| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-41335 | OpenClaw < 2026.3.31 - Information Disclosure via Control UI Bootstrap JSON | OpenClaw | OpenClaw | Medium | 5.3 | 2026-04-23 21:57:55 | Deep Dive |
| CVE-2026-41334 | OpenClaw < 2026.3.31 - Decompression Bomb Denial of Service via Image Pixel-Limit Guard Bypass | OpenClaw | OpenClaw | Medium | 6.5 | 2026-04-23 21:57:55 | Deep Dive |
| CVE-2026-41333 | OpenClaw < 2026.3.31 - Authentication Rate Limiting Bypass via Fake DeviceToken | OpenClaw | OpenClaw | Low | 3.7 | 2026-04-23 21:57:54 | Deep Dive |
| CVE-2026-41332 | OpenClaw < 2026.3.28 - Code Execution via Missing Environment Variable Blocklist | OpenClaw | OpenClaw | Medium | 5.3 | 2026-04-23 21:57:53 | Deep Dive |
| CVE-2026-2708 | Libsoup: libsoup: http request smuggling via duplicate content-length headers | Red Hat | Red Hat Enterprise Linux 10 | Low | 3.7 | 2026-04-23 21:51:23 | Deep Dive |
| CVE-2026-32172 | Microsoft Power Apps Remote Code Execution Vulnerability | Microsoft | Microsoft Power Apps | High | 8.0 | 2026-04-23 21:37:43 | Deep Dive |
| CVE-2026-35431 | Microsoft Entra ID Entitlement Management Spoofing Vulnerability | Microsoft | Microsoft Entra | Critical | 10.0 | 2026-04-23 21:37:42 | Deep Dive |
| CVE-2026-24303 | Microsoft Partner Center Elevation of Privilege Vulnerability | Microsoft | Microsoft Partner Center | Critical | 9.6 | 2026-04-23 21:37:41 | Deep Dive |
| CVE-2026-26150 | Microsoft Purview eDiscovery Elevation of Privilege Vulnerability | Microsoft | Microsoft Purview eDiscovery | High | 8.6 | 2026-04-23 21:37:40 | Deep Dive |
| CVE-2026-33819 | Microsoft Bing Remote Code Execution Vulnerability | Microsoft | Microsoft Bing | Critical | 10.0 | 2026-04-23 21:35:50 | Deep Dive |
| CVE-2026-33102 | Microsoft 365 Copilot Elevation of Privilege Vulnerability | Microsoft | Microsoft 365 Copilot | Critical | 9.3 | 2026-04-23 21:35:49 | Deep Dive |
| CVE-2026-32210 | Microsoft Dynamics 365 (online) Spoofing Vulnerability | Microsoft | Microsoft Dynamics 365 (online) | Critical | 9.3 | 2026-04-23 21:35:48 | Deep Dive |
| CVE-2026-26210 | KTransformers Unsafe Deserialization RCE via balance_serve | kvcache-ai | ktransformers | Critical | 9.8 | 2026-04-23 21:24:49 | Deep Dive |
| CVE-2026-41274 | Flowise: Cypher Injection in GraphCypherQAChain | FlowiseAI | Flowise | - | - | 2026-04-23 21:12:52 | Deep Dive |
| CVE-2026-28525 | SWUpdate Integer Underflow in Multipart Upload Parser | sbabic | swupdate | Medium | 6.8 | 2026-04-23 20:59:31 | Deep Dive |
| CVE-2026-6942 | radare2-mcp <=1.6.0 OS Command Injection via Shell Metacharacter Bypass | radareorg | radare2 | Critical | 9.8 | 2026-04-23 20:58:10 | Deep Dive |
| CVE-2026-6941 | radare2 < 6.1.4 Project Notes Path Traversal via Symlink | radareorg | radare2 | Medium | 6.6 | 2026-04-23 20:39:49 | Deep Dive |
| CVE-2026-6940 | radare2 < 6.1.4 Project Deletion Path Traversal Directory Deletion | radareorg | radare2 | High | 7.1 | 2026-04-23 20:26:37 | Deep Dive |
| CVE-2026-6376 | Missing authentication for critical function in SpiceJet Online Booking System | SpiceJet | Online Booking System | - | - | 2026-04-23 20:10:20 | Deep Dive |
| CVE-2026-6375 | Authorization bypass through User-Controlled key in SpiceJet Online Booking System | SpiceJet | Online Booking System | - | - | 2026-04-23 20:07:24 | Deep Dive |