| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-40567 | FreeScout has HTML Injection in Outgoing Emails via Unsanitized Customer Name in Signature Variables | freescout-help-desk | freescout | Medium | 5.8 | 2026-04-21 16:06:40 | Deep Dive |
| CVE-2026-25542 | Tekton Pipelines: VerificationPolicy regex pattern bypass via substring matching | tektoncd | pipeline | Medium | 6.5 | 2026-04-21 16:05:43 | Deep Dive |
| CVE-2026-40566 | FreeScout vulnerable to SSRF via IMAP/SMTP Connection Test Endpoints | freescout-help-desk | freescout | Medium | 4.1 | 2026-04-21 16:04:36 | Deep Dive |
| CVE-2026-40565 | FreeScout has Stored XSS / CSS Injection via linkify() — Unescaped URL in Anchor href | freescout-help-desk | freescout | Medium | 6.1 | 2026-04-21 15:52:39 | Deep Dive |
| CVE-2025-15638 | Net::Dropbear versions before 0.14 for Perl contains a vulnerable version of libtomcrypt | ATRODO | Net::Dropbear | - | - | 2026-04-21 15:34:19 | Deep Dive |
| CVE-2017-20230 | Storable versions before 3.05 for Perl has a stack overflow | NWCLARK | Storable | - | - | 2026-04-21 15:26:18 | Deep Dive |
| CVE-2025-41011 | HTML injection in PHP Point Of Sale | PHP Point Of Sale | PHP Point Of Sale | - | - | 2026-04-21 15:15:32 | Deep Dive |
| CVE-2026-40498 | FreeScout has Authentication Bypass and Information Disclosure in SystemController via /system/cron | freescout-help-desk | freescout | - | - | 2026-04-21 15:01:20 | Deep Dive |
| CVE-2025-41029 | SQL injection in Zeon Academy Pro by Zeon Global Tech | Zeon Global Tech | Zeon Academy Pro | - | - | 2026-04-21 14:59:40 | Deep Dive |
| CVE-2026-3298 | Out-of-bounds write in Windows asyncio.ProacterEventLoop.sock_recvfrom_into() when using nbytes | Python Software Foundation | CPython | - | - | 2026-04-21 14:45:02 | Deep Dive |
| CVE-2025-10354 | Reflected Cross-Site Scripting (XSS) in Semantic MediaWiki | Semantic MediaWiki | Semantic MediaWiki | - | - | 2026-04-21 14:42:38 | Deep Dive |
| CVE-2025-31981 | HCL BigFix Service Management (SM) Discovery is vulnerable to unenforced encryption | HCLSoftware | BigFix Service Management (SM) | Medium | 5.3 | 2026-04-21 14:26:39 | Deep Dive |
| CVE-2026-5789 | Search path without quotes in CivetWeb | CivetWeb | CivetWeb | - | - | 2026-04-21 14:22:06 | Deep Dive |
| CVE-2026-1089 | User‑Controlled HTTP Header In Fortra's GoAnywhere MFT Allows Arbitrary DNS Lookups | Fortra | GoAnywhere MFT | Medium | 6.5 | 2026-04-21 14:14:58 | Deep Dive |
| CVE-2026-0972 | HTML Injection possible in system generated emails in Fortra's GoAnywhere MFT | Fortra | GoAnywhere MFT | Medium | 5.4 | 2026-04-21 14:14:38 | Deep Dive |
| CVE-2026-0971 | GoAnywhere MFT SAML Sessions do not redirect to logout URL on session timeout | Fortra | GoAnywhere MFT | Medium | 4.3 | 2026-04-21 14:14:23 | Deep Dive |
| CVE-2025-14362 | GoAnywhere MFT SFTP Service Login Vulnerable to Brute Force Attack Under Certain Circumstances | Fortra | GoAnywhere MFT | High | 7.3 | 2026-04-21 14:14:08 | Deep Dive |
| CVE-2025-1241 | Encryption vulnerable to brute-force decryption in GoAnywhere MFT | Fortra | GoAnywhere MFT | Medium | 5.8 | 2026-04-21 14:10:10 | Deep Dive |
| CVE-2025-31958 | HCL BigFix Service Management (SM) is susceptible to HTTP Request Smuggling | HCLSoftware | BigFix Service Management (SM) | Low | 3.7 | 2026-04-21 13:59:15 | Deep Dive |
| CVE-2026-6786 | Memory safety bugs fixed in Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150 | Mozilla | Firefox | - | - | 2026-04-21 12:41:15 | Deep Dive |