| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-62188 | Apache DolphinScheduler: Users can access sensitive information through the actuator endpoint. | Apache Software Foundation | Apache DolphinScheduler | - | - | 2026-04-09 09:27:14 | Deep Dive |
| CVE-2026-34538 | Apache Airflow: Authorization bypass in DagRun wait endpoint (XCom exposure) | Apache Software Foundation | Apache Airflow | - | - | 2026-04-09 09:09:21 | Deep Dive |
| CVE-2026-5795 | Eclipse Jetty 授权问题漏洞 | Eclipse Foundation | Eclipse Jetty | High | 7.4 | 2026-04-08 13:32:29 | Deep Dive |
| CVE-2026-39936 | Stored XSS in Score due to usage of non-reserved data attributes | The Wikimedia Foundation | Mediawiki - Score Extension | - | - | 2026-04-07 22:11:04 | Deep Dive |
| CVE-2026-39935 | XSS-via-i18n in localised wiki names | The Wikimedia Foundation | Mediawiki - CampaignEvents Extension | - | - | 2026-04-07 22:04:02 | Deep Dive |
| CVE-2026-39934 | Growth Experiments ReassignMenteesJob runs as an infinite loop | The Wikimedia Foundation | Mediawiki - GrowthExperiments Extension | - | - | 2026-04-07 22:00:46 | Deep Dive |
| CVE-2026-39933 | Multiple XSS vulnerabilities in GlobalWatchlist | The Wikimedia Foundation | Mediawiki - GlobalWatchlist Extension | - | - | 2026-04-07 21:51:55 | Deep Dive |
| CVE-2026-39937 | Global vanishing does not completely remove user email | The Wikimedia Foundation | Mediawiki - CentralAuth Extension | - | - | 2026-04-07 21:44:47 | Deep Dive |
| CVE-2026-39837 | Stored XSS through the dynamic table format in Cargo | Wikimedia Foundation | Mediawiki - Cargo Extension | - | - | 2026-04-07 19:47:18 | Deep Dive |
| CVE-2026-39841 | Stored XSS through list fields on Cargo's page values and Special:CargoTables | Wikimedia Foundation | Mediawiki - Cargo Extension | - | - | 2026-04-07 19:43:48 | Deep Dive |
| CVE-2026-39840 | CSS injection in multiple Cargo display formats | Wikimedia Foundation | Mediawiki - Cargo Extension | - | - | 2026-04-07 19:35:36 | Deep Dive |
| CVE-2026-39839 | Stored XSS through URLs in Cargo's map format | Wikimedia Foundation | Mediawiki - Cargo Extension | - | - | 2026-04-07 19:29:11 | Deep Dive |
| CVE-2026-39838 | ProofreadPage improperly sanitizes multiline styles using Sanitizer::checkCSS | Wikimedia Foundation | MediaWiki - ProofreadPage Extension | - | - | 2026-04-07 19:17:52 | Deep Dive |
| CVE-2026-5762 | ReportIncident DiscussionTools integration causes slow requests | Wikimedia Foundation | MediaWiki - ReportIncident Extension | - | - | 2026-04-07 18:42:35 | Deep Dive |
| CVE-2026-22711 | Stored XSS through system messages in WikiLove | The Wikimedia Foundation | Mediawiki - Wikilove Extension | - | - | 2026-04-07 18:39:37 | Deep Dive |
| CVE-2026-32588 | Apache Cassandra: Authenticated DoS via ALTER ROLE Password Hashing | Apache Software Foundation | Apache Cassandra | - | - | 2026-04-07 16:42:52 | Deep Dive |
| CVE-2026-27315 | Apache Cassandra: cqlsh history sensitive information leak | Apache Software Foundation | Apache Cassandra | - | - | 2026-04-07 16:40:52 | Deep Dive |
| CVE-2026-27314 | Apache Cassandra: Privilege escalation via ADD IDENTITY authorization bypass | Apache Software Foundation | Apache Cassandra | - | - | 2026-04-07 16:33:44 | Deep Dive |
| CVE-2026-35554 | Apache Kafka Clients: Kafka Producer Message Corruption and Misrouting via Buffer Pool Race Condition | Apache Software Foundation | Apache Kafka Clients | - | - | 2026-04-07 13:07:09 | Deep Dive |
| CVE-2026-33227 | Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ Web, Apache ActiveMQ: Improper Limitation of a Pathname to a Restricted Classpath Directory | Apache Software Foundation | Apache ActiveMQ Client | - | - | 2026-04-07 07:50:59 | Deep Dive |