| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-40589 | FreeScout has Customer Edit Cross-Mailbox Email Takeover | freescout-help-desk | freescout | High | 7.6 | 2026-04-21 16:50:22 | Deep Dive |
| CVE-2026-40050 | CrowdStrike LogScale Unauthenticated Path Traversal | CrowdStrike | LogScale Self-Hosted | Critical | 9.8 | 2026-04-21 16:48:25 | Deep Dive |
| CVE-2026-40570 | FreeScout's Missing Authorization in load_customer_info Allows Any Authenticated User to Access Full Customer PII | freescout-help-desk | freescout | - | - | 2026-04-21 16:48:08 | Deep Dive |
| CVE-2026-40569 | FreeScout's Mass Assignment in Mailbox Connection Settings Enables Silent Email Exfiltration | freescout-help-desk | freescout | Critical | 9.0 | 2026-04-21 16:46:16 | Deep Dive |
| CVE-2026-40576 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in excel-mcp-server | haris-musa | excel-mcp-server | Critical | 9.4 | 2026-04-21 16:35:16 | Deep Dive |
| CVE-2026-5652 | Authorization Bypass Through User-Controlled Key in Crafty Controller | Arcadia Technology, LLC | Crafty Controller | Critical | 9.0 | 2026-04-21 16:33:57 | Deep Dive |
| CVE-2026-40574 | OAuth2 Proxy has an Authorization Bypass in Email Domain Validation via Malformed Multi-@ Email Claims | oauth2-proxy | oauth2-proxy | Medium | 6.8 | 2026-04-21 16:32:35 | Deep Dive |
| CVE-2026-6743 | WebSystems WebTOTUM Calendar cross site scripting | WebSystems | WebTOTUM | Low | 3.5 | 2026-04-21 16:30:14 | Deep Dive |
| CVE-2026-40279 | BACnet Stack: Undefined-behavior signed left shift in `decode_signed32()` | bacnet-stack | bacnet-stack | Low | 3.7 | 2026-04-21 16:29:16 | Deep Dive |
| CVE-2026-40161 | Tekton Pipelines: Git resolver API mode leaks system-configured API token to user-controlled serverURL | tektoncd | pipeline | High | 7.7 | 2026-04-21 16:26:27 | Deep Dive |
| CVE-2026-35451 | Twenty: Stored XSS via BlockNote FileBlock | twentyhq | twenty | Medium | 5.7 | 2026-04-21 16:22:30 | Deep Dive |
| CVE-2026-29179 | October: Editor Sub-Permission Bypass for Asset and Blueprint File Operations | octobercms | october | Low | 3.3 | 2026-04-21 16:19:52 | Deep Dive |
| CVE-2026-24189 | NVIDIA CUDA-Q 缓冲区错误漏洞 | NVIDIA | CUDA-Q | High | 8.2 | 2026-04-21 16:17:54 | Deep Dive |
| CVE-2026-24177 | NVIDIA KAI Scheduler 访问控制错误漏洞 | NVIDIA | KAI Scheduler | High | 7.7 | 2026-04-21 16:17:26 | Deep Dive |
| CVE-2026-27937 | October: Reflected XSS via DataTable Form Widget | octobercms | october | Low | 3.1 | 2026-04-21 16:17:07 | Deep Dive |
| CVE-2026-24176 | NVIDIA KAI Scheduler 安全漏洞 | NVIDIA | KAI Scheduler | Medium | 4.3 | 2026-04-21 16:17:01 | Deep Dive |
| CVE-2026-26274 | October: Safe Mode Bypass via Twig Database Write Operations | octobercms | october | Medium | 6.6 | 2026-04-21 16:16:06 | Deep Dive |
| CVE-2026-26067 | October: Safe Mode Bypass via CSS Preprocessor Compilers | octobercms | october | Medium | 4.9 | 2026-04-21 16:16:03 | Deep Dive |
| CVE-2019-25714 | Seeyon Office Anywhere (OA) A8 Unauthenticated Arbitrary File Write via htmlofficeservlet | Seeyon Internet Software | A8-V5 Collaborative Management Software | - | - | 2026-04-21 16:11:55 | Deep Dive |
| CVE-2026-40568 | FreeScout Vulnerable to XSS via Mailbox Signature Due to Incomplete HTML Sanitization | freescout-help-desk | freescout | High | 8.5 | 2026-04-21 16:08:37 | Deep Dive |