| medium |
CVE-2026-35154 — Dell PowerProtect Data Domain appliances, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions… |
vulnerability |
nvd |
CVE-2026-35154 |
|
2026-04-20 |
| critical |
CVE-2026-30269 — Improper access control in Doorman v0.1.0 and v1.0.2 allows any authenticated user to update their o… |
vulnerability |
nvd |
CVE-2026-30269 |
|
2026-04-20 |
| high |
CVE-2026-30266 — Insecure Permissions vulnerability in DeepCool DeepCreative v.1.2.12 and before allows a local attac… |
vulnerability |
nvd |
CVE-2026-30266 |
|
2026-04-20 |
| medium |
CVE-2026-28684 — python-dotenv reads key-value pairs from a .env file and can set them as environment variables. Prio… |
vulnerability |
nvd |
CVE-2026-28684 |
|
2026-04-20 |
| medium |
CVE-2026-26942 — Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain(s) an Improper Neutralization of Spe… |
vulnerability |
nvd |
CVE-2026-26942 |
|
2026-04-20 |
| high |
CVE-2026-25524 — Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative t… |
vulnerability |
nvd |
CVE-2026-25524, CVE-2026-25525, CVE-2026-40098, CVE-2026-40488 |
|
2026-04-20 |
| high |
CVE-2026-24505 — Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain an improper input validation vulnera… |
vulnerability |
nvd |
CVE-2026-24505 |
|
2026-04-20 |
| medium |
CVE-2026-22761 — Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain a command injection vulnerability. A… |
vulnerability |
nvd |
CVE-2026-22761 |
|
2026-04-20 |
| medium |
CVE-2025-66954 — A vulnerability exists in the Buffalo Link Station version 1.85-0.01 that allows unauthenticated or… |
vulnerability |
nvd |
CVE-2025-66954 |
|
2026-04-20 |
| critical |
SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files |
news |
general-news |
|
rce |
2026-04-20 |
| medium |
CVE-2026-6652 — A weakness has been identified in Pagekit CMS up to 1.0.18. This issue affects the function evaluate… |
vulnerability |
nvd |
CVE-2026-6652 |
|
2026-04-20 |
| low |
CVE-2026-6651 — A security flaw has been discovered in erponline.xyz ERP Online up to 4.0.0. This vulnerability affe… |
vulnerability |
nvd |
CVE-2026-6651 |
|
2026-04-20 |
| medium |
CVE-2026-6650 — A vulnerability was identified in Z-BlogPHP 1.7.5. This affects the function App::UnPack of the file… |
vulnerability |
nvd |
CVE-2026-6650 |
|
2026-04-20 |
| high |
CVE-2026-6066 — ConnectWise has released a security update for ConnectWise Automate™ that addresses a behavior in th… |
vulnerability |
nvd |
CVE-2026-6066 |
|
2026-04-20 |
| medium |
CVE-2026-41245 — Junrar is an open source java RAR archive library. Prior to version 7.5.10, a path traversal vulnera… |
vulnerability |
nvd |
CVE-2026-41245 |
|
2026-04-20 |
| medium |
CVE-2026-40896 — OpenProject is open-source, web-based project management software. Prior to version 17.3.0, a user w… |
vulnerability |
nvd |
CVE-2026-40896 |
|
2026-04-20 |
| unknown |
CVE-2026-3219 — pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is… |
vulnerability |
nvd |
CVE-2026-3219 |
|
2026-04-20 |
| critical |
CVE-2026-39918 — Vvveb prior to 1.0.8.1 contains a code injection vulnerability in the installation endpoint where th… |
vulnerability |
nvd |
CVE-2026-39918 |
rce |
2026-04-20 |
| medium |
CVE-2026-34429 — Vvveb prior to 1.0.8.1 contains a stored cross-site scripting vulnerability that allows authenticate… |
vulnerability |
nvd |
CVE-2026-34429 |
rce |
2026-04-20 |
| high |
CVE-2026-34428 — Vvveb prior to 1.0.8.1 contains a server-side request forgery vulnerability in the oEmbedProxy actio… |
vulnerability |
nvd |
CVE-2026-34428 |
|
2026-04-20 |
| high |
CVE-2026-34427 — Vvveb prior to 1.0.8.1 contains a privilege escalation vulnerability in the admin user profile save… |
vulnerability |
nvd |
CVE-2026-34427 |
rce |
2026-04-20 |
| high |
CVE-2026-26944 — Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through… |
vulnerability |
nvd |
CVE-2026-26944, CVE-2026-24504, CVE-2026-24506, CVE-2026-26943, CVE-2026-26951 |
|
2026-04-20 |
| high |
CVE-2026-25058 — Vexa is an open-source, self-hostable meeting bot API and meeting transcription API. Prior to 0.10.0… |
vulnerability |
nvd |
CVE-2026-25058, CVE-2026-25883 |
|
2026-04-20 |
| critical |
CVE-2026-24467 — OpenAEV is an open source platform allowing organizations to plan, schedule and conduct cyber advers… |
vulnerability |
nvd |
CVE-2026-24467, CVE-2026-24468 |
|
2026-04-20 |
| high |
CVE-2026-23774 — Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions… |
vulnerability |
nvd |
CVE-2026-23774 |
|
2026-04-20 |
| high |
ZionSiphon Malware Targets Water Infrastructure Systems |
news |
general-news |
|
ics |
2026-04-20 |
| unknown |
Formbook Malware Campaign Uses Multiple Obfuscation Techniques to Avoid Detection |
news |
general-news |
|
|
2026-04-20 |
| high |
The Gentlemen & SystemBC: A Sneak Peek Behind the Proxy |
threat-intel |
otx |
fe1033335a045c69…, c9d004384de06bbc… |
cobalt-strike, domain-compromise, the gentlemen, psexec, systembc, esxi-encryption, lateral-movement, cobalt strike, anydesk, ransomware-as-a-service, mimikatz, group-policy-deployment, ransomware, botnet |
2026-04-20 |
| unknown |
WhatsApp Leaks User Metadata to Attackers |
news |
general-news |
|
|
2026-04-20 |
| medium |
CVE-2026-6649 — A vulnerability was determined in Qibo CMS 1.0. Affected by this issue is some unknown functionality… |
vulnerability |
nvd |
CVE-2026-6649 |
|
2026-04-20 |
| unknown |
CVE-2026-6369 — An improper access control vulnerability in the canonical-livepatch snap client prior to version 10.… |
vulnerability |
nvd |
CVE-2026-6369 |
|
2026-04-20 |
| critical |
CVE-2026-5760 — SGLang's reranking endpoint (/v1/rerank) achieves Remote Code Execution (RCE) when a model file cont… |
vulnerability |
nvd |
CVE-2026-5760 |
rce |
2026-04-20 |
| high |
CVE-2026-4048 — OS Command Injection Remote Code Execution Vulnerability in UI in Progress ADC Products allows an au… |
vulnerability |
nvd |
CVE-2026-4048 |
rce |
2026-04-20 |
| high |
CVE-2026-3517 — OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an a… |
vulnerability |
nvd |
CVE-2026-3517, CVE-2026-3518, CVE-2026-3519 |
rce |
2026-04-20 |
| medium |
CVE-2026-33558 — Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component… |
vulnerability |
nvd |
CVE-2026-33558 |
|
2026-04-20 |
| critical |
CVE-2026-33557 — A possible security vulnerability has been identified in Apache Kafka. By default, the broker proper… |
vulnerability |
nvd |
CVE-2026-33557 |
|
2026-04-20 |
| medium |
CVE-2025-66335 — Apache Doris MCP Server versions earlier than 0.6.1 are affected by an improper neutralization flaw… |
vulnerability |
nvd |
CVE-2025-66335 |
|
2026-04-20 |
| unknown |
CVE-2026-26149 Microsoft Power Apps Spoofing Vulnerability |
advisory |
vendor-blogs |
|
|
2026-04-20 |
| unknown |
CVE-2026-32077 Windows UPnP Device Host Elevation of Privilege Vulnerability |
advisory |
vendor-blogs |
|
|
2026-04-20 |
| critical |
CVE-2026-21523 GitHub Copilot and Visual Studio Code Remote Code Execution Vulnerability |
advisory |
vendor-blogs |
|
rce |
2026-04-20 |
| unknown |
⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More |
news |
general-news |
|
|
2026-04-20 |
| medium |
FlowerStorm Phishing Kit Targeting Microsoft Credentials via Cloudflare-Backed Infrastructure |
threat-intel |
otx |
|
flowerstorm, iocs, cloudflare, phishing |
2026-04-20 |
| low |
CVE-2026-6648 — A vulnerability was found in Qibo CMS 1.0. Affected by this vulnerability is an unknown functionalit… |
vulnerability |
nvd |
CVE-2026-6648 |
|
2026-04-20 |
| high |
Attackers Exploit DVR Command Injection Flaw to Deploy Mirai-Based Botnet |
news |
general-news |
|
botnet |
2026-04-20 |
| medium |
CVE-2026-6636 — A vulnerability was detected in p2r3 convert up to 6998584ace3e11db66dff0b423612a5cf91de75b. Affecte… |
vulnerability |
nvd |
CVE-2026-6636 |
|
2026-04-20 |
| high |
CVE-2026-6635 — A security vulnerability has been detected in rowboatlabs rowboat up to 0.1.67. This impacts the fun… |
vulnerability |
nvd |
CVE-2026-6635 |
|
2026-04-20 |
| medium |
CVE-2026-6634 — A weakness has been identified in usememos memos up to 0.22.1. This affects the function memos_acces… |
vulnerability |
nvd |
CVE-2026-6634 |
|
2026-04-20 |
| low |
CVE-2026-6633 — A security flaw has been discovered in Yifang CMS up to 2.0.5. The impacted element is the function… |
vulnerability |
nvd |
CVE-2026-6633 |
|
2026-04-20 |
| unknown |
CVE-2026-5958 — When sed is invoked with both -i (in-place edit) and --follow-symlinks, the function open_next_file(… |
vulnerability |
nvd |
CVE-2026-5958 |
|
2026-04-20 |
| high |
Supply Chain Compromise Impacts Axios Node Package Manager |
advisory |
cisa-advisories |
|
phishing, botnet, supply-chain |
2026-04-20 |