| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-34082 | Dify has IDOR in deleting someone else's chat conversation | langgenius | dify | - | - | 2026-04-20 23:03:18 | Deep Dive |
| CVE-2026-5721 | wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin <= 6.5.0.4 - Unauthenticated Stored Cross-Site Scripting via CSV/Excel Data Import | wpdatatables | wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin | Medium | 4.7 | 2026-04-20 22:25:27 | Deep Dive |
| CVE-2026-6729 | HKUDS OpenHarness Session Key Collision Privilege Escalation | HKUDS | OpenHarness | Medium | 6.3 | 2026-04-20 22:01:39 | Deep Dive |
| CVE-2026-0930 | Potential wolfSSHd Buffer out-of-bounds Read on Windows Handling Terminal Resize | wolfSSL | wolfSSH | - | - | 2026-04-20 21:28:33 | Deep Dive |
| CVE-2026-22051 | NetApp StorageGRID 安全漏洞 | NETAPP | StorageGRID (formerly StorageGRID Webscale) | - | - | 2026-04-20 21:27:37 | Deep Dive |
| CVE-2026-5450 | scanf %mc off-by-one heap buffer overflow | The GNU C Library | glibc | - | - | 2026-04-20 20:55:41 | Deep Dive |
| CVE-2026-5928 | Static buffer overflow in deprecated nis_local_principal | The GNU C Library | glibc | - | - | 2026-04-20 20:37:32 | Deep Dive |
| CVE-2026-33626 | LMDeploy Vulnerable to Server-Side Request Forgery (SSRF) via Vision-Language Image Loading | InternLM | lmdeploy | High | 7.5 | 2026-04-20 20:29:20 | Deep Dive |
| CVE-2026-4852 | Image Source Control Lite – Show Image Credits and Captions <= 3.9.1 - Authenticated (Author+) Stored Cross-Site Scripting via 'Image Source' Field | webzunft | Image Source Control Lite – Show Image Credits and Captions | Medium | 6.4 | 2026-04-20 20:26:53 | Deep Dive |
| CVE-2026-33432 | Roxy-WI has Pre-Authentication LDAP Injection that Leads to Authentication Bypass | roxy-wi | roxy-wi | - | - | 2026-04-20 20:26:52 | Deep Dive |
| CVE-2026-33431 | Roxy-WI Vulnerable to Authenticated Arbitrary File Read via Path Traversal in Config Version Viewer | roxy-wi | roxy-wi | - | - | 2026-04-20 20:24:15 | Deep Dive |
| CVE-2026-34403 | Nginx-UI vulnerable to Cross-Site WebSocket Hijacking (CSWSH) via missing origin validation on all WebSocket endpoints | 0xJacky | nginx-ui | - | - | 2026-04-20 20:16:48 | Deep Dive |
| CVE-2026-33031 | Nginx-UI: Disabled users retain full API access through previously issued bearer tokens | 0xJacky | nginx-ui | - | - | 2026-04-20 20:12:08 | Deep Dive |
| CVE-2026-32613 | Spinnaker vulnerable to RCE via expression parsing due to unrestricted context handling | spinnaker | spinnaker | Critical | 9.9 | 2026-04-20 20:07:25 | Deep Dive |
| CVE-2026-32604 | Spinnaker vulnerable to RCE when using gitrepo artifact types due to improper sanitization of user input on branch and paths | spinnaker | spinnaker | Critical | 9.9 | 2026-04-20 20:00:58 | Deep Dive |
| CVE-2026-6249 | Vvveb CMS 1.0.8 Remote Code Execution via Media Upload | Vvveb | Vvveb CMS | High | 8.8 | 2026-04-20 19:57:38 | Deep Dive |
| CVE-2026-32311 | Command Injection and Docker container escape allows root on host machine | reconurge | flowsint | - | - | 2026-04-20 19:56:33 | Deep Dive |
| CVE-2026-5478 | Everest Forms <= 3.4.4 - Unauthenticated Arbitrary File Read and Deletion via Upload Field 'old_files' Parameter | wpeverest | Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder | High | 8.1 | 2026-04-20 19:27:08 | Deep Dive |
| CVE-2026-32135 | NanoMQ has Heap Buffer Overflow in URI Parameter Parsing | nanomq | nanomq | - | - | 2026-04-20 19:23:10 | Deep Dive |
| CVE-2026-6550 | Key commitment policy bypass via shared key cache in AWS Encryption SDK for Python | AWS | AWS Encryption SDK for Python | Medium | 4.7 | 2026-04-20 19:20:23 | Deep Dive |