| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-40487 | Postiz Has Unrestricted File Upload via MIME Type Spoofing that Leads to Stored XSS | gitroomhq | postiz-app | High | 8.9 | 2026-04-18 01:19:07 | Deep Dive |
| CVE-2026-4880 | Barcode Scanner (+Mobile App) <= 1.11.0 - Unauthenticated Privilege Escalation via Insecure Token Authentication | ukrsolution | Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale) | Critical | 9.8 | 2026-04-15 23:25:50 | Deep Dive |
| CVE-2026-40096 | immich: Open Redirect via Shared Album name | immich-app | immich | 中危 | - | 2026-04-14 23:54:18 | Deep Dive |
| CVE-2026-32157 | Remote Desktop Client Remote Code Execution Vulnerability | Microsoft | Remote Desktop client for Windows Desktop | High | 8.8 | 2026-04-14 16:57:26 | Deep Dive |
| CVE-2026-40168 | Postiz has Server-Side Request Forgery via Redirect Bypass in /api/public/stream | gitroomhq | postiz-app | High | 8.2 | 2026-04-10 19:20:16 | Deep Dive |
| CVE-2026-35455 | immich has Stored XSS via OCR Text in 360° Panorama Viewer | immich-app | immich | High | 7.3 | 2026-04-08 18:31:27 | Deep Dive |
| CVE-2026-5682 | Meesho Online Shopping App com.meesho.supply endpoint risky encryption | Meesho | Online Shopping App | Low | 3.7 | 2026-04-06 19:45:15 | Deep Dive |
| CVE-2026-25118 | immich-server: Insecure Transmission of Authentication Credentials via Password Parameter in HTTP Request Query String When Accessing Shared Albums | immich-app | immich | - | - | 2026-04-03 15:51:07 | Deep Dive |
| CVE-2026-5471 | Investory Toy Planet Trouble App app.investory.toyfactory google-services-desktop.json hard-coded key | Investory | Toy Planet Trouble App | Low | 3.3 | 2026-04-03 15:45:10 | Deep Dive |
| CVE-2026-5462 | Wahoo Fitness SYSTM App com.WahooFitness.SYSTM BuildConfig.java hard-coded key | Wahoo Fitness | SYSTM App | Low | 3.3 | 2026-04-03 07:15:11 | Deep Dive |
| CVE-2026-5458 | Noelse Individuals & Pro App com.afone.noelse BuildConfig.java hard-coded key | Noelse | Individuals & Pro App | Low | 3.3 | 2026-04-03 07:00:16 | Deep Dive |
| CVE-2026-5457 | PropertyGuru AgentNet Singapore App com.allproperty.android.agentnet BuildConfig.java hard-coded key | PropertyGuru | AgentNet Singapore App | Low | 3.3 | 2026-04-03 06:30:14 | Deep Dive |
| CVE-2026-5456 | Align Technology My Invisalign App com.aligntech.myinvisalign.emea BuildConfig.java hard-coded key | Align Technology | My Invisalign App | Low | 3.3 | 2026-04-03 06:15:12 | Deep Dive |
| CVE-2026-5455 | Dialogue App ca.diagram.dialogue config.json hard-coded key | - | Dialogue App | Low | 3.3 | 2026-04-03 06:00:20 | Deep Dive |
| CVE-2026-5454 | GRID Organiser App co.gridapp.organiser app.json hard-coded key | GRID | Organiser App | Low | 3.3 | 2026-04-03 04:45:10 | Deep Dive |
| CVE-2026-5453 | Rico só vantagem pra investir App br.com.rico.mobile SegmentSettingsModule.java hard-coded key | Rico | só vantagem pra investir App | Low | 3.3 | 2026-04-03 04:30:12 | Deep Dive |
| CVE-2026-5452 | UCC CampusConnect App campusconnect.ucc BuildConfig.java hard-coded key | UCC | CampusConnect App | Low | 3.3 | 2026-04-03 02:45:10 | Deep Dive |
| CVE-2026-5420 | Shinrays Games Goods Triple App cats.goods.sort.sorting.games jRwTX.java hard-coded key | Shinrays Games | Goods Triple App | Low | 2.5 | 2026-04-02 19:00:17 | Deep Dive |
| CVE-2026-34590 | Postiz: SSRF via Webhook Creation Endpoint Missing URL Safety Validation | gitroomhq | postiz-app | Medium | 5.4 | 2026-04-02 17:26:59 | Deep Dive |
| CVE-2026-34577 | Postiz: Unauthenticated Full-Read SSRF via /public/stream Endpoint with Trivially Bypassable Extension Check | gitroomhq | postiz-app | High | 8.6 | 2026-04-02 17:24:34 | Deep Dive |