| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-1845 | Real Estate Pro <= 1.0.9 - Authenticated (Admin+) Stored Cross-Site Scripting via Settings | bhubbard | Real Estate Pro | Medium | 5.5 | 2026-04-22 07:45:31 | Deep Dive |
| CVE-2026-4131 | WP Responsive Popup + Optin <= 1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'wpo_image_url' Parameter | sphex1987 | WP Responsive Popup + Optin | Medium | 6.1 | 2026-04-22 07:45:31 | Deep Dive |
| CVE-2026-1379 | HTTP Headers <= 1.19.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Custom Headers' Plugin Setting | zinoui | HTTP Headers | Medium | 4.4 | 2026-04-22 07:45:30 | Deep Dive |
| CVE-2026-4279 | Bread & Butter: Content Gating for Verified Leads <= 8.2.0.25 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes | breadbutter | Bread & Butter: AI-Powered Lead Intelligence | Medium | 6.4 | 2026-04-22 07:45:30 | Deep Dive |
| CVE-2026-4082 | ER Swiffy Insert <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes | erithq | ER Swiffy Insert | Medium | 6.4 | 2026-04-22 07:45:30 | Deep Dive |
| CVE-2026-5820 | Zypento Blocks <= 1.0.6 - Authenticated (Author+) Stored Cross-Site Scripting via Table of Contents Block | sproutient | Zypento Blocks | Medium | 6.4 | 2026-04-22 07:45:29 | Deep Dive |
| CVE-2026-6842 | Nano: nano: local attacker can inject malicious .desktop launcher due to insecure directory permissions | Red Hat | Red Hat Enterprise Linux 10 | Low | 2.5 | 2026-04-22 07:34:26 | Deep Dive |
| CVE-2026-6023 | Deserialization of Untrusted Data Vulnerability in Telerik UI for ASP.NET AJAX | Progress Software | Telerik UI for ASP.NET AJAX | High | 8.1 | 2026-04-22 07:13:08 | Deep Dive |
| CVE-2026-6022 | Uncontrolled Resource Consumption Vulnerability in Telerik UI for ASP.NET AJAX | Progress Software | Telerik UI for ASP.NET AJAX | High | 7.5 | 2026-04-22 07:07:31 | Deep Dive |
| CVE-2026-40542 | Apache HttpClient: SCRAM-SHA-256 mutual authentication bypass may cause the client to accept authentication without proper mutual authentication verification | Apache Software Foundation | Apache HttpClient | - | - | 2026-04-22 07:07:21 | Deep Dive |
| CVE-2026-6840 | ONE 输入验证错误漏洞 | Samsung Open Source | ONE | Medium | 5.5 | 2026-04-22 06:08:32 | Deep Dive |
| CVE-2026-6839 | ONE 安全漏洞 | Samsung Open Source | ONE | Medium | 6.6 | 2026-04-22 06:07:07 | Deep Dive |
| CVE-2026-41667 | ONE 输入验证错误漏洞 | Samsung Open Source | ONE | Medium | 6.6 | 2026-04-22 05:57:29 | Deep Dive |
| CVE-2026-41666 | ONE 输入验证错误漏洞 | Samsung Open Source | ONE | Medium | 6.6 | 2026-04-22 05:56:19 | Deep Dive |
| CVE-2026-41665 | ONE 输入验证错误漏洞 | Samsung Open Source | ONE | Medium | 6.1 | 2026-04-22 05:55:17 | Deep Dive |
| CVE-2026-41664 | ONE 输入验证错误漏洞 | Samsung Open Source | ONE | Medium | 6.6 | 2026-04-22 05:54:11 | Deep Dive |
| CVE-2026-40450 | ONE 输入验证错误漏洞 | Samsung Open Source | ONE | Medium | 6.6 | 2026-04-22 05:53:11 | Deep Dive |
| CVE-2026-40449 | ONE 输入验证错误漏洞 | Samsung Open Source | ONE | Medium | 6.6 | 2026-04-22 05:51:35 | Deep Dive |
| CVE-2026-40448 | ONE 输入验证错误漏洞 | Samsung Open Source | ONE | Medium | 5.3 | 2026-04-22 05:40:26 | Deep Dive |
| CVE-2026-22754 | ervlet Path Not Correctly Included in Path Matching of XML Authorization Rules | Spring | Spring Security | High | 7.5 | 2026-04-22 05:32:48 | Deep Dive |