| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-3007 | Stored Cross-Site Scripting (XSS) Vulnerability | Three Learning | Koollab Learning Management System | Medium | 5.4 | 2026-04-23 02:54:25 | Deep Dive |
| CVE-2026-3844 | Breeze Cache <= 2.4.4 - Unauthenticated Arbitrary File Upload via fetch_gravatar_from_remote | cloudways | Breeze Cache | Critical | 9.8 | 2026-04-23 02:25:22 | Deep Dive |
| CVE-2026-2951 | Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor <= 3.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gutentor Block HTML | gutentor | Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor | Medium | 5.4 | 2026-04-23 02:25:21 | Deep Dive |
| CVE-2026-1923 | Social Rocket – Social Sharing Plugin <= 1.3.4.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via id | socialrocket | Social Rocket – Social Sharing Plugin | Medium | 6.4 | 2026-04-23 01:24:32 | Deep Dive |
| CVE-2026-41211 | `vite-plus/binding` has path traversal `downloadPackageManager()` that leads to writes outside of `VP_HOME` | voidzero-dev | vite-plus | - | - | 2026-04-23 00:56:16 | Deep Dive |
| CVE-2026-41679 | Paperclip Vulnerable to Unauthenticated Remote Code Execution via Import Authorization Bypass | paperclipai | paperclip | Critical | 10.0 | 2026-04-23 00:53:16 | Deep Dive |
| CVE-2026-41208 | Paperclip: Privilege Escalation via Agent-Controlled workspaceStrategy.provisionCommand Leading to OS Command Execution | paperclipai | @paperclipai/server | High | 8.8 | 2026-04-23 00:47:46 | Deep Dive |
| CVE-2026-41206 | PySpector has a Plugin Code Execution Bypass via Incomplete Static Analysis in PluginSecurity.validate_plugin_code | ParzivalHack | PySpector | - | - | 2026-04-23 00:42:49 | Deep Dive |
| CVE-2026-41200 | STIG Manager has reflected XSS vulnerability in the Web App | NUWCDIVNPT | stig-manager | - | - | 2026-04-23 00:40:23 | Deep Dive |
| CVE-2026-41197 | Brillig: Heap corruption in foreign call results with nested tuple arrays | noir-lang | noir | - | - | 2026-04-23 00:35:38 | Deep Dive |
| CVE-2026-41196 | Luanti has a mod security sandbox escape | luanti-org | luanti | - | - | 2026-04-23 00:28:57 | Deep Dive |
| CVE-2026-41182 | LangSmith SDK: Streaming token events bypass output redaction | langchain-ai | langsmith-sdk | Medium | 5.3 | 2026-04-23 00:14:21 | Deep Dive |
| CVE-2026-41180 | PsiTransfer: Upload PATCH path traversal can create `config.<NODE_ENV>.js` and lead to code execution on restart | psi-4ward | psitransfer | High | 7.5 | 2026-04-23 00:10:58 | Deep Dive |
| CVE-2026-41243 | OpenLearn's pending forum posts remain publicly readable by direct ID when moderation mode is enabled | siemvk | OpenLearn | - | - | 2026-04-23 00:09:04 | Deep Dive |
| CVE-2026-41179 | RClone: Unauthenticated operations/fsinfo allows attacker-controlled backend instantiation and local command execution | rclone | rclone | 超危 | - | 2026-04-23 00:03:36 | Deep Dive |
| CVE-2026-32679 | Japan Media Systems LiveOn Meet Client和Canon Network Camera Plugin 代码问题漏洞 | Japan Media Systems Corporation | Downloader5Installer.exe | - | - | 2026-04-23 00:02:05 | Deep Dive |
| CVE-2026-40062 | Ziosoft Ziostation 路径遍历漏洞 | Ziosoft, Inc. | Ziostation2 | - | - | 2026-04-23 00:01:29 | Deep Dive |
| CVE-2026-6878 | ByteDance verl grader.py math_equal sandbox | ByteDance | verl | Medium | 5.6 | 2026-04-23 00:00:20 | Deep Dive |
| CVE-2025-70994 | Yadea T5 Electric Bicycles 安全漏洞 | - | - | - | - | 2026-04-23 00:00:00 | Deep Dive |
| CVE-2026-39087 | ntfy 代码注入漏洞 | - | - | - | - | 2026-04-23 00:00:00 | Deep Dive |