| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-40690 | Apache Airflow: Assets graph view bypasses DAG level access control displaying unrelated topologies and all DAGs names to unauthorized users | Apache Software Foundation | Apache Airflow | - | - | 2026-04-24 12:35:33 | Deep Dive |
| CVE-2026-5265 | Ovn: ovn: heap over-read in icmp error response generation - security issue | Red Hat | Fast Datapath for RHEL 7 | Medium | 6.5 | 2026-04-24 12:25:07 | Deep Dive |
| CVE-2026-5367 | Ovn: ovn: information disclosure via crafted dhcpv6 packets | Red Hat | Fast Datapath for RHEL 7 | High | 8.6 | 2026-04-24 12:25:05 | Deep Dive |
| CVE-2026-4313 | Stored XSS in AdaptiveGRC | C&F | AdaptiveGRC | - | - | 2026-04-24 11:05:43 | Deep Dive |
| CVE-2026-6043 | Insecure Default Configuration in P4 Server | Perforce | Helix Core Server (P4D) | - | - | 2026-04-24 11:02:51 | Deep Dive |
| CVE-2026-23902 | Apache DolphinScheduler: Users are able to use tenants that are not defined on the platform during workflow execution. | Apache Software Foundation | Apache DolphinScheduler | - | - | 2026-04-24 10:56:18 | Deep Dive |
| CVE-2025-62233 | Apache DolphinScheduler: Deserialization of untrusted data in RPC | Apache Software Foundation | Apache DolphinScheduler | - | - | 2026-04-24 10:54:55 | Deep Dive |
| CVE-2026-41044 | Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All: Authenticated user can perform RCE via DestinationView MBean exposed by Jolokia | Apache Software Foundation | Apache ActiveMQ | - | - | 2026-04-24 10:16:54 | Deep Dive |
| CVE-2026-41043 | Apache ActiveMQ, Apache ActiveMQ Web: ActiveMQ Web Console - XSS vulnerability when browsing queues | Apache Software Foundation | Apache ActiveMQ | - | - | 2026-04-24 10:16:24 | Deep Dive |
| CVE-2026-40466 | Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Possible bypass of CVE-2026-34197 via HTTP discovery second-stage URI | Apache Software Foundation | Apache ActiveMQ Broker | - | - | 2026-04-24 10:15:44 | Deep Dive |
| CVE-2026-6272 | kuksa.val.v2任意读JWT可伪造信号数据漏洞 | Eclipse Foundation | Eclipse KUKSA - Databroker | - | - | 2026-04-24 08:28:18 | Deep Dive |
| CVE-2026-21728 | Tempo query limit results in unbounded memory allocation | Grafana | Tempo | High | 7.5 | 2026-04-24 08:00:47 | Deep Dive |
| CVE-2026-3569 | Liaison Site Prober <= 1.2.1 - Missing Authorization to Unauthenticated Information Exposure in '/logs' REST API Endpoint | liaison | Liaison Site Prober | Medium | 5.3 | 2026-04-24 07:45:09 | Deep Dive |
| CVE-2026-3565 | Taqnix <= 1.0.3 - Cross-Site Request Forgery to Account Deletion via 'taqnix_delete_my_account' AJAX Action | taqnix | Taqnix | Medium | 4.3 | 2026-04-24 07:45:08 | Deep Dive |
| CVE-2026-4078 | ITERAS <= 1.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes | iteras | ITERAS | Medium | 6.4 | 2026-04-24 07:45:08 | Deep Dive |
| CVE-2025-11762 | HubSpot All-In-One Marketing - Forms, Popups, Live Chat <= 11.3.32 - Missing Authorization to Authenticated (Contributor+) Installed Plugin Disclosure | hubspotdev | HubSpot All-In-One Marketing – Forms, Popups, Live Chat | Medium | 4.3 | 2026-04-24 07:45:07 | Deep Dive |
| CVE-2026-1951 | No checking of the length of the buffer with the directory name in AS320T | DeltaWW | AS320T | Critical | 9.8 | 2026-04-24 06:13:36 | Deep Dive |
| CVE-2026-1952 | Denial of service via the undocumented subfunction in AS320T | DeltaWW | AS320T | Critical | 9.8 | 2026-04-24 06:08:59 | Deep Dive |
| CVE-2026-1950 | No checking of the length of the buffer with the file name in AS320T | DeltaWW | AS320T | Critical | 9.8 | 2026-04-24 05:56:52 | Deep Dive |
| CVE-2026-1949 | Incorrect calculation of buffer size on the stack in AS320T | DeltaWW | AS320T | Critical | 9.8 | 2026-04-24 05:50:48 | Deep Dive |