| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-33317 | OP-TEE: PKCS#11 TA out-of-bounds read and memory disclosure | OP-TEE | optee_os | High | 8.7 | 2026-04-24 02:20:56 | Deep Dive |
| CVE-2026-33318 | Actual has Privilege Escalation via 'change-password' Endpoint on OpenID-Migrated Servers | actualbudget | actual | High | 8.8 | 2026-04-24 02:13:47 | Deep Dive |
| CVE-2026-33208 | Roxy-WI Vulnerable to Authenticated Remote Code Execution via OS Command Injection in find-in-config Endpoint | roxy-wi | roxy-wi | - | - | 2026-04-24 02:10:14 | Deep Dive |
| CVE-2026-33078 | Roxy-WI has SQL Injection in haproxy_section_save Endpoint via Unsanitized server_ip Parameter | roxy-wi | roxy-wi | - | - | 2026-04-24 02:05:03 | Deep Dive |
| CVE-2026-33077 | Roxy-WI has an arbitrary file read vulnerability | roxy-wi | roxy-wi | - | - | 2026-04-24 01:55:44 | Deep Dive |
| CVE-2026-33076 | Roxy-WI vulnerable to path traversal and arbitrary file writing | roxy-wi | roxy-wi | - | - | 2026-04-24 01:52:47 | Deep Dive |
| CVE-2026-32952 | go-ntlmssp NTLM challenges can panic on malformed payloads | Azure | go-ntlmssp | Medium | 5.3 | 2026-04-24 01:46:32 | Deep Dive |
| CVE-2026-41325 | Kirby is vulnerable to authorization bypass during page, file and user creation via blueprint injection | getkirby | kirby | - | - | 2026-04-24 00:38:50 | Deep Dive |
| CVE-2026-40099 | Kirby's page creation API bypasses the changeStatus permission check via unfiltered isDraft parameter | getkirby | kirby | - | - | 2026-04-24 00:34:02 | Deep Dive |
| CVE-2026-34587 | Kirby has Server-Side Template Injection (SSTI) via double template resolution in option rendering | getkirby | kirby | - | - | 2026-04-24 00:23:37 | Deep Dive |
| CVE-2026-32870 | Kirby has XML injection in its XML creator toolkit | getkirby | kirby | - | - | 2026-04-24 00:19:14 | Deep Dive |
| CVE-2026-31956 | Xibo CMS has Preview and SavedReport IDOR via disableUserCheck without controller-level authorization | xibosignage | xibo-cms | Medium | 4.3 | 2026-04-24 00:16:03 | Deep Dive |
| CVE-2026-31955 | Xibo CMS has Authenticated Server-Side Request Forgery (SSRF) in Remote DataSet Functionality | xibosignage | xibo-cms | Medium | 4.9 | 2026-04-24 00:14:16 | Deep Dive |
| CVE-2026-31953 | Xibo CMS has Stored XSS via Notification Body with Zero-Click Execution on Login | xibosignage | xibo-cms | Medium | 6.4 | 2026-04-24 00:08:22 | Deep Dive |
| CVE-2026-25775 | SenseLive X3050 Missing authentication for critical function | SenseLive | X3050 | Critical | 9.8 | 2026-04-24 00:06:17 | Deep Dive |
| CVE-2026-31952 | Xibo CMS API has SQL Injection via DataSet Filter Parameter | xibosignage | xibo-cms | High | 7.6 | 2026-04-24 00:05:05 | Deep Dive |
| CVE-2026-35064 | SenseLive X3050 Missing authentication for critical function | SenseLive | X3050 | High | 7.5 | 2026-04-24 00:04:31 | Deep Dive |
| CVE-2026-40620 | SenseLive X3050 Missing authentication for critical function | SenseLive | X3050 | Critical | 9.8 | 2026-04-24 00:02:58 | Deep Dive |
| CVE-2026-27841 | SenseLive X3050 Cross-Site request forgery | SenseLive | X3050 | High | 8.1 | 2026-04-24 00:00:57 | Deep Dive |
| CVE-2026-29051 | melange has Path Traversal via .PKGINFO in --persist-lint-results | chainguard-dev | melange | Medium | 4.4 | 2026-04-24 00:00:36 | Deep Dive |