| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-41144 | F´ (F Prime) has Integer Overflow in FileUplink | nasa | fprime | None | 0.0 | 2026-04-21 23:58:12 | Deep Dive |
| CVE-2026-41136 | free5GC AMF missing default case in Content-Type switch in HTTPUEContextTransfer | free5gc | amf | - | - | 2026-04-21 23:54:37 | Deep Dive |
| CVE-2026-41135 | free5GC PCF: Memory Leak via CORS Middleware Registration in HTTP Handler Leads to Denial of Service | free5gc | pcf | High | 7.5 | 2026-04-21 23:49:20 | Deep Dive |
| CVE-2026-40343 | free5GC UDR: Fail-open handling in PolicyDataSubsToNotifyPost allows unintended subscription creation | free5gc | udr | - | - | 2026-04-21 23:47:33 | Deep Dive |
| CVE-2026-41133 | pyLoad has Stale Session Privilege After Role/Permission Change (Privilege Revocation Bypass) | pyload | pyload | High | 8.8 | 2026-04-21 23:41:06 | Deep Dive |
| CVE-2026-41131 | OpenFGA has Improper Policy Enforcement | openfga | openfga | Medium | 5.0 | 2026-04-21 23:38:30 | Deep Dive |
| CVE-2026-41130 | Craft CMS has a host header injection leading to SSRF via resource-js endpoint | craftcms | cms | - | - | 2026-04-21 23:36:31 | Deep Dive |
| CVE-2026-41129 | Craft CMS has Server-Side Request Forgery (SSRF) with Asset Uploads Mutations | craftcms | cms | - | - | 2026-04-21 23:34:57 | Deep Dive |
| CVE-2026-41128 | Craft CMS has a Missing Authorization Check on User Group Removal via save-permissions Action | craftcms | cms | - | - | 2026-04-21 23:32:38 | Deep Dive |
| CVE-2026-41127 | BigBlueButton's missing authorization allows viewer to inject/overwrite captions | bigbluebutton | bigbluebutton | Medium | 6.5 | 2026-04-21 23:24:47 | Deep Dive |
| CVE-2026-41126 | BigBlueButton has Open Redirect through bigbluebutton/api/join via get-parameter "logoutURL" | bigbluebutton | bigbluebutton | Medium | 4.3 | 2026-04-21 23:22:35 | Deep Dive |
| CVE-2026-40575 | OAuth2 Proxy has an Authentication Bypass via X-Forwarded-Uri Header Spoofing | oauth2-proxy | oauth2-proxy | Critical | 9.1 | 2026-04-21 23:20:30 | Deep Dive |
| CVE-2026-41059 | OAuth2 Proxy has an Authentication Bypass via Fragment Confusion in skip_auth_routes and skip_auth_regex | oauth2-proxy | oauth2-proxy | High | 8.2 | 2026-04-21 23:17:47 | Deep Dive |
| CVE-2026-41304 | WWBN AVideo vulnerable to RCE caused by clonesite plugin | WWBN | AVideo | - | - | 2026-04-21 23:07:49 | Deep Dive |
| CVE-2026-41064 | AVideo has an incomplete fix for CVE-2026-33502 (Command Injection) | WWBN | AVideo | Critical | 9.3 | 2026-04-21 23:04:32 | Deep Dive |
| CVE-2026-41063 | WWBN AVideo has incomplete fix for CVE-2026-33500 (XSS) | WWBN | AVideo | Medium | 5.4 | 2026-04-21 22:59:53 | Deep Dive |
| CVE-2026-41062 | WWBN/AVideo has an incomplete fix for a directory traversal bypass via query string in ReceiveImage downloadURL parameters | WWBN | AVideo | Medium | 6.5 | 2026-04-21 22:57:26 | Deep Dive |
| CVE-2026-41061 | WWBN AVideo Vulnerable to stored XSS via Unanchored Duration Regex in Video Encoder Receiver | WWBN | AVideo | Medium | 5.4 | 2026-04-21 22:49:41 | Deep Dive |
| CVE-2026-41060 | AVideo's SSRF via same-domain hostname with alternate port bypasses isSSRFSafeURL | WWBN | AVideo | High | 7.7 | 2026-04-21 22:44:44 | Deep Dive |
| CVE-2026-41058 | AVideo has an incomplete fix for CVE-2026-33293 (Path Traversal) in AVideo | WWBN | AVideo | High | 8.1 | 2026-04-21 22:43:17 | Deep Dive |