| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-22051 | NetApp StorageGRID 安全漏洞 | NETAPP | StorageGRID (formerly StorageGRID Webscale) | - | - | 2026-04-20 21:27:37 | Deep Dive |
| CVE-2026-5450 | scanf %mc off-by-one heap buffer overflow | The GNU C Library | glibc | - | - | 2026-04-20 20:55:41 | Deep Dive |
| CVE-2026-5928 | Static buffer overflow in deprecated nis_local_principal | The GNU C Library | glibc | - | - | 2026-04-20 20:37:32 | Deep Dive |
| CVE-2026-33626 | LMDeploy Vulnerable to Server-Side Request Forgery (SSRF) via Vision-Language Image Loading | InternLM | lmdeploy | High | 7.5 | 2026-04-20 20:29:20 | Deep Dive |
| CVE-2026-4852 | Image Source Control Lite – Show Image Credits and Captions <= 3.9.1 - Authenticated (Author+) Stored Cross-Site Scripting via 'Image Source' Field | webzunft | Image Source Control Lite – Show Image Credits and Captions | Medium | 6.4 | 2026-04-20 20:26:53 | Deep Dive |
| CVE-2026-33432 | Roxy-WI has Pre-Authentication LDAP Injection that Leads to Authentication Bypass | roxy-wi | roxy-wi | - | - | 2026-04-20 20:26:52 | Deep Dive |
| CVE-2026-33431 | Roxy-WI Vulnerable to Authenticated Arbitrary File Read via Path Traversal in Config Version Viewer | roxy-wi | roxy-wi | - | - | 2026-04-20 20:24:15 | Deep Dive |
| CVE-2026-34403 | Nginx-UI vulnerable to Cross-Site WebSocket Hijacking (CSWSH) via missing origin validation on all WebSocket endpoints | 0xJacky | nginx-ui | - | - | 2026-04-20 20:16:48 | Deep Dive |
| CVE-2026-33031 | Nginx-UI: Disabled users retain full API access through previously issued bearer tokens | 0xJacky | nginx-ui | - | - | 2026-04-20 20:12:08 | Deep Dive |
| CVE-2026-32613 | Spinnaker vulnerable to RCE via expression parsing due to unrestricted context handling | spinnaker | spinnaker | Critical | 9.9 | 2026-04-20 20:07:25 | Deep Dive |
| CVE-2026-32604 | Spinnaker vulnerable to RCE when using gitrepo artifact types due to improper sanitization of user input on branch and paths | spinnaker | spinnaker | Critical | 9.9 | 2026-04-20 20:00:58 | Deep Dive |
| CVE-2026-6249 | Vvveb CMS 1.0.8 Remote Code Execution via Media Upload | Vvveb | Vvveb CMS | High | 8.8 | 2026-04-20 19:57:38 | Deep Dive |
| CVE-2026-32311 | Command Injection and Docker container escape allows root on host machine | reconurge | flowsint | - | - | 2026-04-20 19:56:33 | Deep Dive |
| CVE-2026-5478 | Everest Forms <= 3.4.4 - Unauthenticated Arbitrary File Read and Deletion via Upload Field 'old_files' Parameter | wpeverest | Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder | High | 8.1 | 2026-04-20 19:27:08 | Deep Dive |
| CVE-2026-32135 | NanoMQ has Heap Buffer Overflow in URI Parameter Parsing | nanomq | nanomq | - | - | 2026-04-20 19:23:10 | Deep Dive |
| CVE-2026-6550 | Key commitment policy bypass via shared key cache in AWS Encryption SDK for Python | AWS | AWS Encryption SDK for Python | Medium | 4.7 | 2026-04-20 19:20:23 | Deep Dive |
| CVE-2026-6257 | Vvveb CMS v1.0.8 Remote Code Execution via Media Management | Vvveb | Vvveb CMS | Critical | 9.1 | 2026-04-20 19:09:46 | Deep Dive |
| CVE-2026-6248 | wpForo Forum <= 3.0.5 - Authenticated (Subscriber+) Arbitrary File Deletion via Custom Profile Field File Path | tomdever | wpForo Forum | High | 8.1 | 2026-04-20 18:31:33 | Deep Dive |
| CVE-2026-6060 | Possible DoS via SQL Box | OTRS AG | OTRS | Medium | 4.5 | 2026-04-20 18:20:02 | Deep Dive |
| CVE-2026-41389 | OpenClaw 2026.4.7 < 2026.4.15 - Arbitrary File Read via Unvalidated Tool-Result Media Paths | OpenClaw | OpenClaw | Medium | 5.8 | 2026-04-20 17:48:44 | Deep Dive |