| medium |
Ubuntu 26.04 LTS delivers memory-safe system tools and live patching for Arm servers |
news |
general-news |
|
infostealer |
2026-04-24 |
| unknown |
LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure |
news |
general-news |
|
|
2026-04-24 |
| critical |
CVE-2026-1952 — Delta Electronics AS320T has denial of service via the undocumented subfunction vulnerability. |
vulnerability |
nvd |
CVE-2026-1952 |
|
2026-04-24 |
| critical |
CVE-2026-1951 — Delta Electronics AS320T has no checking of the length of the buffer with the directory name vulnera… |
vulnerability |
nvd |
CVE-2026-1951 |
|
2026-04-24 |
| critical |
CVE-2026-1950 — Delta Electronics AS320T has No checking of the length of the buffer with the file name vulnerabilit… |
vulnerability |
nvd |
CVE-2026-1950 |
|
2026-04-24 |
| medium |
CVE-2026-6810 — The Booking Calendar Contact Form plugin for WordPress is vulnerable to Insecure Direct Object Refer… |
vulnerability |
nvd |
CVE-2026-6810 |
|
2026-04-24 |
| medium |
CVE-2026-5428 — The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ima… |
vulnerability |
nvd |
CVE-2026-5428 |
ransomware |
2026-04-24 |
| high |
CVE-2026-5364 — The Drag and Drop File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary fil… |
vulnerability |
nvd |
CVE-2026-5364 |
rce |
2026-04-24 |
| medium |
CVE-2026-5347 — The HM Books Gallery plugin for WordPress is vulnerable to Missing Authorization in versions up to a… |
vulnerability |
nvd |
CVE-2026-5347 |
|
2026-04-24 |
| critical |
CVE-2026-1949 — Delta Electronics AS320T has incorrect calculation of the buffer size on the stack in the GET/PUT re… |
vulnerability |
nvd |
CVE-2026-1949 |
|
2026-04-24 |
| unknown |
Cybersecurity agencies flags use of covert networks by China-linked actors for espionage, offensive operations |
advisory |
vendor-blogs |
|
|
2026-04-24 |
| unknown |
Cato traces large-scale Modbus/TCP activity targeting PLCs, exposing persistent gaps in OT security |
advisory |
vendor-blogs |
|
|
2026-04-24 |
| high |
Dragos dismisses ZionSiphon narrative, says code flaws and weak ICS logic render OT malware operationally ineffective |
advisory |
vendor-blogs |
|
ics |
2026-04-24 |
| critical |
AI is speeding up nation-state cyber programs |
news |
general-news |
|
ransomware |
2026-04-24 |
| medium |
fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet |
threat-intel |
otx |
e775049d1ecf68de…, f4dbbb78979c1ee8… |
lua virtual machine, fast16, shadowbrokers, cyber sabotage, floating-point corruption |
2026-04-24 |
| medium |
The AI Frame Campaign Continues |
threat-intel |
otx |
|
two-factor authentication, browser security, chrome extension, fraudulent paywall, credential theft, aiframe campaign, iframe injection, botnet |
2026-04-24 |
| high |
CVE-2026-6947 — DWM-222W USB Wi-Fi Adapter developed by D-Link has a Brute-Force Protection Bypass vulnerability, al… |
vulnerability |
nvd |
CVE-2026-6947 |
|
2026-04-24 |
| medium |
CVE-2026-6393 — The BetterDocs plugin for WordPress is vulnerable to Missing Authorization in versions up to and inc… |
vulnerability |
nvd |
CVE-2026-6393 |
|
2026-04-24 |
| medium |
CVE-2026-5488 — The ExactMetrics – Google Analytics Dashboard for WordPress plugin for WordPress is vulnerable to Mi… |
vulnerability |
nvd |
CVE-2026-5488 |
|
2026-04-24 |
| high |
CVE-2026-41324 — basic-ftp is an FTP client for Node.js. Versions prior to 5.3.0 are vulnerable to denial of service… |
vulnerability |
nvd |
CVE-2026-41324 |
|
2026-04-24 |
| high |
CVE-2026-41323 — Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1… |
vulnerability |
nvd |
CVE-2026-41323, CVE-2026-41485 |
|
2026-04-24 |
| medium |
CVE-2026-41319 — MailKit is a cross-platform mail client library built on top of MimeKit. A STARTTLS Response Injecti… |
vulnerability |
nvd |
CVE-2026-41319 |
|
2026-04-24 |
| medium |
CVE-2026-41318 — AnythingLLM is an application that turns pieces of content into context that any LLM can use as refe… |
vulnerability |
nvd |
CVE-2026-41318 |
|
2026-04-24 |
| high |
CVE-2026-41068 — Kyverno is a policy engine designed for cloud native platform engineering teams. The patch for CVE-2… |
vulnerability |
nvd |
CVE-2026-41068 |
|
2026-04-24 |
| medium |
CVE-2026-2028 — The MaxiBlocks Builder plugin for WordPress is vulnerable to arbitrary media file deletion due to in… |
vulnerability |
nvd |
CVE-2026-2028 |
|
2026-04-24 |
| unknown |
CVE-2026-41317 — Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace… |
vulnerability |
nvd |
CVE-2026-41317, CVE-2026-41430 |
|
2026-04-24 |
| high |
CVE-2026-41316 — ERB is a templating system for Ruby. Ruby 2.7.0 (before ERB 2.2.0 was published on rubygems.org) int… |
vulnerability |
nvd |
CVE-2026-41316 |
|
2026-04-24 |
| high |
CVE-2026-41309 — Open Source Social Network (OSSN) is open-source social networking software developed in PHP. Versio… |
vulnerability |
nvd |
CVE-2026-41309 |
|
2026-04-24 |
| medium |
CVE-2026-41305 — PostCSS takes a CSS file and provides an API to analyze and modify its rules by transforming the rul… |
vulnerability |
nvd |
CVE-2026-41305 |
|
2026-04-24 |
| medium |
CVE-2026-40254 — FreeRDP is a free implementation of the Remote Desktop Protocol. Versions prior to 3.25.0 have an of… |
vulnerability |
nvd |
CVE-2026-40254 |
|
2026-04-24 |
| high |
CVE-2026-33318 — Actual is a local-first personal finance tool. Prior to version 26.4.0, any authenticated user (incl… |
vulnerability |
nvd |
CVE-2026-33318 |
|
2026-04-24 |
| high |
CVE-2026-33317 — OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel r… |
vulnerability |
nvd |
CVE-2026-33317, CVE-2026-33662 |
|
2026-04-24 |
| unknown |
CVE-2026-33078 — Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prio… |
vulnerability |
nvd |
CVE-2026-33078 |
|
2026-04-24 |
| medium |
CVE-2026-32952 — go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0… |
vulnerability |
nvd |
CVE-2026-32952 |
|
2026-04-24 |
| unknown |
CVE-2026-40099 — Kirby is an open-source content management system. Kirby's user permissions control which user role… |
vulnerability |
nvd |
CVE-2026-40099, CVE-2026-41325 |
|
2026-04-24 |
| unknown |
CVE-2026-34587 — Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, Kirby's user p… |
vulnerability |
nvd |
CVE-2026-34587 |
|
2026-04-24 |
| unknown |
CVE-2026-32870 — Kirby is an open-source content management system. Kirby's `Xml::value()` method has special handlin… |
vulnerability |
nvd |
CVE-2026-32870 |
|
2026-04-24 |
| critical |
Chinese APT Abuses Multiple Cloud Tools to Spy on Mongolia |
news |
general-news |
|
apt, botnet |
2026-04-24 |
| critical |
Tropic Trooper APT Takes Aim at Home Routers, Japanese Targets |
news |
general-news |
|
apt |
2026-04-24 |
| critical |
CVE-2026-40630 — A vulnerability in SenseLive X3050’s web management interface allows unauthorized access to certain… |
vulnerability |
nvd |
CVE-2026-40630 |
|
2026-04-24 |
| high |
CVE-2026-40623 — A vulnerability in SenseLive X3050's web management interface allows critical system and network con… |
vulnerability |
nvd |
CVE-2026-40623 |
|
2026-04-24 |
| critical |
CVE-2026-40620 — A vulnerability in SenseLive X3050’s embedded management service allows full administrative control… |
vulnerability |
nvd |
CVE-2026-40620 |
|
2026-04-24 |
| medium |
CVE-2026-40431 — A vulnerability exists in SenseLive X3050’s web management interface due to its reliance on unencryp… |
vulnerability |
nvd |
CVE-2026-40431 |
|
2026-04-24 |
| high |
CVE-2026-39462 — A vulnerability exists in SenseLive X3050’s web management interface in which password updates are n… |
vulnerability |
nvd |
CVE-2026-39462 |
|
2026-04-24 |
| critical |
CVE-2026-35503 — A vulnerability in SenseLive X3050’s web management interface allows authentication logic to be perf… |
vulnerability |
nvd |
CVE-2026-35503 |
|
2026-04-24 |
| high |
CVE-2026-35064 — A vulnerability in SenseLive X3050’s management ecosystem allows unauthenticated discovery of deploy… |
vulnerability |
nvd |
CVE-2026-35064 |
|
2026-04-24 |
| high |
CVE-2026-31952 — Xibo is an open source digital signage platform with a web content management system and Windows dis… |
vulnerability |
nvd |
CVE-2026-31952, CVE-2026-31953, CVE-2026-31955, CVE-2026-31956 |
ransomware |
2026-04-24 |
| medium |
CVE-2026-29197 — In versions <8.4.0, <8.3.2, <8.2.2, <8.1.3, <8.0.4, <7.13.6, <7.12.7, <7.11.7, and <7.10.10, the end… |
vulnerability |
nvd |
CVE-2026-29197 |
|
2026-04-24 |
| medium |
CVE-2026-29050 — melange allows users to build apk packages using declarative pipelines. Starting in version 0.32.0 a… |
vulnerability |
nvd |
CVE-2026-29050, CVE-2026-29051 |
|
2026-04-24 |
| critical |
CVE-2026-27843 — A vulnerability exists in SenseLive X3050's web management interface that allows critical configurat… |
vulnerability |
nvd |
CVE-2026-27843 |
|
2026-04-24 |