| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-40470 | Hackage package and doc upload stored XSS vulnerability | - | - | Critical | 9.9 | 2026-04-23 14:53:48 | Deep Dive |
| CVE-2026-41239 | DOMPurify has a SAFE_FOR_TEMPLATES bypass in RETURN_DOM mode | cure53 | DOMPurify | Medium | 6.8 | 2026-04-23 14:47:56 | Deep Dive |
| CVE-2026-23751 | Kofax Capture 6.0.0.0 Unauthenticated File Read/Write & SMB Coercion via .NET Remoting | Tungsten Automation | Kofax Capture | Critical | 9.8 | 2026-04-23 14:46:13 | Deep Dive |
| CVE-2026-41238 | DOMPurify: Prototype Pollution to XSS Bypass via CUSTOM_ELEMENT_HANDLING Fallback | cure53 | DOMPurify | Medium | 6.9 | 2026-04-23 14:43:18 | Deep Dive |
| CVE-2025-62373 | Pipecat vulnerable to Remote Code Execution by Pickle Deserialization via LivekitFrameSerializer | pipecat-ai | pipecat | Critical | 9.8 | 2026-04-23 14:40:18 | Deep Dive |
| CVE-2026-35225 | Improper timeout handling in CODESYS EtherNetIP | CODESYS | CODESYS EtherNetIP | - | - | 2026-04-23 13:54:52 | Deep Dive |
| CVE-2026-41461 | SocialEngine <= 7.8.0 Blind SSRF via /core/link/preview | SocialEngine | SocialEngine | High | 8.5 | 2026-04-23 13:45:07 | Deep Dive |
| CVE-2026-41460 | SocialEngine <= 7.8.0 SQL Injection via activity/index/get-memberall | SocialEngine | SocialEngine | Critical | 9.8 | 2026-04-23 13:44:51 | Deep Dive |
| CVE-2025-66286 | Webkitgtk: authorization bypass through webpage::send-request signal handler | Red Hat | Red Hat Enterprise Linux 6 | Medium | 4.7 | 2026-04-23 12:33:50 | Deep Dive |
| CVE-2025-13763 | Libopensc: opensc: multiple uses of uninitialized variable | OpenSC | OpenSC | Medium | 5.7 | 2026-04-23 12:27:42 | Deep Dive |
| CVE-2026-39440 | WordPress FunnelFormsPro plugin <= 3.8.1 - Remote Code Execution (RCE) vulnerability | Funnelforms LLC | FunnelFormsPro | Critical | 9.9 | 2026-04-23 12:11:42 | Deep Dive |
| CVE-2026-31532 | can: raw: fix ro->uniq use-after-free in raw_rcv() | Linux | Linux | High | 7.8 | 2026-04-23 11:12:45 | Deep Dive |
| CVE-2026-31531 | ipv4: nexthop: allocate skb dynamically in rtm_get_nexthop() | Linux | Linux | 中危 | - | 2026-04-23 11:12:44 | Deep Dive |
| CVE-2025-62110 | WordPress Rescue Shortcodes plugin <= 3.3 - Cross Site Scripting (XSS) vulnerability | Rescue Themes | Rescue Shortcodes | Medium | 6.5 | 2026-04-23 11:05:08 | Deep Dive |
| CVE-2025-62104 | WordPress ACF Galerie 4 plugin <= 1.4.2 - Broken Access Control vulnerability | Navneil Naicker | ACF Galerie 4 | Medium | 4.3 | 2026-04-23 11:02:06 | Deep Dive |
| CVE-2026-28040 | WordPress Taxi Booking Manager for WooCommerce plugin <= 2.0.0 - Cross Site Scripting (XSS) vulnerability | Magepeople inc. | Taxi Booking Manager for WooCommerce | Medium | 6.5 | 2026-04-23 11:00:04 | Deep Dive |
| CVE-2026-6903 | Path Traversal Vulnerability in LabOne User Interface | Zurich Instruments | LabOne | High | 7.5 | 2026-04-23 09:45:06 | Deep Dive |
| CVE-2026-6887 | BorG Technology Corporation|Borg SPM 2007 - SQL Injection | BorG Technology Corporation | Borg SPM 2007 | Critical | 9.8 | 2026-04-23 09:30:30 | Deep Dive |
| CVE-2026-6886 | BorG Technology Corporation|Borg SPM 2007 - Authentication Bypass | BorG Technology Corporation | Borg SPM 2007 | Critical | 9.8 | 2026-04-23 09:25:16 | Deep Dive |
| CVE-2026-6885 | BorG Technology Corporation|Borg SPM 2007 - Arbitrary File Upload | BorG Technology Corporation | Borg SPM 2007 | Critical | 9.8 | 2026-04-23 09:05:07 | Deep Dive |