| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-6043 | Insecure Default Configuration in P4 Server | Perforce | Helix Core Server (P4D) | - | - | 2026-04-24 11:02:51 | Deep Dive |
| CVE-2026-41213 | @node-oauth/oauth2-server: PKCE code_verifier ABNF not enforced in token exchange allows brute-force redemption of intercepted authorization codes | node-oauth | node-oauth2-server | Medium | 5.9 | 2026-04-23 18:33:42 | Deep Dive |
| CVE-2026-41679 | Paperclip Vulnerable to Unauthenticated Remote Code Execution via Import Authorization Bypass | paperclipai | paperclip | Critical | 10.0 | 2026-04-23 00:53:16 | Deep Dive |
| CVE-2026-41208 | Paperclip: Privilege Escalation via Agent-Controlled workspaceStrategy.provisionCommand Leading to OS Command Execution | paperclipai | @paperclipai/server | High | 8.8 | 2026-04-23 00:47:46 | Deep Dive |
| CVE-2026-3621 | IBM WebSphere Application Server Liberty is affected by identity spoofing | IBM | WebSphere Application Server - Liberty | High | 7.5 | 2026-04-22 23:07:32 | Deep Dive |
| CVE-2026-6408 | Tanium addressed an information disclosure vulnerability in Tanium Server. | Tanium | Tanium Server | Low | 2.7 | 2026-04-22 01:46:41 | Deep Dive |
| CVE-2026-41458 | OwnTone Server < 29.1 Race Condition DoS via DAAP Login | owntone | owntone-server | - | - | 2026-04-22 01:46:28 | Deep Dive |
| CVE-2026-41457 | OwnTone Server < 29.1 SQL Injection via query and filter Parameters | owntone | owntone-server | - | - | 2026-04-22 01:46:12 | Deep Dive |
| CVE-2026-5845 | Improper authorization fallback allows scoped user-to-server token installation escape in GitHub Enterprise Server | GitHub | Enterprise Server | - | - | 2026-04-21 22:42:13 | Deep Dive |
| CVE-2026-3307 | Authorization bypass in GitHub Enterprise Server secret scanning push protection allows cross-repository modification of delegated bypass reviewers | GitHub | Enterprise Server | - | - | 2026-04-21 22:23:25 | Deep Dive |
| CVE-2026-5512 | Improper authorization vulnerability in GitHub Enterprise Server allowed disclosure of private repository names via mobile upload policy API | GitHub | Enterprise Server | - | - | 2026-04-21 22:12:58 | Deep Dive |
| CVE-2026-4296 | Incorrect Regular Expression vulnerability in GitHub Enterprise Server allowed unauthorized access to user accounts via OAuth callback URL validation bypass | GitHub | Enterprise Server | - | - | 2026-04-21 22:12:45 | Deep Dive |
| CVE-2026-4821 | Proxy configuration command injection vulnerability found in GitHub Enterprise Server Management Console configuration API | GitHub | Enterprise Server | - | - | 2026-04-21 22:12:27 | Deep Dive |
| CVE-2026-5921 | Server-Side Request Forgery in GitHub Enterprise Server allowed extraction of sensitive environment variables via timing side-channel attack | GitHub | Enterprise Server | - | - | 2026-04-21 22:11:02 | Deep Dive |
| CVE-2026-40942 | DSF: Inverted Time Comparison in OIDC JWKS and Token Cache | datasharingframework | dsf | - | - | 2026-04-21 21:09:45 | Deep Dive |
| CVE-2026-40939 | DSF: Missing Session Timeout for OIDC Sessions | datasharingframework | dsf | - | - | 2026-04-21 21:07:11 | Deep Dive |
| CVE-2026-35240 | Oracle MySQL Server 安全漏洞 | Oracle Corporation | MySQL Server | Medium | 4.9 | 2026-04-21 20:35:49 | Deep Dive |
| CVE-2026-35238 | Oracle MySQL Server 安全漏洞 | Oracle Corporation | MySQL Server | Medium | 4.9 | 2026-04-21 20:35:48 | Deep Dive |
| CVE-2026-35239 | Oracle MySQL Server 安全漏洞 | Oracle Corporation | MySQL Server | Medium | 4.9 | 2026-04-21 20:35:48 | Deep Dive |
| CVE-2026-35237 | Oracle MySQL Server 安全漏洞 | Oracle Corporation | MySQL Server | Medium | 4.9 | 2026-04-21 20:35:47 | Deep Dive |