| critical |
CVE-2026-6942 — radare2-mcp version 1.6.0 and earlier contains an os command injection vulnerability that allows rem… |
vulnerability |
nvd |
CVE-2026-6942 |
rce |
2026-04-23 |
| medium |
CVE-2026-6941 — radare2 prior to 6.1.4 contains a path traversal vulnerability in its project notes handling that al… |
vulnerability |
nvd |
CVE-2026-6941 |
|
2026-04-23 |
| high |
CVE-2026-6940 — radare2 prior to 6.1.4 contains a path traversal vulnerability in project deletion that allows local… |
vulnerability |
nvd |
CVE-2026-6940 |
|
2026-04-23 |
| unknown |
CVE-2026-6376 — A weakness in SpiceJet’s public booking retrieval page permits full passenger booking details to be… |
vulnerability |
nvd |
CVE-2026-6376 |
|
2026-04-23 |
| unknown |
CVE-2026-6375 — A vulnerability in SpiceJet’s booking API allows unauthenticated users to query passenger name recor… |
vulnerability |
nvd |
CVE-2026-6375 |
|
2026-04-23 |
| medium |
CVE-2026-28525 — SWUpdate contains an integer underflow vulnerability in the multipart upload parser in mongoose_mult… |
vulnerability |
nvd |
CVE-2026-28525 |
|
2026-04-23 |
| high |
China-Backed Hackers Are Industrializing Botnets |
news |
general-news |
|
botnet |
2026-04-23 |
| unknown |
US, UK agencies warn hackers were hiding on Cisco firewalls long after patches were applied |
news |
general-news |
|
|
2026-04-23 |
| unknown |
CVE-2026-25874 — LeRobot through 0.5.1 contains an unsafe deserialization vulnerability in the async inference pipeli… |
vulnerability |
nvd |
CVE-2026-25874 |
|
2026-04-23 |
| unknown |
Dragos: Despite AI use, new malware targeting water plants is ‘hype’ |
news |
general-news |
|
|
2026-04-23 |
| medium |
Crypto Drainers as a Converging Threat: Insights into Emerging Hybrid Attack Ecosystems |
threat-intel |
otx |
53d232e7a2670a6f…, 96c2ff1601099c21… |
wallet-phishing, etherrat, stepdrainer, smart-contract-abuse, drainer-as-a-service, miolab, cryptocurrency, smart contract, stager api, maas, infostealer, crypto, phishing |
2026-04-23 |
| high |
Snow Flurries: How UNC6692 Employed Social Engineering to Deploy a Custom Malware Suite |
threat-intel |
otx |
de200b79ad2bd9db… |
social engineering, cloud infrastructure abuse, browser extension, snowbelt, microsoft teams phishing, brickstorm, snowglaze, snowbasin, phishing |
2026-04-23 |
| critical |
Hold the Phone! International Revenue Share Fraud Driven by Fake CAPTCHAs |
threat-intel |
otx |
|
social engineering, irsf, sms fraud, click2sms, fake captcha, tds, phishing |
2026-04-23 |
| medium |
Bitwarden CLI npm package compromised to steal developer credentials |
news |
general-news |
|
infostealer |
2026-04-23 |
| unknown |
Surveillance campaigns use commercial surveillance tools to exploit long-known telecom vulnerabilities |
news |
general-news |
|
|
2026-04-23 |
| unknown |
CVE-2026-6074 — A path traversal condition in Intrado 911 Emergency Gateway could allow an attacker with existing ne… |
vulnerability |
nvd |
CVE-2026-6074 |
|
2026-04-23 |
| unknown |
CVE-2026-41259 — Mastodon is a free, open-source social network server based on ActivityPub. Prior to v4.5.9, v4.4.16… |
vulnerability |
nvd |
CVE-2026-41259 |
|
2026-04-23 |
| unknown |
CVE-2026-41247 — elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Prior to 2.1… |
vulnerability |
nvd |
CVE-2026-41247 |
|
2026-04-23 |
| high |
CVE-2026-41246 — Contour is a Kubernetes ingress controller using Envoy proxy. From v1.19.0 to before v1.33.4, v1.32.… |
vulnerability |
nvd |
CVE-2026-41246 |
|
2026-04-23 |
| high |
CVE-2026-41241 — pretalx is a conference planning tool. Prior to 2026.1.0, The organiser search in the pretalx backen… |
vulnerability |
nvd |
CVE-2026-41241 |
ransomware |
2026-04-23 |
| medium |
CVE-2026-41213 — @node-oauth/oauth2-server is a module for implementing an OAuth2 server in Node.js. The token exchan… |
vulnerability |
nvd |
CVE-2026-41213 |
|
2026-04-23 |
| unknown |
CVE-2026-41205 — Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.get_template() is vuln… |
vulnerability |
nvd |
CVE-2026-41205 |
|
2026-04-23 |
| medium |
CVE-2026-41173 — The AWS X-Ray Remote Sampler package provides a sampler which can get sampling configurations from A… |
vulnerability |
nvd |
CVE-2026-41173 |
|
2026-04-23 |
| medium |
CVE-2026-41078 — OpenTelemetry dotnet is a dotnet telemetry framework. In 1.6.0-rc.1 and earlier, OpenTelemetry.Expor… |
vulnerability |
nvd |
CVE-2026-41078 |
|
2026-04-23 |
| medium |
CVE-2026-40894 — OpenTelemetry dotnet is a dotnet telemetry framework. In OpenTelemetry.Api 0.5.0-beta.2 to 1.15.2 an… |
vulnerability |
nvd |
CVE-2026-40894 |
|
2026-04-23 |
| high |
CVE-2026-40886 — Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on… |
vulnerability |
nvd |
CVE-2026-40886 |
|
2026-04-23 |
| unknown |
CVE-2026-33694 — This vulnerability allows an attacker to create a junction, enabling the deletion of arbitrary files… |
vulnerability |
nvd |
CVE-2026-33694 |
|
2026-04-23 |
| critical |
Trigona ransomware attacks use custom exfiltration tool to steal data |
news |
general-news |
|
ransomware |
2026-04-23 |
| high |
CVE-2026-6921 — Race in GPU in Google Chrome on Windows prior to 147.0.7727.117 allowed a remote attacker to potenti… |
vulnerability |
nvd |
CVE-2026-6921 |
|
2026-04-23 |
| critical |
CVE-2026-6920 — Out of bounds read in GPU in Google Chrome on Android prior to 147.0.7727.117 allowed a remote attac… |
vulnerability |
nvd |
CVE-2026-6920 |
|
2026-04-23 |
| critical |
CVE-2026-6919 — Use after free in DevTools in Google Chrome prior to 147.0.7727.117 allowed a remote attacker who ha… |
vulnerability |
nvd |
CVE-2026-6919 |
|
2026-04-23 |
| unknown |
CVE-2026-5039 — TP-Link TL-WR841N v13 uses DES-CBC encryption in the TDDPv2 debug protocol with a cryptographic key… |
vulnerability |
nvd |
CVE-2026-5039 |
|
2026-04-23 |
| medium |
CVE-2026-41909 — OpenClaw before 2026.4.20 contains an improper authorization vulnerability in paired-device pairing… |
vulnerability |
nvd |
CVE-2026-41909 |
|
2026-04-23 |
| medium |
CVE-2026-41908 — OpenClaw before 2026.4.20 contains a scope enforcement bypass vulnerability in the assistant-media r… |
vulnerability |
nvd |
CVE-2026-41908 |
|
2026-04-23 |
| medium |
CVE-2026-40182 — OpenTelemetry dotnet is a dotnet telemetry framework. From 1.13.1 to before 1.15.2, When exporting t… |
vulnerability |
nvd |
CVE-2026-40182, CVE-2026-40891 |
|
2026-04-23 |
| unknown |
CVE-2026-31533 — In the Linux kernel, the following vulnerability has been resolved: net/tls: fix use-after-free in -… |
vulnerability |
nvd |
CVE-2026-31533 |
|
2026-04-23 |
| critical |
CVE-2026-31159 — An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to ex… |
vulnerability |
nvd |
CVE-2026-31159, CVE-2026-31160, CVE-2026-31164, CVE-2026-31165, CVE-2026-31171, CVE-2026-31172, CVE-2026-31174, CVE-2026-31175, CVE-2026-31176, CVE-2026-31177, CVE-2026-31178, CVE-2026-31179, CVE-2026-31181, CVE-2026-31162, CVE-2026-31163, CVE-2026-31166, CVE-2026-31167, CVE-2026-31168, CVE-2026-31169, CVE-2026-31173 |
|
2026-04-23 |
| medium |
UNC6692 Impersonates IT Help Desk via Microsoft Teams to Deploy SNOW Malware |
news |
general-news |
|
phishing |
2026-04-23 |
| unknown |
It pays to be a forever student |
advisory |
vendor-blogs |
|
|
2026-04-23 |
| unknown |
CVE-2026-41240 — DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions prior to… |
vulnerability |
nvd |
CVE-2026-41240 |
|
2026-04-23 |
| medium |
CVE-2026-41239 — DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Starting in versio… |
vulnerability |
nvd |
CVE-2026-41239 |
|
2026-04-23 |
| medium |
CVE-2026-41238 — DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions 3.0.1 thr… |
vulnerability |
nvd |
CVE-2026-41238 |
|
2026-04-23 |
| critical |
CVE-2026-40472 — In hackage-server, user-controlled metadata from .cabal files are rendered into HTML href attributes… |
vulnerability |
nvd |
CVE-2026-40472 |
|
2026-04-23 |
| critical |
CVE-2026-40471 — hackage-server lacked Cross-Site Request Forgery (CSRF) protection across its endpoints. Scripts on… |
vulnerability |
nvd |
CVE-2026-40471 |
|
2026-04-23 |
| critical |
CVE-2026-40470 — A critical XSS vulnerability affected hackage-server and hackage.haskell.org. HTML and JavaScript fi… |
vulnerability |
nvd |
CVE-2026-40470 |
|
2026-04-23 |
| critical |
CVE-2026-39087 — An issue in Ntfy ntfy.sh before v.2.21 allows a remote attacker to execute arbitrary code via the pa… |
vulnerability |
nvd |
CVE-2026-39087 |
|
2026-04-23 |
| high |
CVE-2026-34003 — A flaw was found in the X.Org X server's XKB key types request validation. A local attacker could se… |
vulnerability |
nvd |
CVE-2026-34003 |
|
2026-04-23 |
| high |
CVE-2026-34001 — A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence… |
vulnerability |
nvd |
CVE-2026-34001 |
|
2026-04-23 |
| high |
CVE-2026-33999 — A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XK… |
vulnerability |
nvd |
CVE-2026-33999 |
|
2026-04-23 |
| critical |
CVE-2026-23751 — Kofax Capture, now referred to as Tungsten Capture, version 6.0.0.0 (other versions may be affected)… |
vulnerability |
nvd |
CVE-2026-23751 |
rce |
2026-04-23 |