| medium |
CVE-2026-40690 — The asset dependency graph did not restrict nodes by the viewer's DAG read permissions: a user with… |
vulnerability |
nvd |
CVE-2026-40690 |
|
2026-04-24 |
| medium |
CVE-2026-38743 — The authenticated /ui/dags endpoint did not enforce per-DAG access control on embedded Human-in-the-… |
vulnerability |
nvd |
CVE-2026-38743 |
|
2026-04-24 |
| critical |
CVE-2026-21515 — Exposure of sensitive information to an unauthorized actor in Azure IOT Central allows an authorized… |
vulnerability |
nvd |
CVE-2026-21515 |
|
2026-04-24 |
| unknown |
Users advised to drop passwords and make room for passkeys |
news |
general-news |
|
|
2026-04-24 |
| unknown |
Indirect prompt injection is taking hold in the wild |
news |
general-news |
|
|
2026-04-24 |
| unknown |
CVE-2026-6043 — P4 Server versions prior to 2026.1 are configured with insecure default settings that, when exposed… |
vulnerability |
nvd |
CVE-2026-6043 |
|
2026-04-24 |
| unknown |
CVE-2026-4313 — AdaptiveGRC is vulnerable to Stored XSS via text type fields across the forms. Authenticated attacke… |
vulnerability |
nvd |
CVE-2026-4313 |
|
2026-04-24 |
| high |
CVE-2026-23902 — Incorrect Authorization vulnerability in Apache DolphinScheduler allows authenticated users with sys… |
vulnerability |
nvd |
CVE-2026-23902 |
|
2026-04-24 |
| unknown |
CISA Adds Four Known Exploited Vulnerabilities to Catalog |
advisory |
cisa-advisories |
|
|
2026-04-24 |
| unknown |
26 FakeWallet Apps Found on Apple App Store Targeting Crypto Seed Phrases |
news |
general-news |
|
|
2026-04-24 |
| unknown |
Microsoft now lets admins uninstall Copilot on enterprise devices |
news |
general-news |
|
|
2026-04-24 |
| unknown |
US Federal Agency’s Cisco Firewall Infected With ‘Firestarter’ Backdoor |
news |
general-news |
|
|
2026-04-24 |
| medium |
CVE-2026-41043 — Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apach… |
vulnerability |
nvd |
CVE-2026-41043 |
|
2026-04-24 |
| high |
CVE-2026-40466 — Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability i… |
vulnerability |
nvd |
CVE-2026-40466, CVE-2026-41044 |
|
2026-04-24 |
| medium |
CVE-2025-62233 — Deserialization of Untrusted Data vulnerability in Apache DolphinScheduler RPC module. This issue af… |
vulnerability |
nvd |
CVE-2025-62233 |
|
2026-04-24 |
| unknown |
Trump Administration Vows Crackdown on Chinese Companies ‘Exploiting’ AI Models Made in US |
news |
general-news |
|
|
2026-04-24 |
| high |
Compromised everyday devices power Chinese cyber espionage operations |
news |
general-news |
|
botnet |
2026-04-24 |
| unknown |
New Cisco firewall malware can only be killed by pulling the plug |
news |
general-news |
|
|
2026-04-24 |
| unknown |
Vulnerabilities Patched in CrowdStrike, Tenable Products |
news |
general-news |
|
|
2026-04-24 |
| high |
Tropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy AdaptixC2 |
news |
general-news |
|
botnet |
2026-04-24 |
| unknown |
Meta is overhauling how you sign in, manage settings, and protect your accounts |
news |
general-news |
|
|
2026-04-24 |
| unknown |
CVE-2026-6272 — A client holding only a read JWT scope can still register itself as a signal provider through the pr… |
vulnerability |
nvd |
CVE-2026-6272 |
|
2026-04-24 |
| high |
CVE-2026-21728 — Tempo queries with large limits can cause large memory allocations which can impact the availability… |
vulnerability |
nvd |
CVE-2026-21728 |
|
2026-04-24 |
| unknown |
CVE-2026-5958 Race Condition in GNU Sed |
advisory |
vendor-blogs |
|
|
2026-04-24 |
| unknown |
CVE-2026-5187 Heap Out-of-Bounds Write in DecodeObjectId() in wolfSSL |
advisory |
vendor-blogs |
|
|
2026-04-24 |
| unknown |
CVE-2026-31521 module: Fix kernel panic when a symbol st_shndx is out of bounds |
advisory |
vendor-blogs |
|
|
2026-04-24 |
| unknown |
CVE-2026-31493 RDMA/efa: Fix use of completion ctx after free |
advisory |
vendor-blogs |
|
|
2026-04-24 |
| unknown |
CVE-2026-31473 media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex |
advisory |
vendor-blogs |
|
|
2026-04-24 |
| unknown |
CVE-2026-31450 ext4: publish jinode after initialization |
advisory |
vendor-blogs |
|
|
2026-04-24 |
| unknown |
CVE-2026-31494 net: macb: use the current queue number for stats |
advisory |
vendor-blogs |
|
|
2026-04-24 |
| unknown |
CVE-2026-31525 bpf: Fix undefined behavior in interpreter sdiv/smod for INT_MIN |
advisory |
vendor-blogs |
|
|
2026-04-24 |
| unknown |
CVE-2026-31453 xfs: avoid dereferencing log items after push callbacks |
advisory |
vendor-blogs |
|
|
2026-04-24 |
| unknown |
CVE-2026-31480 tracing: Fix potential deadlock in cpu hotplug with osnoise |
advisory |
vendor-blogs |
|
|
2026-04-24 |
| unknown |
CVE-2026-31528 perf: Make sure to use pmu_ctx->pmu for groups |
advisory |
vendor-blogs |
|
|
2026-04-24 |
| unknown |
CVE-2026-31530 cxl/port: Fix use after free of parent_port in cxl_detach_ep() |
advisory |
vendor-blogs |
|
|
2026-04-24 |
| unknown |
CVE-2026-31478 ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len() |
advisory |
vendor-blogs |
|
|
2026-04-24 |
| unknown |
CVE-2026-31500 Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock |
advisory |
vendor-blogs |
|
|
2026-04-24 |
| unknown |
CVE-2026-31507 net/smc: fix double-free of smc_spd_priv when tee() duplicates splice pipe buffer |
advisory |
vendor-blogs |
|
|
2026-04-24 |
| unknown |
CVE-2026-31448 ext4: avoid infinite loops caused by residual data |
advisory |
vendor-blogs |
|
|
2026-04-24 |
| unknown |
CVE-2026-31483 s390/syscalls: Add spectre boundary for syscall dispatch table |
advisory |
vendor-blogs |
|
|
2026-04-24 |
| medium |
CVE-2026-4078 — The ITERAS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes… |
vulnerability |
nvd |
CVE-2026-4078 |
|
2026-04-24 |
| medium |
CVE-2026-3569 — The Liaison Site Prober plugin for WordPress is vulnerable to Information Exposure in all versions u… |
vulnerability |
nvd |
CVE-2026-3569 |
|
2026-04-24 |
| medium |
CVE-2026-3565 — The Taqnix plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, a… |
vulnerability |
nvd |
CVE-2026-3565 |
|
2026-04-24 |
| medium |
CVE-2025-11762 — The HubSpot All-In-One Marketing - Forms, Popups, Live Chat plugin for WordPress is vulnerable to Se… |
vulnerability |
nvd |
CVE-2025-11762 |
|
2026-04-24 |
| high |
Npm Supply Chain Malware Attack Targets Developers With Worm-Like Propagation |
news |
general-news |
|
supply-chain |
2026-04-24 |
| high |
Bitwarden NPM Package Hit in Supply Chain Attack |
news |
general-news |
|
supply-chain |
2026-04-24 |
| unknown |
CVE-2026-41988 |
advisory |
vendor-blogs |
|
|
2026-04-24 |
| unknown |
CVE-2026-41989 |
advisory |
vendor-blogs |
|
|
2026-04-24 |
| unknown |
CVE-2026-31531 ipv4: nexthop: allocate skb dynamically in rtm_get_nexthop() |
advisory |
vendor-blogs |
|
|
2026-04-24 |
| unknown |
CVE-2026-31532 can: raw: fix ro->uniq use-after-free in raw_rcv() |
advisory |
vendor-blogs |
|
|
2026-04-24 |