| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-41247 | elFinder: Command injection in resize background color parameter when using ImageMagick CLI | Studio-42 | elFinder | - | - | 2026-04-23 18:47:58 | Deep Dive |
| CVE-2026-41246 | Contour: Lua code injection via Cookie Path Rewrite Policy | projectcontour | contour | High | 8.1 | 2026-04-23 18:44:40 | Deep Dive |
| CVE-2026-41213 | @node-oauth/oauth2-server: PKCE code_verifier ABNF not enforced in token exchange allows brute-force redemption of intercepted authorization codes | node-oauth | node-oauth2-server | Medium | 5.9 | 2026-04-23 18:33:42 | Deep Dive |
| CVE-2026-41241 | pretalx: Stored cross-site scripting in organiser search typeahead | pretalx | pretalx | High | 8.7 | 2026-04-23 18:30:57 | Deep Dive |
| CVE-2026-41173 | Unbounded HTTP response body read in OpenTelemetry.Sampler.AWS | open-telemetry | opentelemetry-dotnet-contrib | Medium | 5.9 | 2026-04-23 18:22:32 | Deep Dive |
| CVE-2026-6074 | Path traversal: '.../...//' in Intrado 911 Emergency Gateway (EGW) | Intrado | 911 Emergency Gateway | - | - | 2026-04-23 18:14:09 | Deep Dive |
| CVE-2026-40886 | Argo Workflows: Unchecked annotation parsing in pod informer crashes Argo Workflows controller | argoproj | argo-workflows | High | 7.7 | 2026-04-23 18:12:06 | Deep Dive |
| CVE-2026-33694 | Junction File Manipulation | Tenable, Inc. | Tenable Nessus, Tenable Nessus Agent | - | - | 2026-04-23 18:09:42 | Deep Dive |
| CVE-2026-41078 | OpenTelemetry dotnet: Potential memory exhaustion via unbounded pooled-list sizing in Jaeger exporter conversion path | open-telemetry | opentelemetry-dotnet | Medium | 5.9 | 2026-04-23 18:05:41 | Deep Dive |
| CVE-2026-40894 | OpenTelemetry dotnet: Excessive memory allocation when parsing OpenTelemetry propagation headers | open-telemetry | opentelemetry-dotnet | Medium | 5.3 | 2026-04-23 18:03:28 | Deep Dive |
| CVE-2026-40891 | OpenTelemetry dotnet: Unbounded `grpc-status-details-bin` parsing in OTLP/gRPC retry handling | open-telemetry | opentelemetry-dotnet | Medium | 5.3 | 2026-04-23 17:54:36 | Deep Dive |
| CVE-2026-41909 | OpenClaw < 2026.4.20 - Improper Authorization in Paired-Device Pairing Actions | OpenClaw | OpenClaw | Medium | 5.4 | 2026-04-23 17:52:42 | Deep Dive |
| CVE-2026-41908 | OpenClaw < 2026.4.20 - Scope Enforcement Bypass in Assistant-Media Route | OpenClaw | OpenClaw | Medium | 4.3 | 2026-04-23 17:52:33 | Deep Dive |
| CVE-2026-40182 | OpenTelemetry dotnet: OTLP exporter reads unbounded HTTP response bodies | open-telemetry | opentelemetry-dotnet | Medium | 5.3 | 2026-04-23 17:51:35 | Deep Dive |
| CVE-2026-6920 | Google Chrome 缓冲区错误漏洞 | Chrome | - | - | 2026-04-23 16:12:24 | Deep Dive | |
| CVE-2026-6921 | Google Chrome 竞争条件问题漏洞 | Chrome | - | - | 2026-04-23 16:12:24 | Deep Dive | |
| CVE-2026-6919 | Google Chrome 资源管理错误漏洞 | Chrome | - | - | 2026-04-23 16:12:23 | Deep Dive | |
| CVE-2026-5039 | Predictable Default Cryptographic Key Used for DES Encryption in TP-Link TL-WL841N | TP-Link Systems Inc. | TL-WL841N v13 | - | - | 2026-04-23 16:10:13 | Deep Dive |
| CVE-2026-31533 | net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption | Linux | Linux | Critical | 9.8 | 2026-04-23 15:11:07 | Deep Dive |
| CVE-2026-40472 | Hackage package metadata stored XSS vulnerability | - | - | Critical | 9.9 | 2026-04-23 15:00:09 | Deep Dive |