of bounds case with wolfSSHd on Windows while handling a terminal resize request.… |
vulnerability |
nvd |
CVE-2026-0930 |
|
2026-04-20 |
| high |
CVE-2026-5928 — Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that h… |
vulnerability |
nvd |
CVE-2026-5928 |
|
2026-04-20 |
| critical |
CVE-2026-5450 — Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library ver… |
vulnerability |
nvd |
CVE-2026-5450 |
|
2026-04-20 |
| unknown |
CVE-2026-5358 — Rejected reason: REJECTED: CVE-2026-5358 is rejected for two reasons. Firstly it has been discovered… |
vulnerability |
nvd |
CVE-2026-5358 |
|
2026-04-20 |
| medium |
CVE-2026-4852 — The Image Source Control Lite – Show Image Credits and Captions plugin for WordPress is vulnerable t… |
vulnerability |
nvd |
CVE-2026-4852 |
|
2026-04-20 |
| high |
CVE-2026-34403 — Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.5, all WebSocket end… |
vulnerability |
nvd |
CVE-2026-34403 |
|
2026-04-20 |
| high |
CVE-2026-33626 — LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior… |
vulnerability |
nvd |
CVE-2026-33626 |
|
2026-04-20 |
| critical |
CVE-2026-33432 — Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions u… |
vulnerability |
nvd |
CVE-2026-33432 |
|
2026-04-20 |
| medium |
CVE-2026-33431 — Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to vers… |
vulnerability |
nvd |
CVE-2026-33431, CVE-2026-33076, CVE-2026-33077, CVE-2026-33208 |
|
2026-04-20 |
| high |
CVE-2026-33031 — Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, a user who was di… |
vulnerability |
nvd |
CVE-2026-33031 |
|
2026-04-20 |
| critical |
CVE-2026-32613 — Spinnaker is an open source, multi-cloud continuous delivery platform. Echo like some other services… |
vulnerability |
nvd |
CVE-2026-32613 |
|
2026-04-20 |
| critical |
CVE-2026-32604 — Spinnaker is an open source, multi-cloud continuous delivery platform. In versions prior to 2026.1.0… |
vulnerability |
nvd |
CVE-2026-32604 |
|
2026-04-20 |
| high |
CVE-2026-29648 — In OpenXiangShan NEMU, when Smstateen is enabled, clearing mstateen0.ENVCFG does not correctly restr… |
vulnerability |
nvd |
CVE-2026-29648 |
|
2026-04-20 |
| medium |
CVE-2026-29647 — In OpenXiangShan NEMU, insufficient Smstateen permission enforcement allows lower-privileged code to… |
vulnerability |
nvd |
CVE-2026-29647 |
|
2026-04-20 |
| critical |
CVE-2026-29646 — In OpenXiangShan NEMU prior to 55295c4, when running with RVH (Hypervisor extension) enabled, a VS-m… |
vulnerability |
nvd |
CVE-2026-29646 |
|
2026-04-20 |
| high |
CVE-2026-29642 — A local attacker who can execute privileged CSR operations (or can induce firmware to do so) perform… |
vulnerability |
nvd |
CVE-2026-29642 |
|
2026-04-20 |
| unknown |
Vercel Employee's AI Tool Access Led to Data Breach |
news |
general-news |
|
|
2026-04-20 |
| unknown |
Serial-to-IP Devices Hide Thousands of Old & New Bugs |
news |
general-news |
|
|
2026-04-20 |
| medium |
Abusing OAuth Device Code Flow |
threat-intel |
otx |
|
persistent access, microsoft entra id, device code flow, graph api, oauth, phishing, credential theft, token hijacking |
2026-04-20 |
| medium |
CVE-2026-6550 — Cryptographic algorithm downgrade in the caching layer of Amazon AWS Encryption SDK for Python befor… |
vulnerability |
nvd |
CVE-2026-6550 |
|
2026-04-20 |
| critical |
CVE-2026-6257 — Vvveb CMS v1.0.8 contains a remote code execution vulnerability in its media management functionalit… |
vulnerability |
nvd |
CVE-2026-6257 |
rce |
2026-04-20 |
| high |
CVE-2026-6249 — Vvveb CMS 1.0.8 contains a remote code execution vulnerability in its media upload handler that allo… |
vulnerability |
nvd |
CVE-2026-6249 |
rce |
2026-04-20 |
| high |
CVE-2026-5478 — The Everest Forms plugin for WordPress is vulnerable to Arbitrary File Read and Deletion in all vers… |
vulnerability |
nvd |
CVE-2026-5478 |
|
2026-04-20 |
| critical |
CVE-2026-32311 — Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, tr… |
vulnerability |
nvd |
CVE-2026-32311 |
|
2026-04-20 |
| high |
CVE-2026-32135 — NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Versions prior to 0.24.11 have… |
vulnerability |
nvd |
CVE-2026-32135 |
|
2026-04-20 |
| critical |
CVE-2026-29649 — NEMU contains an implementation flaw in its RISC-V Hypervisor CSR handling where henvcfg[7:4] (CBIE/… |
vulnerability |
nvd |
CVE-2026-29649 |
|
2026-04-20 |
| high |
CVE-2026-29645 — NEMU (OpenXiangShan/NEMU) before v2025.12.r2 contains an improper instruction-validation flaw in its… |
vulnerability |
nvd |
CVE-2026-29645 |
|
2026-04-20 |
| high |
CVE-2026-6248 — The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and… |
vulnerability |
nvd |
CVE-2026-6248 |
rce |
2026-04-20 |
| medium |
CVE-2026-6060 — A vulnerability in the SQL Box in the admin interface of OTRS leads to an uncontrolled resource cons… |
vulnerability |
nvd |
CVE-2026-6060 |
|
2026-04-20 |
| unknown |
CVE-2025-11249 — Rejected reason: This CVE id was assigned as a duplicate of CVE-2025-66414. |
vulnerability |
nvd |
CVE-2025-11249 |
|
2026-04-20 |
| medium |
CVE-2026-41389 — OpenClaw versions 2026.4.7 before 2026.4.15 fail to enforce local-root containment on tool-result me… |
vulnerability |
nvd |
CVE-2026-41389 |
|
2026-04-20 |
| medium |
CVE-2026-39112 — Cross Site Scripting vulnerability in Apartment Visitors Management System Apartment Visitors Manage… |
vulnerability |
nvd |
CVE-2026-39112 |
|
2026-04-20 |
| critical |
CVE-2026-39109 — SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management Sy… |
vulnerability |
nvd |
CVE-2026-39109, CVE-2026-39110, CVE-2026-39111 |
|
2026-04-20 |
| medium |
CVE-2026-26399 — A stack-use-after-return issue exists in the Arduino_Core_STM32 library prior to version 1.7.0. The… |
vulnerability |
nvd |
CVE-2026-26399 |
|
2026-04-20 |
| unknown |
CVE-2026-23758 — GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the ticket subjec… |
vulnerability |
nvd |
CVE-2026-23758 |
|
2026-04-20 |
| medium |
CVE-2026-23757 — GFI HelpDesk before 4.99.10 contains a stored cross-site scripting vulnerability in the Reports modu… |
vulnerability |
nvd |
CVE-2026-23757 |
|
2026-04-20 |
| medium |
CVE-2026-23756 — GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the Troubleshoote… |
vulnerability |
nvd |
CVE-2026-23756 |
|
2026-04-20 |
| medium |
CVE-2026-23753 — GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the language mana… |
vulnerability |
nvd |
CVE-2026-23753 |
|
2026-04-20 |
| medium |
CVE-2026-23752 — GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the template grou… |
vulnerability |
nvd |
CVE-2026-23752 |
|
2026-04-20 |
| high |
CVE-2026-6662 — A vulnerability was found in ericc-ch copilot-api up to 0.7.0. The impacted element is the function… |
vulnerability |
nvd |
CVE-2026-6662 |
|
2026-04-20 |
| high |
CVE-2026-41445 — KissFFT before commit 8a8e66e contains an integer overflow vulnerability in the kiss_fftndr_alloc()… |
vulnerability |
nvd |
CVE-2026-41445 |
|
2026-04-20 |