| critical |
CVE-2025-62373 — Pipecat is an open-source Python framework for building real-time voice and multimodal conversationa… |
vulnerability |
nvd |
CVE-2025-62373 |
rce |
2026-04-23 |
| critical |
CVE-2025-50229 — Jizhicms v2.5.4 is vulnerable to SQL injection in the product editing module. |
vulnerability |
nvd |
CVE-2025-50229 |
|
2026-04-23 |
| high |
New Checkmarx supply-chain breach affects KICS analysis tool |
news |
general-news |
|
supply-chain |
2026-04-23 |
| high |
CVE-2026-41461 — SocialEngine versions 7.8.0 and prior contain a blind server-side request forgery vulnerability in t… |
vulnerability |
nvd |
CVE-2026-41461 |
|
2026-04-23 |
| critical |
CVE-2026-41460 — SocialEngine versions 7.8.0 and prior contain a SQL injection vulnerability in the /activity/index/g… |
vulnerability |
nvd |
CVE-2026-41460 |
rce |
2026-04-23 |
| unknown |
CVE-2026-35225 — An unauthenticated remote attacker is able to exhaust all available TCP connections in the CODESYS E… |
vulnerability |
nvd |
CVE-2026-35225 |
|
2026-04-23 |
| high |
CVE-2025-70994 — Yadea T5 Electric Bicycles (models manufactured in/after 2024) have a weak authentication mechanism… |
vulnerability |
nvd |
CVE-2025-70994 |
ransomware |
2026-04-23 |
| unknown |
UAT-4356's Targeting of Cisco Firepower Devices |
advisory |
vendor-blogs |
|
|
2026-04-23 |
| high |
Trigona Affiliates Deploy Custom Exfiltration Tool to Streamline Data Theft |
threat-intel |
otx |
f5390674f0f49fe8…, d611f824074a57e7… |
trigona, ransomware-as-a-service, kernel driver abuse, wktools, stpprocessmonitorbyovd, malextractor, hrsword, dumpguard, gogra, ransomware |
2026-04-23 |
| high |
GopherWhisper: A burrow full of malware |
threat-intel |
otx |
43.231.113.50 | dd85e137e876a32e…, f4d4581704501e40… |
gopherwhisper, laxgopher, ratgopher, boxoffriends, go-based backdoors, jabgopher, china-aligned apt, frienddelivery, apt, botnet |
2026-04-23 |
| critical |
Analyzing a Full ClickFix Attack Chain - Part 1 |
threat-intel |
otx |
|
powershell, fileless execution, dropper, persistence mechanism, phishing, social engineering, clickfix, fake captcha |
2026-04-23 |
| unknown |
Bad Memories Still Haunt AI Agents |
news |
general-news |
|
|
2026-04-23 |
| unknown |
Cosmetics giant Rituals discloses data breach affecting customers |
news |
general-news |
|
|
2026-04-23 |
| high |
DinDoor Backdoor: Deno Runtime Abuse and 20 Active C2 Servers |
threat-intel |
otx |
138.124.240.76, 138.124.240.77, 178.16.52.191, 185.218.19.117, 192.109.200.151, 193.233.82.43, 193.24.123.25, 194.48.141.192, 199.217.99.189, 199.91.220.142, 199.91.220.216, 2.26.117.169, 2.27.122.16, 209.99.189.170, 45.135.180.200, 45.151.106.88, 85.192.27.152 | 7b793c54a927da36…, 6d56ec35c1bb1e44… |
castleloader, deno runtime, caddy proxy, tsundere botnet, botnet |
2026-04-23 |
| medium |
Regular Password Resets Aren’t as Safe as You Think |
news |
general-news |
|
phishing |
2026-04-23 |
| unknown |
CVE-2026-21515 Azure IoT Central Elevation of Privilege Vulnerability |
advisory |
vendor-blogs |
|
|
2026-04-23 |
| critical |
CVE-2026-32172 Microsoft Power Apps Remote Code Execution Vulnerability |
advisory |
vendor-blogs |
|
rce |
2026-04-23 |
| unknown |
CVE-2026-35431 Microsoft Entra ID Entitlement Management Spoofing Vulnerability |
advisory |
vendor-blogs |
|
|
2026-04-23 |
| unknown |
CVE-2026-24303 Microsoft Partner Center Elevation of Privilege Vulnerability |
advisory |
vendor-blogs |
|
|
2026-04-23 |
| unknown |
CVE-2026-26150 Microsoft Purview eDiscovery Elevation of Privilege Vulnerability |
advisory |
vendor-blogs |
|
|
2026-04-23 |
| critical |
CVE-2026-33819 Microsoft Bing Remote Code Execution Vulnerability |
advisory |
vendor-blogs |
|
rce |
2026-04-23 |
| unknown |
CVE-2026-33102 Microsoft 365 Copilot Elevation of Privilege Vulnerability |
advisory |
vendor-blogs |
|
|
2026-04-23 |
| unknown |
CVE-2026-32210 Microsoft Dynamics 365 (online) Spoofing Vulnerability |
advisory |
vendor-blogs |
|
|
2026-04-23 |
| high |
Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign |
news |
general-news |
|
supply-chain |
2026-04-23 |
| high |
ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories |
news |
general-news |
|
supply-chain |
2026-04-23 |
| critical |
CVE-2026-39440 — Improper Control of Generation of Code ('Code Injection') vulnerability in Funnelforms LLC FunnelFor… |
vulnerability |
nvd |
CVE-2026-39440 |
|
2026-04-23 |
| medium |
CVE-2025-66286 — An API design flaw in WebKitGTK and WPE WebKit allows untrusted web content to unexpectedly perform… |
vulnerability |
nvd |
CVE-2025-66286 |
|
2026-04-23 |
| medium |
CVE-2025-13763 — Multiple uses of uninitialized variables were found in libopensc that may lead to information disclo… |
vulnerability |
nvd |
CVE-2025-13763 |
|
2026-04-23 |
| unknown |
Apple Fixes iOS Notification Bug Exposing Deleted Messages |
news |
general-news |
|
|
2026-04-23 |
| unknown |
CVE-2026-31532 — In the Linux kernel, the following vulnerability has been resolved: can: raw: fix ro->uniq use-after… |
vulnerability |
nvd |
CVE-2026-31532 |
|
2026-04-23 |
| unknown |
CVE-2026-31531 — In the Linux kernel, the following vulnerability has been resolved: ipv4: nexthop: allocate skb dyna… |
vulnerability |
nvd |
CVE-2026-31531 |
|
2026-04-23 |
| medium |
CVE-2025-62110 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i… |
vulnerability |
nvd |
CVE-2025-62110, CVE-2026-28040 |
|
2026-04-23 |
| medium |
CVE-2025-62104 — Missing Authorization vulnerability in Navneil Naicker ACF Galerie 4 allows Exploiting Incorrectly C… |
vulnerability |
nvd |
CVE-2025-62104 |
|
2026-04-23 |
| unknown |
[Webinar] Mythos Reality Check: Beating Automated Exploitation at AI Speed |
news |
general-news |
|
|
2026-04-23 |
| high |
Intrado 911 Emergency Gateway (EGW) |
advisory |
cisa-advisories, vendor-blogs |
|
phishing, ics |
2026-04-23 |
| high |
SpiceJet Online Booking System |
advisory |
cisa-advisories, vendor-blogs |
|
phishing, ics |
2026-04-23 |
| critical |
Milesight Cameras |
advisory |
cisa-advisories, vendor-blogs |
|
phishing, botnet, ics, rce |
2026-04-23 |
| critical |
Defending Against China-Nexus Covert Networks of Compromised Devices |
advisory |
cisa-advisories |
|
ransomware, apt, botnet, supply-chain |
2026-04-23 |
| high |
Yadea T5 Electric Bicycle |
advisory |
cisa-advisories, vendor-blogs |
|
ics |
2026-04-23 |
| critical |
FIRESTARTER Backdoor |
advisory |
cisa-advisories |
|
apt, botnet |
2026-04-23 |
| critical |
CISA Adds One Known Exploited Vulnerability to Catalog |
advisory |
cisa-advisories |
|
rce |
2026-04-23 |
| high |
Hangzhou Xiongmai Technology Co., Ltd XM530 IP Camera |
advisory |
cisa-advisories, vendor-blogs |
|
phishing, ics |
2026-04-23 |
| high |
Carlson Software VASCO-B GNSS Receiver |
advisory |
cisa-advisories, vendor-blogs |
|
ics |
2026-04-23 |
| unknown |
Project Glasswing Proved AI Can Find the Bugs. Who's Going to Fix Them? |
news |
general-news |
|
|
2026-04-23 |
| unknown |
Cyber-Attacks Surge 63% Annually in Education Sector |
news |
general-news |
|
|
2026-04-23 |
| high |
CVE-2026-6903 — The LabOne Web Server, backing the LabOne User Interface, contains insufficient input validation in… |
vulnerability |
nvd |
CVE-2026-6903 |
|
2026-04-23 |
| critical |
CVE-2026-6887 — Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a SQL Injection vul… |
vulnerability |
nvd |
CVE-2026-6887 |
|
2026-04-23 |
| critical |
CVE-2026-6886 — Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a Authentication By… |
vulnerability |
nvd |
CVE-2026-6886 |
|
2026-04-23 |
| critical |
CVE-2026-6885 — Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has an Arbitrary File U… |
vulnerability |
nvd |
CVE-2026-6885 |
|
2026-04-23 |
| high |
CVE-2026-5464 — The ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) plugin for WordPr… |
vulnerability |
nvd |
CVE-2026-5464 |
rce |
2026-04-23 |