| low |
CVE-2026-4512 — The reCaptcha by WebDesignBy WordPress plugin before 2.0 does not sanitize or escape the Site Key se… |
vulnerability |
nvd |
CVE-2026-4512 |
|
2026-04-23 |
| medium |
CVE-2026-4106 — The HT Mega Addons for Elementor WordPress plugin before 3.0.7 contains an unauthenticated AJAX acti… |
vulnerability |
nvd |
CVE-2026-4106 |
|
2026-04-23 |
| unknown |
CVE-2026-41040 — GROWI provided by GROWI, Inc. is vulnerable to a regular expression denial of service (ReDoS) via a… |
vulnerability |
nvd |
CVE-2026-41040 |
|
2026-04-23 |
| unknown |
CVE-2026-34488 — IP Setting Software contains an issue with the DLL search path, which may lead to insecurely loading… |
vulnerability |
nvd |
CVE-2026-34488 |
|
2026-04-23 |
| medium |
CVE-2025-10549 — EfficientLab Controlio before v1.3.95 contains a DLL hijacking vulnerability caused by weak folder p… |
vulnerability |
nvd |
CVE-2025-10549 |
|
2026-04-23 |
| unknown |
Africa Relinquishes Cyberattack Lead to Latin America — For Now |
news |
general-news |
|
|
2026-04-23 |
| medium |
CVE-2026-41990 — Libgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bounds check b… |
vulnerability |
nvd |
CVE-2026-41990 |
|
2026-04-23 |
| medium |
CVE-2026-41989 — Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via craf… |
vulnerability |
nvd |
CVE-2026-41989 |
|
2026-04-23 |
| low |
CVE-2026-41988 — uuid before 14.0.0 can make unexpected writes when external output buffers are used, and the UUID ve… |
vulnerability |
nvd |
CVE-2026-41988 |
|
2026-04-23 |
| medium |
CVE-2026-41233 — Froxlor is open source server administration software. Prior to version 2.3.6, in `Domains.add()`, t… |
vulnerability |
nvd |
CVE-2026-41233 |
|
2026-04-23 |
| medium |
CVE-2026-41232 — Froxlor is open source server administration software. Prior to version 2.3.6, in `EmailSender::add(… |
vulnerability |
nvd |
CVE-2026-41232 |
|
2026-04-23 |
| unknown |
CVE-2026-40529 — CMS ALAYA provided by KANATA Limited contains an SQL injection vulnerability. Information stored in… |
vulnerability |
nvd |
CVE-2026-40529 |
|
2026-04-23 |
| high |
CVE-2026-41231 — Froxlor is open source server administration software. Prior to version 2.3.6, `DataDump.add()` cons… |
vulnerability |
nvd |
CVE-2026-41231 |
|
2026-04-23 |
| high |
CVE-2026-41230 — Froxlor is open source server administration software. Prior to version 2.3.6, `DomainZones::add()`… |
vulnerability |
nvd |
CVE-2026-41230 |
|
2026-04-23 |
| critical |
CVE-2026-41229 — Froxlor is open source server administration software. Prior to version 2.3.6, `PhpHelper::parseArra… |
vulnerability |
nvd |
CVE-2026-41229 |
|
2026-04-23 |
| critical |
CVE-2026-41228 — Froxlor is open source server administration software. Prior to version 2.3.6, the Froxlor API endpo… |
vulnerability |
nvd |
CVE-2026-41228 |
|
2026-04-23 |
| medium |
CVE-2026-3361 — The WP Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpsl… |
vulnerability |
nvd |
CVE-2026-3361 |
|
2026-04-23 |
| medium |
CVE-2026-3007 — Successful exploitation of the stored cross-site scripting (XSS) vulnerability could allow an attack… |
vulnerability |
nvd |
CVE-2026-3007 |
|
2026-04-23 |
| high |
Unmasking DPRK Cyber Threat Actors: Fake IT Worker Infrastructure |
threat-intel |
otx |
216.158.225.144 |
dprk, astrill vpn, vpn infrastructure, freelance platforms, fake it workers, cryptocurrency fraud, residential proxies, sanctions evasion, zeroday |
2026-04-23 |
| medium |
Beyond PowerShell: Analyzing the Multi-Action ClickFix Variant |
threat-intel |
otx |
151.245.195.142 | b2d9a99de44a7cd8… |
scheduled task, social engineering, clickfix, cmdkey, unc path, lolbins, remote dll, regsvr32, phishing |
2026-04-23 |
| critical |
CVE-2026-3844 — The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file ty… |
vulnerability |
nvd |
CVE-2026-3844 |
rce |
2026-04-23 |
| medium |
CVE-2026-2951 — The Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor plugin for WordPress is vulnerab… |
vulnerability |
nvd |
CVE-2026-2951 |
|
2026-04-23 |
| unknown |
CVE-2026-41243 — OpenLearn is open-source educational forum software. Prior to commit 844b2a40a69d0c4911580fe501923f0… |
vulnerability |
nvd |
CVE-2026-41243 |
|
2026-04-23 |
| unknown |
CVE-2026-41211 — Vite+ is a unified toolchain and entry point for web development. Prior to version 0.1.17, `download… |
vulnerability |
nvd |
CVE-2026-41211 |
|
2026-04-23 |
| critical |
CVE-2026-41208 — Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business.… |
vulnerability |
nvd |
CVE-2026-41208, CVE-2026-41679 |
rce |
2026-04-23 |
| unknown |
CVE-2026-41206 — PySpector is a static analysis security testing (SAST) Framework engineered for modern Python develo… |
vulnerability |
nvd |
CVE-2026-41206 |
|
2026-04-23 |
| unknown |
CVE-2026-41200 — STIG Manager is an API and web client for managing Security Technical Implementation Guides (STIG) a… |
vulnerability |
nvd |
CVE-2026-41200 |
|
2026-04-23 |
| unknown |
CVE-2026-41197 — Noir is a Domain Specific Language for SNARK proving systems that is designed to use any ACIR compat… |
vulnerability |
nvd |
CVE-2026-41197 |
|
2026-04-23 |
| unknown |
CVE-2026-41196 — Luanti (formerly Minetest) is an open source voxel game-creation platform. Starting in version 5.0.0… |
vulnerability |
nvd |
CVE-2026-41196 |
|
2026-04-23 |
| medium |
CVE-2026-41182 — LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to version 0.… |
vulnerability |
nvd |
CVE-2026-41182 |
|
2026-04-23 |
| high |
CVE-2026-41180 — PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.4.3, the upload… |
vulnerability |
nvd |
CVE-2026-41180 |
|
2026-04-23 |
| medium |
CVE-2026-1923 — The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Sc… |
vulnerability |
nvd |
CVE-2026-1923 |
|
2026-04-23 |
| medium |
CVE-2026-6878 — A vulnerability was identified in ByteDance verl up to 0.7.0. Affected is the function math_equal of… |
vulnerability |
nvd |
CVE-2026-6878 |
|
2026-04-23 |
| medium |
CVE-2026-6874 — A vulnerability was determined in ericc-ch copilot-api up to 0.7.0. This impacts an unknown function… |
vulnerability |
nvd |
CVE-2026-6874 |
|
2026-04-23 |
| high |
CVE-2026-5935 — IBM Total Storage Service Console (TSSC) / TS4500 IMC 9.2, 9.3, 9.4, 9.5, 9.6 TSSC/IMC could allow a… |
vulnerability |
nvd |
CVE-2026-5935 |
|
2026-04-23 |
| medium |
CVE-2026-5926 — IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10… |
vulnerability |
nvd |
CVE-2026-5926 |
|
2026-04-23 |
| medium |
CVE-2026-4919 — IBM Guardium Data Protection 12.1 is vulnerable to cross-site scripting. This vulnerability allows a… |
vulnerability |
nvd |
CVE-2026-4919 |
|
2026-04-23 |
| medium |
CVE-2026-4918 — IBM Guardium Data Protection 12.1 is vulnerable to stored cross-site scripting. This vulnerability a… |
vulnerability |
nvd |
CVE-2026-4918 |
|
2026-04-23 |
| medium |
CVE-2026-4917 — IBM Guardium Data Protection 12.1 could allow an administrative user to traverse directories on the… |
vulnerability |
nvd |
CVE-2026-4917 |
|
2026-04-23 |
| unknown |
CVE-2026-41176 — Rclone is a command-line program to sync files and directories to and from different cloud storage p… |
vulnerability |
nvd |
CVE-2026-41176, CVE-2026-41179 |
|
2026-04-23 |
| unknown |
CVE-2026-40062 — A path Traversal vulnerability exists in Ziostation2 v2.9.8.7 and earlier. A remote unauthenticated… |
vulnerability |
nvd |
CVE-2026-40062 |
|
2026-04-23 |
| high |
CVE-2026-3621 — IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.4 IBM WebSphere Application Serve… |
vulnerability |
nvd |
CVE-2026-3621 |
|
2026-04-23 |
| unknown |
CVE-2026-32679 — The installers of LiveOn Meet Client for Windows (Downloader5Installer.exe and Downloader5InstallerF… |
vulnerability |
nvd |
CVE-2026-32679 |
|
2026-04-23 |
| critical |
CVE-2026-29198 — In Rocket.Chat <8.3.0, <8.2.1, <8.1.2, <8.0.3, <7.13.5, <7.12.6, <7.11.6, and <7.10.9, a NoSQL injec… |
vulnerability |
nvd |
CVE-2026-29198 |
|
2026-04-23 |
| medium |
CVE-2026-1726 — IBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1 |
vulnerability |
nvd |
CVE-2026-1726 |
|
2026-04-23 |
| medium |
CVE-2026-1352 — IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 C… |
vulnerability |
nvd |
CVE-2026-1352 |
|
2026-04-23 |
| medium |
CVE-2026-1274 — IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to a Bypass Business Logic vulnerabi… |
vulnerability |
nvd |
CVE-2026-1274 |
|
2026-04-23 |
| low |
CVE-2026-1272 — IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to Security Misconfiguration vulnera… |
vulnerability |
nvd |
CVE-2026-1272 |
|
2026-04-23 |
| medium |
CVE-2025-36074 — IBM Security Verify Directory (Container) 10.0.0 through 10.0.0.3 IBM Security Verify Directory coul… |
vulnerability |
nvd |
CVE-2025-36074 |
|
2026-04-23 |
| high |
CVE-2026-39987 — Marimo Remote Code Execution Vulnerability |
vulnerability |
cisa-kev |
CVE-2026-39987 |
rce |
2026-04-23 |