| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-31678 | openvswitch: defer tunnel netdev_put to RCU release | Linux | Linux | - | - | 2026-04-25 08:46:54 | Deep Dive |
| CVE-2026-31677 | crypto: af_alg - limit RX SG extraction by receive buffer budget | Linux | Linux | - | - | 2026-04-25 08:46:53 | Deep Dive |
| CVE-2026-31676 | rxrpc: only handle RESPONSE during service challenge | Linux | Linux | - | - | 2026-04-25 08:46:52 | Deep Dive |
| CVE-2026-31675 | net/sched: sch_netem: fix out-of-bounds access in packet corruption | Linux | Linux | - | - | 2026-04-25 08:46:51 | Deep Dive |
| CVE-2026-31674 | netfilter: ip6t_rt: reject oversized addrnr in rt_mt6_check() | Linux | Linux | - | - | 2026-04-25 08:46:50 | Deep Dive |
| CVE-2026-31673 | af_unix: read UNIX_DIAG_VFS data under unix_state_lock | Linux | Linux | - | - | 2026-04-25 08:46:49 | Deep Dive |
| CVE-2026-6951 | simple-git<3.36.0 RCE漏洞因--config未修复 | - | simple-git | Critical | 9.8 | 2026-04-25 05:00:05 | Deep Dive |
| CVE-2026-42171 | NSIS <3.12低IL目录权限提升漏洞 | Nullsoft | Nullsoft Scriptable Install System | High | 7.8 | 2026-04-24 21:20:36 | Deep Dive |
| CVE-2026-41248 | Official Clerk JavaScript SDKs: Middleware-based route protection bypass | clerk | astro | Critical | 9.1 | 2026-04-24 21:04:36 | Deep Dive |
| CVE-2026-41488 | angchain-openai: Image token counting SSRF protection can be bypassed via DNS rebinding | langchain-ai | langchain-openai | Low | 3.1 | 2026-04-24 20:57:26 | Deep Dive |
| CVE-2026-41481 | LangChain: HTMLHeaderTextSplitter.split_text_from_url SSRF Redirect Bypass | langchain-ai | langchain-text-splitters | Medium | 6.5 | 2026-04-24 20:54:28 | Deep Dive |
| CVE-2026-41478 | Saltcorn: SQL Injection via Unparameterized Sync Endpoints (maxLoadedId) | saltcorn | saltcorn | Critical | 9.9 | 2026-04-24 20:52:31 | Deep Dive |
| CVE-2026-41473 | CyberPanel < 2.4.4 Unauthenticated API Access via AI Scanner Endpoints | usmannasir | cyberpanel | - | - | 2026-04-24 20:40:36 | Deep Dive |
| CVE-2026-41472 | CyberPanel < 2.4.4 Stored XSS via AI Scanner Dashboard | usmannasir | cyberpanel | - | - | 2026-04-24 20:40:12 | Deep Dive |
| CVE-2026-41477 | Deskflow: Local privilege escalation via unauthenticated IPC | deskflow | deskflow | High | 7.8 | 2026-04-24 19:50:22 | Deep Dive |
| CVE-2026-41476 | Deskflow: clipboard deserialization global-buffer-overflow | deskflow | deskflow | - | - | 2026-04-24 19:47:45 | Deep Dive |
| CVE-2026-6968 | Multiple Path Traversal Variants in awslabs/tough | AWS | tough | Medium | 5.9 | 2026-04-24 19:44:45 | Deep Dive |
| CVE-2026-41503 | BACnet Stack: Out-of-Bounds Read in ReadPropertyMultiple Property Decoder via Deprecated Tag Parser | bacnet-stack | bacnet-stack | - | - | 2026-04-24 19:41:44 | Deep Dive |
| CVE-2026-6967 | Missing Delegated Metadata Validation in awslabs/tough | AWS | tough | Medium | 5.9 | 2026-04-24 19:41:43 | Deep Dive |
| CVE-2026-41502 | BACnet Stack: Off-by-One Out-of-Bounds Read in ReadPropertyMultiple Object ID Decoder | bacnet-stack | bacnet-stack | - | - | 2026-04-24 19:40:43 | Deep Dive |