| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-4917 | IBM Guardium Data Protection is affected by multiple vulnerabilities | IBM | Guardium Data Protection | Medium | 4.9 | 2026-04-22 23:27:46 | Deep Dive |
| CVE-2026-4918 | IBM Guardium Data Protection is affected by multiple vulnerabilities | IBM | Guardium Data Protection | Medium | 5.5 | 2026-04-22 23:26:39 | Deep Dive |
| CVE-2026-4919 | IBM Guardium Data Protection is affected by multiple vulnerabilities | IBM | Guardium Data Protection | Medium | 4.8 | 2026-04-22 23:23:35 | Deep Dive |
| CVE-2026-3621 | IBM WebSphere Application Server Liberty is affected by identity spoofing | IBM | WebSphere Application Server - Liberty | High | 7.5 | 2026-04-22 23:07:32 | Deep Dive |
| CVE-2026-40517 | radare2 < 6.1.4 Command Injection via PDB Parser Symbol Names | radareorg | radare2 | High | 7.8 | 2026-04-22 21:44:13 | Deep Dive |
| CVE-2026-41175 | Statamic: Unsafe method invocation via query value resolution allows data destruction | statamic | cms | High | 8.1 | 2026-04-22 21:25:50 | Deep Dive |
| CVE-2026-41177 | Squidex has Blind SSRF via file:// Protocol in Restore API leading to Local File Interaction | Squidex | squidex | Medium | 5.5 | 2026-04-22 21:24:10 | Deep Dive |
| CVE-2026-41172 | Squidex vulnerable to Server-Side Request Forgery (SSRF) via URL-based asset upload (/api/apps/{app}/assets) | Squidex | squidex | - | - | 2026-04-22 21:22:56 | Deep Dive |
| CVE-2026-41171 | SSRF via Jint Scripting Engine HTTP Functions Due to Missing SSRF Protection on "Jint" HttpClient | Squidex | squidex | - | - | 2026-04-22 21:16:14 | Deep Dive |
| CVE-2026-41170 | Squidex has SSRF via Backup Restore Endpoint — Admin-Controlled URL Download Allows Internal and External Requests | Squidex | squidex | - | - | 2026-04-22 21:13:19 | Deep Dive |
| CVE-2026-41455 | WeKan < 8.35 SSRF via Webhook URL | wekan | wekan | High | 8.5 | 2026-04-22 21:09:30 | Deep Dive |
| CVE-2026-41454 | WeKan < 8.35 Missing Authorization via Integration REST API | wekan | wekan | High | 8.3 | 2026-04-22 21:08:39 | Deep Dive |
| CVE-2026-41314 | pypdf: Manipulated FlateDecode image dimensions can exhaust RAM | py-pdf | pypdf | - | - | 2026-04-22 21:08:15 | Deep Dive |
| CVE-2026-41313 | pypdf: Possible long runtimes for wrong size values in incremental mode | py-pdf | pypdf | - | - | 2026-04-22 21:05:00 | Deep Dive |
| CVE-2026-41312 | pypdf: Manipulated FlateDecode predictor parameters can exhaust RAM | py-pdf | pypdf | - | - | 2026-04-22 21:02:53 | Deep Dive |
| CVE-2026-41168 | pypdf has possible long runtimes for wrong size values in cross-reference and object streams | py-pdf | pypdf | - | - | 2026-04-22 20:49:10 | Deep Dive |
| CVE-2026-41167 | Jellystat has SQL Injection that leads to to Remote Code Execution | CyferShepard | Jellystat | Critical | 9.1 | 2026-04-22 20:39:31 | Deep Dive |
| CVE-2026-40882 | OpenRemote has XXE in Velbus Asset Import | openremote | openremote | High | 7.6 | 2026-04-22 20:33:23 | Deep Dive |
| CVE-2026-41166 | OpenRemote has Improper Access Control via updateUserRealmRoles function | openremote | openremote | High | 7.0 | 2026-04-22 20:31:29 | Deep Dive |
| CVE-2026-41134 | Kiota: Code Generation Literal Injection | microsoft | kiota | - | - | 2026-04-22 20:20:58 | Deep Dive |