| critical |
CVE-2026-3960 — A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/I… |
vulnerability |
nvd |
CVE-2026-3960 |
rce |
2026-04-23 |
| unknown |
CVE-2026-3259 — A Generation of Error Message Containing Sensitive Information vulnerability in the Materialized Vie… |
vulnerability |
nvd |
CVE-2026-3259 |
|
2026-04-23 |
| unknown |
ENISA updates NCAF 2.0 to help governments measure and close cybersecurity gaps, push cyber maturity benchmarking |
advisory |
vendor-blogs |
|
|
2026-04-23 |
| unknown |
UK NCSC details cross domain model to secure data flows across trust boundaries, prescribes six design principles |
advisory |
vendor-blogs |
|
|
2026-04-23 |
| unknown |
Anthropic’s Mythos signals new era of autonomous cyber threats, raising stakes for AI governance and cyber resilience |
advisory |
vendor-blogs |
|
|
2026-04-23 |
| unknown |
'Zealot' Shows What AI's Capable of in Staged Cloud Attack |
news |
general-news |
|
|
2026-04-23 |
| unknown |
Researchers Uncover 10 In-the-Wild Prompt Injection Payloads Targeting AI Agents |
news |
general-news |
|
|
2026-04-23 |
| critical |
China-Linked GopherWhisper Infects 12 Mongolian Government Systems with Go Backdoors |
news |
general-news |
|
apt |
2026-04-23 |
| medium |
Foxit Impersonation: Fake PDF Installer Deploys VNC |
threat-intel |
otx |
bba4e6028ffa2393…, d6829f4abe09dba2… |
brand abuse, document decoy, ultravnc, social engineering, trojanized installer, foxit impersonation, remote access, ransomware, phishing |
2026-04-23 |
| medium |
Indirect Prompt Injection in the Wild: 10 IPI Payloads Found |
threat-intel |
otx |
|
ai agents, css concealment, llm exploitation, api key theft, indirect prompt injection, prompt injection techniques, web poisoning, financial fraud |
2026-04-23 |
| unknown |
Vercel Finds More Compromised Accounts in Context.ai-Linked Breach |
news |
general-news |
|
|
2026-04-23 |
| unknown |
CVE-2026-32288 Unbounded allocation for old GNU sparse in archive/tar |
advisory |
vendor-blogs |
|
|
2026-04-23 |
| unknown |
CVE-2026-39882 OpenTelemetry-Go OTLP HTTP exporters read unbounded HTTP response bodies |
advisory |
vendor-blogs |
|
|
2026-04-23 |
| unknown |
CVE-2026-33750 brace-expansion: Zero-step sequence causes process hang and memory exhaustion |
advisory |
vendor-blogs |
|
|
2026-04-23 |
| high |
Malicious Campaign Deploying AdaptixC2 Beacon and VS Code via Trojanized SumatraPDF |
threat-intel |
otx |
158.247.193.100, 47.76.236.58 | b92a3a1cf5786b6e…, e2dc48ef24da000b… |
sumatrapdf, cobaltstrike, adaptixc2 beacon, entryshell, toshis, tropic trooper, chinese targets, cobaltstrike beacon, toshis loader, adaptixc2, github c2, botnet |
2026-04-23 |
| medium |
Phishing Attack via Adobe-Themed Lure Delivering ScreenConnect and Credential Harvesting Tools |
threat-intel |
otx |
499d07894f730fb6…, b3a2e37d066b444d… |
adobe lure, phishing, phone link, screenconnect, uri handler exploitation, social engineering, credential harvesting, password.exe, remote access |
2026-04-23 |
| high |
CVE-2026-41564 — CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking. The Cryp… |
vulnerability |
nvd |
CVE-2026-41564 |
|
2026-04-23 |
| unknown |
CVE-2026-41445 KissFFT Integer Overflow Heap Buffer Overflow via kiss_fftndr_alloc() |
advisory |
vendor-blogs |
|
|
2026-04-23 |
| unknown |
CVE-2026-27820 zlib: Buffer Overflow in Zlib::GzipReader ungetc via large input leads to memory corruption |
advisory |
vendor-blogs |
|
|
2026-04-23 |
| unknown |
CVE-2026-6409 Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input |
advisory |
vendor-blogs |
|
|
2026-04-23 |
| unknown |
CVE-2026-28808 ScriptAlias CGI targets bypass directory auth in inets httpd (mod_auth vs mod_cgi path mismatch) |
advisory |
vendor-blogs |
|
|
2026-04-23 |
| unknown |
CVE-2026-6507 Dnsmasq: dnsmasq: denial of service due to out-of-bounds write in dhcp bootreply processing |
advisory |
vendor-blogs |
|
|
2026-04-23 |
| unknown |
CVE-2026-31512 Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv() |
advisory |
vendor-blogs |
|
|
2026-04-23 |
| unknown |
CVE-2026-31492 RDMA/irdma: Initialize free_qp completion before using it |
advisory |
vendor-blogs |
|
|
2026-04-23 |
| unknown |
CVE-2026-31467 erofs: add GFP_NOIO in the bio completion if needed |
advisory |
vendor-blogs |
|
|
2026-04-23 |
| unknown |
CVE-2026-31498 Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop |
advisory |
vendor-blogs |
|
|
2026-04-23 |
| unknown |
CVE-2026-31503 udp: Fix wildcard bind conflict check when using hash2 |
advisory |
vendor-blogs |
|
|
2026-04-23 |
| unknown |
CVE-2026-31451 ext4: replace BUG_ON with proper error handling in ext4_read_inline_folio |
advisory |
vendor-blogs |
|
|
2026-04-23 |
| unknown |
CVE-2026-31509 nfc: nci: fix circular locking dependency in nci_close_device |
advisory |
vendor-blogs |
|
|
2026-04-23 |
| unknown |
CVE-2026-31477 ksmbd: fix memory leaks and NULL deref in smb2_lock() |
advisory |
vendor-blogs |
|
|
2026-04-23 |
| unknown |
CVE-2026-31522 HID: magicmouse: avoid memory leak in magicmouse_report_fixup() |
advisory |
vendor-blogs |
|
|
2026-04-23 |
| unknown |
CVE-2026-31444 ksmbd: fix use-after-free and NULL deref in smb_grant_oplock() |
advisory |
vendor-blogs |
|
|
2026-04-23 |
| unknown |
CVE-2026-31447 ext4: reject mount if bigalloc with s_first_data_block != 0 |
advisory |
vendor-blogs |
|
|
2026-04-23 |
| unknown |
CVE-2026-31439 dmaengine: xilinx: xdma: Fix regmap init error handling |
advisory |
vendor-blogs |
|
|
2026-04-23 |
| unknown |
CVE-2026-31495 netfilter: ctnetlink: use netlink policy range checks |
advisory |
vendor-blogs |
|
|
2026-04-23 |
| unknown |
CVE-2026-31485 spi: spi-fsl-lpspi: fix teardown order issue (UAF) |
advisory |
vendor-blogs |
|
|
2026-04-23 |
| unknown |
CVE-2026-31433 ksmbd: fix potencial OOB in get_file_all_info() for compound requests |
advisory |
vendor-blogs |
|
|
2026-04-23 |
| unknown |
CVE-2026-31519 btrfs: set BTRFS_ROOT_ORPHAN_CLEANUP during subvol create |
advisory |
vendor-blogs |
|
|
2026-04-23 |
| unknown |
CVE-2026-31432 ksmbd: fix OOB write in QUERY_INFO for compound requests |
advisory |
vendor-blogs |
|
|
2026-04-23 |
| unknown |
CVE-2026-31502 team: fix header_ops type confusion with non-Ethernet ports |
advisory |
vendor-blogs |
|
|
2026-04-23 |
| unknown |
CVE-2026-31520 HID: apple: avoid memory leak in apple_report_fixup() |
advisory |
vendor-blogs |
|
|
2026-04-23 |
| unknown |
CVE-2026-31446 ext4: fix use-after-free in update_super_work when racing with umount |
advisory |
vendor-blogs |
|
|
2026-04-23 |
| unknown |
CVE-2026-31518 esp: fix skb leak with espintcp and async crypto |
advisory |
vendor-blogs |
|
|
2026-04-23 |
| unknown |
CVE-2026-31482 s390/entry: Scrub r12 register on kernel entry |
advisory |
vendor-blogs |
|
|
2026-04-23 |
| unknown |
CVE-2026-31449 ext4: validate p_idx bounds in ext4_ext_correct_indexes |
advisory |
vendor-blogs |
|
|
2026-04-23 |
| unknown |
CVE-2026-31454 xfs: save ailp before dropping the AIL lock in push callbacks |
advisory |
vendor-blogs |
|
|
2026-04-23 |
| unknown |
CVE-2026-31510 Bluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb |
advisory |
vendor-blogs |
|
|
2026-04-23 |
| unknown |
CVE-2026-31469 virtio_net: Fix UAF on dst_ops when IFF_XMIT_DST_RELEASE is cleared and napi_tx is false |
advisory |
vendor-blogs |
|
|
2026-04-23 |
| unknown |
CVE-2026-31441 dmaengine: idxd: Fix memory leak when a wq is reset |
advisory |
vendor-blogs |
|
|
2026-04-23 |
| unknown |
CVE-2026-31489 spi: meson-spicc: Fix double-put in remove path |
advisory |
vendor-blogs |
|
|
2026-04-23 |