| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-3519 | OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF | Progress Software | LoadMaster | High | 8.4 | 2026-04-20 13:32:50 | Deep Dive |
| CVE-2026-6649 | Qibo CMS headers server-side request forgery | Qibo | CMS | Medium | 6.3 | 2026-04-20 13:30:41 | Deep Dive |
| CVE-2026-3518 | OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF | Progress Software | LoadMaster | High | 8.4 | 2026-04-20 13:29:34 | Deep Dive |
| CVE-2026-33557 | Apache Kafka: Missing JWT token validation in OAUTHBEARER authentication | Apache Software Foundation | Apache Kafka | - | - | 2026-04-20 13:28:44 | Deep Dive |
| CVE-2025-66335 | Apache Doris MCP Server: MCP SQL inject | Apache Software Foundation | Apache Doris MCP Server | - | - | 2026-04-20 13:27:28 | Deep Dive |
| CVE-2026-3517 | OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF | Progress Software | LoadMaster | High | 8.4 | 2026-04-20 13:22:55 | Deep Dive |
| CVE-2026-33558 | Apache Kafka, Apache Kafka Clients: Information Exposure Through Network Client Log Output | Apache Software Foundation | Apache Kafka | - | - | 2026-04-20 13:20:38 | Deep Dive |
| CVE-2026-6648 | Qibo CMS Internal Message cross site scripting | Qibo | CMS | Low | 3.5 | 2026-04-20 13:00:45 | Deep Dive |
| CVE-2026-6636 | p2r3 convert API buildCache.js Bun.serve path traversal | p2r3 | convert | Medium | 4.3 | 2026-04-20 12:00:17 | Deep Dive |
| CVE-2026-5958 | Race Condition in GNU Sed | GNU | Sed | - | - | 2026-04-20 11:59:32 | Deep Dive |
| CVE-2026-6635 | rowboatlabs rowboat tools_webhook app.py tool_call improper authentication | rowboatlabs | rowboat | High | 7.3 | 2026-04-20 11:45:13 | Deep Dive |
| CVE-2026-6634 | usememos UpdateInstanceSetting App.tsx memos_access_token improper authorization | usememos | memos | Medium | 6.3 | 2026-04-20 11:30:14 | Deep Dive |
| CVE-2026-6633 | Yifang CMS Extended Management L_rbac_admin.php store cross site scripting | Yifang | CMS | Low | 3.5 | 2026-04-20 11:15:11 | Deep Dive |
| CVE-2026-6632 | Tenda F451 httpd SafeClientFilter fromSafeClientFilter buffer overflow | Tenda | F451 | High | 8.8 | 2026-04-20 11:00:20 | Deep Dive |
| CVE-2026-6631 | Tenda F451 httpd webExcptypemanFilter fromwebExcptypemanFilter buffer overflow | Tenda | F451 | High | 8.8 | 2026-04-20 10:45:13 | Deep Dive |
| CVE-2026-6630 | Tenda F451 httpd GstDhcpSetSer fromGstDhcpSetSer buffer overflow | Tenda | F451 | High | 8.8 | 2026-04-20 10:30:15 | Deep Dive |
| CVE-2026-6629 | Metasoft 美特软件 MetaCRM Interface sql.jsp Statement.executeUpdate sql injection | Metasoft 美特软件 | MetaCRM | High | 7.3 | 2026-04-20 10:15:20 | Deep Dive |
| CVE-2026-6654 | Use-After-Free and Double-Free in IntoIter::drop when element drop panics | Mozilla | thin-vec | - | - | 2026-04-20 10:05:52 | Deep Dive |
| CVE-2026-6628 | phili67 Ecclesia CRM Query Viewer view ValidateInput sql injection | phili67 | Ecclesia CRM | Medium | 6.3 | 2026-04-20 10:00:17 | Deep Dive |
| CVE-2026-6626 | Cockpit-HQ Cockpit Asset Handler/Aggregate data query logic injection | Cockpit-HQ | Cockpit | Medium | 6.3 | 2026-04-20 09:45:12 | Deep Dive |