| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-40471 | Hackage CSRF vulnerability | - | - | Critical | 9.6 | 2026-04-23 14:56:35 | Deep Dive |
| CVE-2026-41240 | DOMPurify: FORBID_TAGS bypassed by function-based ADD_TAGS predicate (asymmetry with FORBID_ATTR fix) | cure53 | DOMPurify | - | - | 2026-04-23 14:54:32 | Deep Dive |
| CVE-2026-34003 | Xorg: xwayland: x.org x server: information exposure and denial of service via out-of-bounds memory access | Red Hat | Red Hat Enterprise Linux 9 | High | 7.8 | 2026-04-23 14:54:05 | Deep Dive |
| CVE-2026-34001 | Xorg: xwayland: x.org x server: use-after-free vulnerability leads to server crash and potential memory corruption | Red Hat | Red Hat Enterprise Linux 9 | High | 7.8 | 2026-04-23 14:54:00 | Deep Dive |
| CVE-2026-33999 | Xorg: xwayland: x.org x server: denial of service via integer underflow in xkb compatibility map handling | Red Hat | Red Hat Enterprise Linux 9 | High | 7.8 | 2026-04-23 14:53:59 | Deep Dive |
| CVE-2026-40470 | Hackage package and doc upload stored XSS vulnerability | - | - | Critical | 9.9 | 2026-04-23 14:53:48 | Deep Dive |
| CVE-2026-41239 | DOMPurify has a SAFE_FOR_TEMPLATES bypass in RETURN_DOM mode | cure53 | DOMPurify | Medium | 6.8 | 2026-04-23 14:47:56 | Deep Dive |
| CVE-2026-23751 | Kofax Capture 6.0.0.0 Unauthenticated File Read/Write & SMB Coercion via .NET Remoting | Tungsten Automation | Kofax Capture | Critical | 9.8 | 2026-04-23 14:46:13 | Deep Dive |
| CVE-2026-41238 | DOMPurify: Prototype Pollution to XSS Bypass via CUSTOM_ELEMENT_HANDLING Fallback | cure53 | DOMPurify | Medium | 6.9 | 2026-04-23 14:43:18 | Deep Dive |
| CVE-2025-62373 | Pipecat vulnerable to Remote Code Execution by Pickle Deserialization via LivekitFrameSerializer | pipecat-ai | pipecat | Critical | 9.8 | 2026-04-23 14:40:18 | Deep Dive |
| CVE-2026-35225 | Improper timeout handling in CODESYS EtherNetIP | CODESYS | CODESYS EtherNetIP | - | - | 2026-04-23 13:54:52 | Deep Dive |
| CVE-2026-41461 | SocialEngine <= 7.8.0 Blind SSRF via /core/link/preview | SocialEngine | SocialEngine | High | 8.5 | 2026-04-23 13:45:07 | Deep Dive |
| CVE-2026-41460 | SocialEngine <= 7.8.0 SQL Injection via activity/index/get-memberall | SocialEngine | SocialEngine | Critical | 9.8 | 2026-04-23 13:44:51 | Deep Dive |
| CVE-2025-66286 | Webkitgtk: authorization bypass through webpage::send-request signal handler | Red Hat | Red Hat Enterprise Linux 6 | Medium | 4.7 | 2026-04-23 12:33:50 | Deep Dive |
| CVE-2025-13763 | Libopensc: opensc: multiple uses of uninitialized variable | OpenSC | OpenSC | Medium | 5.7 | 2026-04-23 12:27:42 | Deep Dive |
| CVE-2026-39440 | WordPress FunnelFormsPro plugin <= 3.8.1 - Remote Code Execution (RCE) vulnerability | Funnelforms LLC | FunnelFormsPro | Critical | 9.9 | 2026-04-23 12:11:42 | Deep Dive |
| CVE-2026-31532 | can: raw: fix ro->uniq use-after-free in raw_rcv() | Linux | Linux | High | 7.8 | 2026-04-23 11:12:45 | Deep Dive |
| CVE-2026-31531 | ipv4: nexthop: allocate skb dynamically in rtm_get_nexthop() | Linux | Linux | 中危 | - | 2026-04-23 11:12:44 | Deep Dive |
| CVE-2025-62110 | WordPress Rescue Shortcodes plugin <= 3.3 - Cross Site Scripting (XSS) vulnerability | Rescue Themes | Rescue Shortcodes | Medium | 6.5 | 2026-04-23 11:05:08 | Deep Dive |
| CVE-2025-62104 | WordPress ACF Galerie 4 plugin <= 1.4.2 - Broken Access Control vulnerability | Navneil Naicker | ACF Galerie 4 | Medium | 4.3 | 2026-04-23 11:02:06 | Deep Dive |