| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-6829 | nesquena hermes-webui Arbitrary Workspace Directory Access | nesquena | hermes-webui | Medium | 6.3 | 2026-04-21 21:10:00 | Deep Dive |
| CVE-2026-40942 | DSF: Inverted Time Comparison in OIDC JWKS and Token Cache | datasharingframework | dsf | - | - | 2026-04-21 21:09:45 | Deep Dive |
| CVE-2026-40939 | DSF: Missing Session Timeout for OIDC Sessions | datasharingframework | dsf | - | - | 2026-04-21 21:07:11 | Deep Dive |
| CVE-2026-40933 | Flowise: Authenticated RCE Via MCP Adapters | FlowiseAI | Flowise | Critical | 9.9 | 2026-04-21 21:00:36 | Deep Dive |
| CVE-2026-6799 | Comfast CF-N1-S Endpoint mbox-config command injection | Comfast | CF-N1-S | Medium | 6.3 | 2026-04-21 21:00:21 | Deep Dive |
| CVE-2026-40931 | Complete Bypass of CVE-2026-24884 Patch via Git-Delivered Symlink Poisoning in compressing | node-modules | compressing | High | 8.4 | 2026-04-21 20:57:10 | Deep Dive |
| CVE-2026-40927 | Docmost: XSS in Comments with JavaScript URI | docmost | docmost | Medium | 5.4 | 2026-04-21 20:52:29 | Deep Dive |
| CVE-2026-40923 | Tekton Pipelines: VolumeMount path restriction bypass via missing filepath.Clean in /tekton/ check | tektoncd | pipeline | Medium | 5.4 | 2026-04-21 20:50:54 | Deep Dive |
| CVE-2026-40924 | Tekton Pipelines: HTTP Resolver Unbounded Response Body Read Enables Denial of Service via Memory Exhaustion | tektoncd | pipeline | Medium | 6.5 | 2026-04-21 20:47:47 | Deep Dive |
| CVE-2026-40938 | Tekton Pipelines: Git Resolver Unsanitized Revision Parameter Enables git Argument Injection Leading to RCE | tektoncd | pipeline | High | 7.5 | 2026-04-21 20:45:25 | Deep Dive |
| CVE-2026-6797 | Sanluan PublicCMS DocToHtmlUtils.java ZipSecureFile.setMinflateRatio resource consumption | Sanluan | PublicCMS | Medium | 4.3 | 2026-04-21 20:45:14 | Deep Dive |
| CVE-2026-33519 | Incorrect privilege assignment in Portal for ArcGIS | Esri | Portal for ArcGIS | Critical | 9.8 | 2026-04-21 20:38:29 | Deep Dive |
| CVE-2026-33518 | Incorrect privilege assignment in Portal for ArcGIS | Esri | Portal for ArcGIS | Critical | 9.8 | 2026-04-21 20:37:52 | Deep Dive |
| CVE-2026-6823 | HKUDS OpenHarness Insecure Default Remote Channel Allowlist | HKUDS | OpenHarness | High | 8.2 | 2026-04-21 20:36:46 | Deep Dive |
| CVE-2026-35252 | Oracle Security Service 安全漏洞 | Oracle Corporation | Oracle Security Service | Medium | 6.4 | 2026-04-21 20:35:55 | Deep Dive |
| CVE-2026-35250 | Oracle VM VirtualBox 安全漏洞 | Oracle Corporation | Oracle VM VirtualBox | Low | 2.3 | 2026-04-21 20:35:54 | Deep Dive |
| CVE-2026-35251 | Oracle VM VirtualBox 安全漏洞 | Oracle Corporation | Oracle VM VirtualBox | High | 7.5 | 2026-04-21 20:35:54 | Deep Dive |
| CVE-2026-35249 | Oracle VM VirtualBox 安全漏洞 | Oracle Corporation | Oracle VM VirtualBox | Low | 3.2 | 2026-04-21 20:35:53 | Deep Dive |
| CVE-2026-35248 | Oracle VM VirtualBox 安全漏洞 | Oracle Corporation | Oracle VM VirtualBox | Medium | 5.0 | 2026-04-21 20:35:53 | Deep Dive |
| CVE-2026-35247 | Oracle VM VirtualBox 安全漏洞 | Oracle Corporation | Oracle VM VirtualBox | Medium | 6.0 | 2026-04-21 20:35:52 | Deep Dive |