| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-33813 | Panic when decoding large WEBP image on 32-bit platforms in golang.org/x/image | golang.org/x/image | golang.org/x/image/webp | - | - | 2026-04-21 19:21:28 | Deep Dive |
| CVE-2026-40881 | Zebra: addr/addrv2 Deserialization Resource Exhaustion | ZcashFoundation | zebrad | - | - | 2026-04-21 19:20:53 | Deep Dive |
| CVE-2026-40372 | ASP.NET Core Elevation of Privilege Vulnerability | Microsoft | ASP.NET Core 10.0 | Critical | 9.1 | 2026-04-21 19:20:50 | Deep Dive |
| CVE-2026-40875 | mailcow: dockerized vulnerable to stored XSS in user login history real_rip | mailcow | mailcow-dockerized | - | - | 2026-04-21 19:19:56 | Deep Dive |
| CVE-2026-40880 | Zebra: Cached Mempool Verification Bypasses Consensus Rules for Ahead-of-Tip Blocks | ZcashFoundation | zebrad | - | - | 2026-04-21 19:18:23 | Deep Dive |
| CVE-2026-40874 | mailcow: dockerized missing authorization on Forwarding Hosts delete action | mailcow | mailcow-dockerized | - | - | 2026-04-21 19:17:45 | Deep Dive |
| CVE-2026-40873 | mailcow: dockerized vulnerable to stored XSS in Quarantine attachment filenames | mailcow | mailcow-dockerized | - | - | 2026-04-21 19:15:39 | Deep Dive |
| CVE-2026-40872 | mailcow: dockerized vulnerable to stored XSS in autodiscover logs email address field | mailcow | mailcow-dockerized | - | - | 2026-04-21 19:14:45 | Deep Dive |
| CVE-2026-40879 | Nest: DoS via Recursive handleData in JsonSocket (TCP Transport) | nestjs | nest | High | 7.5 | 2026-04-21 19:14:18 | Deep Dive |
| CVE-2026-40871 | mailcow: dockerized vulnerable to Second Order SQL Injection in quarantine category via API | mailcow | mailcow-dockerized | High | 7.2 | 2026-04-21 19:12:53 | Deep Dive |
| CVE-2026-40869 | Decidim amendments can be accepted or rejected by anyone | decidim | decidim | High | 7.5 | 2026-04-21 19:08:28 | Deep Dive |
| CVE-2026-40870 | Decidim's comments API allows access to all commentable resources | decidim | decidim | High | 7.5 | 2026-04-21 19:06:09 | Deep Dive |
| CVE-2026-22751 | Spring Security JdbcOneTimeTokenService allows a one-time token to authenticate multiple sessions | Spring | Spring Security | Medium | 4.8 | 2026-04-21 18:30:35 | Deep Dive |
| CVE-2026-6745 | Bagisto Custom Scripts cross site scripting | - | Bagisto | Low | 3.5 | 2026-04-21 18:30:18 | Deep Dive |
| CVE-2026-40868 | kyverno apicall servicecall implicit bearer token injection leaks kyverno serviceaccount token | kyverno | kyverno | High | 8.1 | 2026-04-21 18:22:02 | Deep Dive |
| CVE-2026-40867 | Horilla: Unauthorized Helpdesk Attachment Access via Attachment ID Manipulation | horilla-opensource | horilla | - | - | 2026-04-21 18:16:29 | Deep Dive |
| CVE-2026-40866 | Horilla: Unauthorized Document Overwrite via File Upload Endpoint | horilla-opensource | horilla | - | - | 2026-04-21 18:15:30 | Deep Dive |
| CVE-2026-40865 | Horilla: Insecure Direct Object Reference at `/employee/view-file/<int:id> | horilla-opensource | horilla | - | - | 2026-04-21 18:14:20 | Deep Dive |
| CVE-2026-40614 | PJSIP: Heap buffer overflow in Opus codec decoding | pjsip | pjproject | - | - | 2026-04-21 18:04:15 | Deep Dive |
| CVE-2026-41456 | Bludit CMS Reflected XSS via Search Plugin | bludit | bludit | - | - | 2026-04-21 18:03:00 | Deep Dive |