| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-23751 | Kofax Capture 6.0.0.0 Unauthenticated File Read/Write & SMB Coercion via .NET Remoting | Tungsten Automation | Kofax Capture | Critical | 9.8 | 2026-04-23 14:46:13 | Deep Dive |
| CVE-2026-6284 | Horner Automation Cscape and XL4, XL7 PLC Weak password requirements | Horner Automation | Cscape | Critical | 9.1 | 2026-04-17 15:14:06 | Deep Dive |
| CVE-2026-6494 | Aap-mcp-server: aap mcp server: log injection allows social engineering attacks via unsanitized input | Red Hat | Red Hat Ansible Automation Platform 2 | Medium | 5.3 | 2026-04-17 08:18:51 | Deep Dive |
| CVE-2026-3614 | AcyMailing 9.11.0 - 10.8.1 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation | acyba | AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress | High | 8.8 | 2026-04-16 05:29:54 | Deep Dive |
| CVE-2026-39699 | WordPress AI Workflow Automation plugin <= 1.4.2 - Broken Access Control vulnerability | massiveshift | AI Workflow Automation | - | - | 2026-04-08 08:30:47 | Deep Dive |
| CVE-2026-28369 | Undertow: undertow: request smuggling via malformed http request headers | Red Hat | Red Hat build of Apache Camel for Spring Boot 4 | High | 8.7 | 2026-03-27 16:13:06 | Deep Dive |
| CVE-2026-28367 | Undertow: undertow: request smuggling via `\r\r\r` as a header block terminator | Red Hat | Red Hat build of Apache Camel for Spring Boot 4 | High | 8.7 | 2026-03-27 16:13:05 | Deep Dive |
| CVE-2026-28368 | Undertow: undertow: request smuggling via inconsistent header parsing | Red Hat | Red Hat build of Apache Camel for Spring Boot 4 | High | 8.7 | 2026-03-27 16:13:04 | Deep Dive |
| CVE-2026-3260 | Undertow: undertow: denial of service due to premature multipart/form-data parsing in get requests | Red Hat | Red Hat build of Apache Camel for Spring Boot 4 | Medium | 5.9 | 2026-03-24 04:11:16 | Deep Dive |
| CVE-2026-4038 | Aimogen Pro <= 2.7.5 - Unauthenticated Privilege Escalation via Arbitrary Function Call | CodeRevolution | Aimogen Pro - All-in-One AI Content Writer, Editor, ChatBot & Automation Toolkit | Critical | 9.8 | 2026-03-20 03:37:02 | Deep Dive |
| CVE-2025-13913 | Inductive Automation Ignition Software Deserialization of Untrusted Data | Inductive Automation | Ignition Software | Medium | 6.3 | 2026-03-12 18:17:23 | Deep Dive |
| CVE-2026-2273 | Schneider Electric EcoStruxure Automation Expert 代码注入漏洞 | Schneider Electric | EcoStruxure™ Automation Expert | - | - | 2026-03-10 17:18:39 | Deep Dive |
| CVE-2026-26141 | Hybrid Worker Extension (Arc‑enabled Windows VMs) Elevation of Privilege Vulnerability | Microsoft | Azure Automation Hybrid Worker Windows Extension | High | 7.8 | 2026-03-10 17:05:23 | Deep Dive |
| CVE-2026-3843 | SQL Injection in Nefteprodukttekhnika BUK TS-G Allows Remote Code Execution | Nefteprodukttekhnika LLC | BUK TS-G Gas Station Automation System | Critical | 9.8 | 2026-03-10 11:07:07 | Deep Dive |
| CVE-2026-2269 | Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin <= 7.0.0.3 - Authenticated (Administrator+) Server-Side Request Forgery to Arbitrary File Upload | uncannyowl | Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin | High | 7.2 | 2026-03-03 01:21:51 | Deep Dive |
| CVE-2025-9909 | Aap-gateway: improper path validation in gateway allows credential exfiltration | Red Hat | Red Hat Ansible Automation Platform 2.5 for RHEL 8 | Medium | 6.7 | 2026-02-27 07:30:01 | Deep Dive |
| CVE-2025-9908 | Event-driven-ansible: sensitive internal headers disclosure in aap eda event streams | Red Hat | Red Hat Ansible Automation Platform 2.5 for RHEL 8 | Medium | 6.7 | 2026-02-27 07:29:32 | Deep Dive |
| CVE-2025-9907 | Event-driven-ansible: event stream test mode exposes sensitive headers in aap eda | Red Hat | Red Hat Ansible Automation Platform 2.5 for RHEL 8 | Medium | 6.7 | 2026-02-27 07:29:06 | Deep Dive |
| CVE-2025-14339 | weMail <= 2.0.7 - Missing Authorization to Unauthenticated Form Deletion | wedevs | weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommerce | Medium | 6.5 | 2026-02-21 09:28:00 | Deep Dive |
| CVE-2025-7630 | OTP Password Brute Forcing in DorukNet's Wispotter | Doruk Communication and Automation Industry and Trade Inc. | Wispotter | Medium | 5.3 | 2026-02-18 12:09:07 | Deep Dive |