| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-40937 | RustFS missing admin authorization on notification target endpoints, which allows unauthenticated configuration of event webhooks | rustfs | rustfs | High | 8.3 | 2026-04-22 20:15:57 | Deep Dive |
| CVE-2026-33733 | EspoCRM has Admin TemplateManager path traversal that allows arbitrary file read write and delete | espocrm | espocrm | High | 7.2 | 2026-04-22 20:05:24 | Deep Dive |
| CVE-2026-33656 | EspoCRM vulnerable to authenticated RCE via Formula with path traversal in attachment `sourceId`, exploitable by admin user | espocrm | espocrm | Critical | 9.1 | 2026-04-22 20:01:24 | Deep Dive |
| CVE-2026-34068 | nimiq-transaction: UpdateValidator transactions allows voting key change without proof-of-knowledge | nimiq | nimiq-transaction | Medium | 6.8 | 2026-04-22 19:55:08 | Deep Dive |
| CVE-2026-3837 | Frappe Framework 16.10.0 - Stored DOM XSS in Multiple Field Formatters | Frappe | Frappe | - | - | 2026-04-22 19:52:56 | Deep Dive |
| CVE-2026-34067 | nimiq-transaction vulnerable to panic via `HistoryTreeProof` length mismatch | nimiq | nimiq-transaction | Low | 3.1 | 2026-04-22 19:52:44 | Deep Dive |
| CVE-2026-34066 | nimiq-blockchain: Peer-triggerable panic during history sync | nimiq | nimiq-blockchain | Medium | 5.3 | 2026-04-22 19:47:49 | Deep Dive |
| CVE-2026-34065 | nimiq-primitives: Node crash due to missing interlink validation in election macro block proposals | nimiq | nimiq-primitives | High | 7.5 | 2026-04-22 19:45:01 | Deep Dive |
| CVE-2026-34064 | nimiq-account: Vesting insufficient funds error can panic | nimiq | nimiq-account | Medium | 5.3 | 2026-04-22 19:43:04 | Deep Dive |
| CVE-2026-34063 | network-libp2p: Peer can crash the node by opening discovery protocol substream twice | nimiq | network-libp2p | High | 7.5 | 2026-04-22 19:40:27 | Deep Dive |
| CVE-2026-3673 | Frappe Framework 16.10.0 - Stored DOM XSS in Tag Pill Renderer | Frappe | Frappe | - | - | 2026-04-22 19:32:37 | Deep Dive |
| CVE-2026-6019 | BaseCookie.js_output() does not neutralize embedded characters | Python Software Foundation | CPython | - | - | 2026-04-22 19:28:09 | Deep Dive |
| CVE-2026-34062 | Nimiq has Allocation of Resources Without Limits or Throttling in its libp2p request/response | nimiq | network-libp2p | Medium | 5.3 | 2026-04-22 19:23:37 | Deep Dive |
| CVE-2026-33471 | nimiq-block has skip block quorum bypass via out-of-range BitSet indices & u16 truncation | nimiq | nimiq-block | Critical | 9.6 | 2026-04-22 19:13:05 | Deep Dive |
| CVE-2026-34413 | Xerte Online Toolkits Missing Authentication via connector.php | thexerteproject | xerteonlinetoolkits | High | 8.6 | 2026-04-22 18:33:44 | Deep Dive |
| CVE-2026-34415 | Xerte Online Toolkits File Upload RCE via elfinder Connector | thexerteproject | xerteonlinetoolkits | Critical | 9.8 | 2026-04-22 18:33:18 | Deep Dive |
| CVE-2026-34414 | Xerte Online Toolkits Path Traversal via connector.php | thexerteproject | xerteonlinetoolkits | High | 7.1 | 2026-04-22 18:32:46 | Deep Dive |
| CVE-2026-41459 | Xerte Online Toolkits Path Disclosure via /setup | thexerteproject | xerteonlinetoolkits | Medium | 5.3 | 2026-04-22 18:32:26 | Deep Dive |
| CVE-2026-28950 | Apple iOS和Apple iPadOS 安全漏洞 | Apple | iOS and iPadOS | - | - | 2026-04-22 18:22:39 | Deep Dive |
| CVE-2026-26354 | Dell PowerProtect Data Domain(Dell PowerProtect DD) 安全漏洞 | Dell | PowerProtect Data Domain | High | 8.1 | 2026-04-22 18:11:01 | Deep Dive |