| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-6257 | Vvveb CMS v1.0.8 Remote Code Execution via Media Management | Vvveb | Vvveb CMS | Critical | 9.1 | 2026-04-20 19:09:46 | Deep Dive |
| CVE-2026-6248 | wpForo Forum <= 3.0.5 - Authenticated (Subscriber+) Arbitrary File Deletion via Custom Profile Field File Path | tomdever | wpForo Forum | High | 8.1 | 2026-04-20 18:31:33 | Deep Dive |
| CVE-2026-6060 | Possible DoS via SQL Box | OTRS AG | OTRS | Medium | 4.5 | 2026-04-20 18:20:02 | Deep Dive |
| CVE-2026-41389 | OpenClaw 2026.4.7 < 2026.4.15 - Arbitrary File Read via Unvalidated Tool-Result Media Paths | OpenClaw | OpenClaw | Medium | 5.8 | 2026-04-20 17:48:44 | Deep Dive |
| CVE-2026-23753 | GFI HelpDesk < 4.99.9 Stored XSS via charset Parameter | GFI Software | HelpDesk | Medium | 4.8 | 2026-04-20 17:33:59 | Deep Dive |
| CVE-2026-23752 | GFI HelpDesk < 4.99.9 Stored XSS via companyname Parameter | GFI Software | HelpDesk | Medium | 4.8 | 2026-04-20 17:33:23 | Deep Dive |
| CVE-2026-23756 | GFI HelpDesk < 4.99.9 Stored XSS via Troubleshooter Step Subject | GFI Software | HelpDesk | Medium | 5.4 | 2026-04-20 17:30:51 | Deep Dive |
| CVE-2026-23758 | GFI HelpDesk < 4.99.9 Stored XSS via editsubject Parameter | GFI Software | HelpDesk | - | - | 2026-04-20 17:30:07 | Deep Dive |
| CVE-2026-23757 | GFI HelpDesk < 4.99.10 Stored XSS via Reports Module | GFI Software | HelpDesk | Medium | 5.4 | 2026-04-20 17:27:56 | Deep Dive |
| CVE-2026-6662 | ericc-ch copilot-api Token Endpoint server.ts cors cross-domain policy | ericc-ch | copilot-api | High | 7.3 | 2026-04-20 17:00:18 | Deep Dive |
| CVE-2026-35154 | Dell PowerProtect Data Domain(Dell PowerProtect DD) 安全漏洞 | Dell | PowerProtect Data Domain appliances | Medium | 6.3 | 2026-04-20 16:50:57 | Deep Dive |
| CVE-2026-26951 | Dell PowerProtect Data Domain(Dell PowerProtect DD) 安全漏洞 | Dell | PowerProtect Data Domain | Medium | 6.7 | 2026-04-20 16:44:50 | Deep Dive |
| CVE-2026-22761 | Dell PowerProtect Data Domain(Dell PowerProtect DD) 安全漏洞 | Dell | PowerProtect Data Domain | Medium | 6.7 | 2026-04-20 16:39:40 | Deep Dive |
| CVE-2026-26942 | Dell PowerProtect Data Domain(Dell PowerProtect DD) 安全漏洞 | Dell | PowerProtect Data Domain | Medium | 6.7 | 2026-04-20 16:34:43 | Deep Dive |
| CVE-2026-26943 | Dell PowerProtect Data Domain(Dell PowerProtect DD) 安全漏洞 | Dell | PowerProtect Data Domain | High | 7.2 | 2026-04-20 16:28:53 | Deep Dive |
| CVE-2026-28684 | python-dotenv: Symlink following in set_key allows arbitrary file overwrite via cross-device rename fallback | theskumar | python-dotenv | Medium | 6.6 | 2026-04-20 16:25:12 | Deep Dive |
| CVE-2026-40488 | OpenMage LTS has Customer File Upload Extension Blocklist Bypass that Leads to Remote Code Execution | OpenMage | magento-lts | - | - | 2026-04-20 16:23:07 | Deep Dive |
| CVE-2026-24506 | Dell PowerProtect Data Domain(Dell PowerProtect DD) 安全漏洞 | Dell | PowerProtect Data Domain | High | 7.2 | 2026-04-20 16:22:38 | Deep Dive |
| CVE-2026-40098 | OpenMage LTS imports cross-user wishlist item via shared wishlist code, leading to private option disclosure and file-disclosure variant | OpenMage | magento-lts | - | - | 2026-04-20 16:19:55 | Deep Dive |
| CVE-2026-41445 | KissFFT Integer Overflow Heap Buffer Overflow via kiss_fftndr_alloc() | mborgerding | kissfft | High | 8.8 | 2026-04-20 16:18:50 | Deep Dive |