| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-25883 | Vexa Webhook Feature has a SSRF Vulnerability | Vexa-ai | vexa | Medium | 5.8 | 2026-04-20 16:04:37 | Deep Dive |
| CVE-2026-25058 | Vexa's unauthenticated internal transcript endpoint exposed by default | Vexa-ai | vexa | High | 7.5 | 2026-04-20 16:03:07 | Deep Dive |
| CVE-2026-23774 | Dell PowerProtect Data Domain(Dell PowerProtect DD) 安全漏洞 | Dell | PowerProtect Data Domain | High | 7.2 | 2026-04-20 15:58:47 | Deep Dive |
| CVE-2026-26944 | Dell PowerProtect Data Domain(Dell PowerProtect DD) 安全漏洞 | Dell | PowerProtect Data Domain | High | 8.8 | 2026-04-20 15:51:30 | Deep Dive |
| CVE-2026-24468 | OpenAEV Vulnerable to Username/Email Enumeration Through Differential HTTP Responses in Password Reset API | OpenAEV-Platform | openaev | Medium | 5.3 | 2026-04-20 15:45:49 | Deep Dive |
| CVE-2026-24467 | OpenAEV's Improper Password Reset Token Management Leads to Unauthenticated Account Takeover and Platform Compromise | OpenAEV-Platform | openaev | Critical | 9.0 | 2026-04-20 15:40:56 | Deep Dive |
| CVE-2026-6066 | Unencrypted Client‑Server Communication in ConnectWise Automate™ Solution Center | ConnectWise | Automate | High | 7.1 | 2026-04-20 15:26:32 | Deep Dive |
| CVE-2026-41245 | Junrar: Path Traversal (Zip-Slip) via Sibling Directory Name Prefix | junrar | junrar | Medium | 5.9 | 2026-04-20 15:15:25 | Deep Dive |
| CVE-2026-40896 | OpenProject has Cross-Project Meeting Agenda Item Injection via Unscoped Section Lookup | opf | openproject | Medium | 6.5 | 2026-04-20 15:12:52 | Deep Dive |
| CVE-2026-6652 | Pagekit CMS StringStorage Template PhpEngine.php evaluate eval injection | Pagekit | CMS | Medium | 4.7 | 2026-04-20 15:00:23 | Deep Dive |
| CVE-2026-3219 | pip doesn't reject concatenated ZIP and tar archives | Python Packaging Authority | pip | - | - | 2026-04-20 14:55:38 | Deep Dive |
| CVE-2026-39918 | Vvveb < 1.0.8.1 Code Injection via Installation Endpoint | givanz | Vvveb | Critical | 9.8 | 2026-04-20 14:46:34 | Deep Dive |
| CVE-2026-6651 | erponline.xyz ERP Online Inventory Edit Item cross site scripting | erponline.xyz | ERP Online | Low | 2.4 | 2026-04-20 14:45:12 | Deep Dive |
| CVE-2026-6650 | Z-BlogPHP ZBA File app_upload.php UnPack unrestricted upload | - | Z-BlogPHP | Medium | 4.7 | 2026-04-20 14:30:14 | Deep Dive |
| CVE-2026-34428 | Vvveb < 1.0.8.1 SSRF via oEmbedProxy | givanz | Vvveb | High | 7.7 | 2026-04-20 13:55:37 | Deep Dive |
| CVE-2026-34427 | Vvveb < 1.0.8.1 Privilege Escalation via admin/user/save | givanz | Vvveb | High | 8.8 | 2026-04-20 13:55:15 | Deep Dive |
| CVE-2026-34429 | Vvveb < 1.0.8.1 Stored XSS via Media Upload and Rename | givanz | Vvveb | Medium | 5.4 | 2026-04-20 13:54:37 | Deep Dive |
| CVE-2026-5760 | CVE-2026-5760 | SGLang | SGLang | - | - | 2026-04-20 13:46:24 | Deep Dive |
| CVE-2026-6369 | Exposed Session Token in canonical-livepatch client snap | Canonical | canonical-livepatch | - | - | 2026-04-20 13:38:14 | Deep Dive |
| CVE-2026-4048 | OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF | Progress Software | LoadMaster | High | 8.4 | 2026-04-20 13:36:49 | Deep Dive |