| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-41183 | FreeScout allows non-folder conversation queries to disclose assigned-only hidden conversations | freescout-help-desk | freescout | Medium | 4.3 | 2026-04-21 17:00:39 | Deep Dive |
| CVE-2026-21571 | Atlassian Bamboo Data Center 安全漏洞 | Atlassian | Bamboo Data Center | - | - | 2026-04-21 17:00:06 | Deep Dive |
| CVE-2026-40583 | UltraDAG: SmartOp Vote Path Triggers Fatal Supply Invariant Halt | UltraDAGcom | core | - | - | 2026-04-21 16:57:42 | Deep Dive |
| CVE-2026-40592 | FreeScout's cross-user undo reply allows mailbox peers to recall another agent's outbound reply | freescout-help-desk | freescout | Medium | 5.9 | 2026-04-21 16:57:33 | Deep Dive |
| CVE-2026-40591 | FreeScout: Improper Authorization in Phone Conversation Creation Enables Cross-Mailbox Hidden Customer Modification | freescout-help-desk | freescout | High | 7.1 | 2026-04-21 16:54:14 | Deep Dive |
| CVE-2026-40590 | FreeScout's Customer AJAX Create Modifies Hidden Existing Customer | freescout-help-desk | freescout | Medium | 4.3 | 2026-04-21 16:52:28 | Deep Dive |
| CVE-2026-40589 | FreeScout has Customer Edit Cross-Mailbox Email Takeover | freescout-help-desk | freescout | High | 7.6 | 2026-04-21 16:50:22 | Deep Dive |
| CVE-2026-40050 | CrowdStrike LogScale Unauthenticated Path Traversal | CrowdStrike | LogScale Self-Hosted | Critical | 9.8 | 2026-04-21 16:48:25 | Deep Dive |
| CVE-2026-40570 | FreeScout's Missing Authorization in load_customer_info Allows Any Authenticated User to Access Full Customer PII | freescout-help-desk | freescout | - | - | 2026-04-21 16:48:08 | Deep Dive |
| CVE-2026-40569 | FreeScout's Mass Assignment in Mailbox Connection Settings Enables Silent Email Exfiltration | freescout-help-desk | freescout | Critical | 9.0 | 2026-04-21 16:46:16 | Deep Dive |
| CVE-2026-40576 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in excel-mcp-server | haris-musa | excel-mcp-server | Critical | 9.4 | 2026-04-21 16:35:16 | Deep Dive |
| CVE-2026-5652 | Authorization Bypass Through User-Controlled Key in Crafty Controller | Arcadia Technology, LLC | Crafty Controller | Critical | 9.0 | 2026-04-21 16:33:57 | Deep Dive |
| CVE-2026-40574 | OAuth2 Proxy has an Authorization Bypass in Email Domain Validation via Malformed Multi-@ Email Claims | oauth2-proxy | oauth2-proxy | Medium | 6.8 | 2026-04-21 16:32:35 | Deep Dive |
| CVE-2026-6743 | WebSystems WebTOTUM Calendar cross site scripting | WebSystems | WebTOTUM | Low | 3.5 | 2026-04-21 16:30:14 | Deep Dive |
| CVE-2026-40279 | BACnet Stack: Undefined-behavior signed left shift in `decode_signed32()` | bacnet-stack | bacnet-stack | Low | 3.7 | 2026-04-21 16:29:16 | Deep Dive |
| CVE-2026-40161 | Tekton Pipelines: Git resolver API mode leaks system-configured API token to user-controlled serverURL | tektoncd | pipeline | High | 7.7 | 2026-04-21 16:26:27 | Deep Dive |
| CVE-2026-35451 | Twenty: Stored XSS via BlockNote FileBlock | twentyhq | twenty | Medium | 5.7 | 2026-04-21 16:22:30 | Deep Dive |
| CVE-2026-29179 | October: Editor Sub-Permission Bypass for Asset and Blueprint File Operations | octobercms | october | Low | 3.3 | 2026-04-21 16:19:52 | Deep Dive |
| CVE-2026-24189 | NVIDIA CUDA-Q 缓冲区错误漏洞 | NVIDIA | CUDA-Q | High | 8.2 | 2026-04-21 16:17:54 | Deep Dive |
| CVE-2026-24177 | NVIDIA KAI Scheduler 访问控制错误漏洞 | NVIDIA | KAI Scheduler | High | 7.7 | 2026-04-21 16:17:26 | Deep Dive |