| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-3621 | IBM WebSphere Application Server Liberty is affected by identity spoofing | IBM | WebSphere Application Server - Liberty | High | 7.5 | 2026-04-22 23:07:32 | Deep Dive |
| CVE-2026-6857 | Camel-infinispan: camel-infinispan: remote code execution via unsafe deserialization | Red Hat | Red Hat build of Apache Camel 4 for Quarkus 3 | High | 7.5 | 2026-04-22 12:55:01 | Deep Dive |
| CVE-2026-35243 | Oracle Application Development Framework 安全漏洞 | Oracle Corporation | Oracle Application Development Framework (ADF) | High | 7.8 | 2026-04-21 20:35:50 | Deep Dive |
| CVE-2026-34257 | Open Redirect vulnerability in SAP NetWeaver Application Server ABAP | SAP_SE | SAP NetWeaver Application Server ABAP | Medium | 6.1 | 2026-04-14 00:08:40 | Deep Dive |
| CVE-2026-27674 | Code Injection vulnerability in SAP NetWeaver Application Server Java (Web Dynpro Java) | SAP_SE | SAP NetWeaver Application Server Java (Web Dynpro Java) | Medium | 6.1 | 2026-04-14 00:06:50 | Deep Dive |
| CVE-2026-27672 | Missing Authorization check in Material Master Application | SAP_SE | Material Master Application | Medium | 4.3 | 2026-04-14 00:06:28 | Deep Dive |
| CVE-2026-5650 | code-projects Online Application System for Admission oas.sql sensitive information | code-projects | Online Application System for Admission | Medium | 5.3 | 2026-04-06 11:30:13 | Deep Dive |
| CVE-2026-5649 | code-projects Online Application System for Admission Endpoint admsnform.php sql injection | code-projects | Online Application System for Admission | Medium | 6.3 | 2026-04-06 11:15:11 | Deep Dive |
| CVE-2025-10681 | Gardyn Mobile Application and Device Firmware Use Hard-coded Credentials | Gardyn | Mobile Application | High | 8.6 | 2026-04-03 20:26:13 | Deep Dive |
| CVE-2026-5326 | SourceCodester Leave Application System User Information index.php authorization | SourceCodester | Leave Application System | Medium | 5.3 | 2026-04-02 10:45:11 | Deep Dive |
| CVE-2026-4820 | IBM Maximo Application Suite was vulnerable to because Cookie ltpatoken2_<workspace_name> was not set with secure flag | IBM | Maximo Application Suite | Medium | 4.3 | 2026-04-01 20:54:09 | Deep Dive |
| CVE-2026-5210 | SourceCodester Leave Application System file inclusion | SourceCodester | Leave Application System | High | 7.3 | 2026-03-31 18:30:15 | Deep Dive |
| CVE-2026-5209 | SourceCodester Leave Application System User Management cross site scripting | SourceCodester | Leave Application System | Low | 2.4 | 2026-03-31 18:30:12 | Deep Dive |
| CVE-2026-4317 | SQL inyection in Umami Software application | Umami Software application | Umami Software | - | - | 2026-03-31 09:53:26 | Deep Dive |
| CVE-2026-28369 | Undertow: undertow: request smuggling via malformed http request headers | Red Hat | Red Hat build of Apache Camel for Spring Boot 4 | High | 8.7 | 2026-03-27 16:13:06 | Deep Dive |
| CVE-2026-28367 | Undertow: undertow: request smuggling via `\r\r\r` as a header block terminator | Red Hat | Red Hat build of Apache Camel for Spring Boot 4 | High | 8.7 | 2026-03-27 16:13:05 | Deep Dive |
| CVE-2026-28368 | Undertow: undertow: request smuggling via inconsistent header parsing | Red Hat | Red Hat build of Apache Camel for Spring Boot 4 | High | 8.7 | 2026-03-27 16:13:04 | Deep Dive |
| CVE-2026-3121 | Keycloak: org.keycloak/keycloak-services: keycloak: privilege escalation via manage-clients permission | Red Hat | Red Hat build of Keycloak 26.4 | Medium | 6.5 | 2026-03-26 19:13:26 | Deep Dive |
| CVE-2026-4874 | Org.keycloak.protocol.oidc.grants: org.keycloak.services.managers: keycloak: server-side request forgery via oidc token endpoint manipulation | Red Hat | Red Hat Build of Keycloak | Low | 3.1 | 2026-03-26 07:12:38 | Deep Dive |
| CVE-2025-14684 | IBM Maximo Application Suite - Monitor Component uses Log Forging which is vulnerable to . | IBM | Maximo Application Suite - Monitor Component | Medium | 4.0 | 2026-03-25 21:22:45 | Deep Dive |