| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-6574 | osuuu LightPicture API Upload Endpoint lp.sql hard-coded credentials | osuuu | LightPicture | High | 7.3 | 2026-04-19 13:30:17 | Deep Dive |
| CVE-2026-6573 | PHPEMS Instant Exam Creation exams.master.php temppage server-side request forgery | - | PHPEMS | Medium | 6.3 | 2026-04-19 12:45:15 | Deep Dive |
| CVE-2026-6572 | Collabora KodExplorer fileUpload Endpoint share.class.php improper authorization | Collabora | KodExplorer | Medium | 5.6 | 2026-04-19 12:15:14 | Deep Dive |
| CVE-2026-6571 | kodcloud KodExplorer systemRole.class.php roleGroupAction authorization | kodcloud | KodExplorer | Medium | 6.3 | 2026-04-19 12:00:18 | Deep Dive |
| CVE-2026-6570 | kodcloud KodExplorer systemMember.class.php initInstall authorization | kodcloud | KodExplorer | Low | 2.7 | 2026-04-19 11:00:18 | Deep Dive |
| CVE-2026-6569 | kodcloud KodExplorer fileGet Endpoint share.class.php improper authentication | kodcloud | KodExplorer | High | 7.3 | 2026-04-19 10:15:11 | Deep Dive |
| CVE-2026-6568 | kodcloud KodExplorer Public Share share.class.php initShareOld path traversal | kodcloud | KodExplorer | High | 7.3 | 2026-04-19 09:45:11 | Deep Dive |
| CVE-2026-6564 | EMQ EMQX Enterprise Session Handling improper authorization | EMQ | EMQX Enterprise | Medium | 4.3 | 2026-04-19 09:30:15 | Deep Dive |
| CVE-2026-6563 | H3C Magic B1 aspForm SetAPWifiorLedInfoById buffer overflow | H3C | Magic B1 | High | 8.8 | 2026-04-19 08:30:14 | Deep Dive |
| CVE-2026-6562 | dameng100 muucmf index.html getListByPage sql injection | dameng100 | muucmf | High | 7.3 | 2026-04-19 08:15:12 | Deep Dive |
| CVE-2026-6561 | EyouCMS Index.php edit_adminlogo unrestricted upload | - | EyouCMS | Medium | 4.7 | 2026-04-19 07:15:11 | Deep Dive |
| CVE-2026-6560 | H3C Magic B0 aspForm Edit_BasicSSID buffer overflow | H3C | Magic B0 | High | 8.8 | 2026-04-19 06:45:15 | Deep Dive |
| CVE-2026-6559 | Wavlink WL-WN579A3 login.cgi sub_401F80 cross site scripting | Wavlink | WL-WN579A3 | Medium | 4.3 | 2026-04-19 05:15:16 | Deep Dive |
| CVE-2026-0868 | EMC Scheduling Manager <= 4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via calendly Shortcode | turn2honey | EMC – Easily Embed Calendly Scheduling | Medium | 6.4 | 2026-04-19 03:26:15 | Deep Dive |
| CVE-2026-41242 | protobufjs has an arbitrary code execution issue | protobufjs | protobuf.js | - | - | 2026-04-18 16:18:11 | Deep Dive |
| CVE-2026-40948 | Apache Airflow Providers Keycloak: OAuth Login CSRF — Missing State Parameter in Keycloak Auth Manager | Apache Software Foundation | Apache Airflow Providers Keycloak | - | - | 2026-04-18 13:22:42 | Deep Dive |
| CVE-2026-2986 | Contextual Related Posts <= 4.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'other_attributes' | ajay | Contextual Related Posts | Medium | 6.4 | 2026-04-18 11:16:11 | Deep Dive |
| CVE-2026-2505 | Categories Images <= 3.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'z_taxonomy_image' Shortcode | elzahlan | Categories Images | Medium | 5.4 | 2026-04-18 09:26:53 | Deep Dive |
| CVE-2026-0894 | Content Blocks (Custom Post Widget) <= 3.3.9 - Authenticated (Author+) Stored Cross-Site Scripting via content_block Shortcode | vanderwijk | Content Blocks (Custom Post Widget) | Medium | 6.4 | 2026-04-18 09:26:52 | Deep Dive |
| CVE-2026-41254 | Little CMS 安全漏洞 | littlecms | little cms color engine | Medium | 4.0 | 2026-04-18 06:43:14 | Deep Dive |