| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-41043 | Apache ActiveMQ, Apache ActiveMQ Web: ActiveMQ Web Console - XSS vulnerability when browsing queues | Apache Software Foundation | Apache ActiveMQ | - | - | 2026-04-24 10:16:24 | Deep Dive |
| CVE-2025-13826 | Incorrect input validation on the Zervit portable HTTP/Web server | Zervit | portable HTTP/Web server | - | - | 2026-04-21 08:19:58 | Deep Dive |
| CVE-2026-40258 | Gramps Web API has Zip Slip Path Traversal in Media Archive Import | gramps-project | gramps-web-api | Critical | 9.1 | 2026-04-17 21:12:54 | Deep Dive |
| CVE-2026-3155 | OneSignal – Web Push Notifications <= 3.8.0 - Missing Authorization to Authenticated (Subscriber+) Post Meta Deletion via 'post_id' | onesignal | OneSignal – Web Push Notifications | Low | 3.1 | 2026-04-16 11:21:22 | Deep Dive |
| CVE-2026-20152 | Cisco Secure Web Appliance Authentication Service Traffic Bypass Vulnerability | Cisco | Cisco Secure Web Appliance | Medium | 5.3 | 2026-04-15 16:03:44 | Deep Dive |
| CVE-2026-27674 | Code Injection vulnerability in SAP NetWeaver Application Server Java (Web Dynpro Java) | SAP_SE | SAP NetWeaver Application Server Java (Web Dynpro Java) | Medium | 6.1 | 2026-04-14 00:06:50 | Deep Dive |
| CVE-2026-6105 | perfree go-fastdfs-web doInstall InstallController.java improper authorization | perfree | go-fastdfs-web | High | 7.3 | 2026-04-11 22:00:25 | Deep Dive |
| CVE-2026-39650 | WordPress UnitechPay plugin <= 1.0.2 - Broken Access Control vulnerability | Unitech Web | UnitechPay | - | - | 2026-04-08 08:30:34 | Deep Dive |
| CVE-2026-39569 | WordPress 12 Step Meeting List plugin <= 3.19.9 - Broken Access Control vulnerability | AA Web Servant | 12 Step Meeting List | - | - | 2026-04-08 08:30:20 | Deep Dive |
| CVE-2026-39570 | WordPress 12 Step Meeting List plugin <= 3.19.9 - Sensitive Data Exposure vulnerability | AA Web Servant | 12 Step Meeting List | - | - | 2026-04-08 08:30:20 | Deep Dive |
| CVE-2026-3535 | DSGVO Google Web Fonts GDPR <= 1.1 - Unauthenticated Arbitrary File Upload via 'fonturl' Parameter | mlfactory | DSGVO Google Web Fonts GDPR | Critical | 9.8 | 2026-04-08 06:43:39 | Deep Dive |
| CVE-2026-5082 | Amon2::Plugin::Web::CSRFDefender versions from 7.00 through 7.03 for Perl generate an insecure session id | TOKUHIROM | Amon2::Plugin::Web::CSRFDefender | - | - | 2026-04-08 05:48:44 | Deep Dive |
| CVE-2026-33227 | Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ Web, Apache ActiveMQ: Improper Limitation of a Pathname to a Restricted Classpath Directory | Apache Software Foundation | Apache ActiveMQ Client | - | - | 2026-04-07 07:50:59 | Deep Dive |
| CVE-2026-33405 | Pi-hole has a Stored HTML Injection in queries.js | pi-hole | web | Low | 3.1 | 2026-04-06 15:23:33 | Deep Dive |
| CVE-2026-33406 | Pi-hole has a Stored HTML attribute injection | pi-hole | web | Medium | 5.4 | 2026-04-06 14:50:36 | Deep Dive |
| CVE-2026-33404 | Pi-hole has a Stored XSS / HTML injection in the Network page/Dashboard | pi-hole | web | Low | 3.4 | 2026-04-06 14:48:45 | Deep Dive |
| CVE-2026-33403 | Pi-hole has a Reflected XSS / HTML injection in taillog.js | pi-hole | web | Medium | 6.1 | 2026-04-06 14:48:05 | Deep Dive |
| CVE-2026-32211 | Azure MCP Server Information Disclosure Vulnerability | Microsoft | Azure Web Apps | Critical | 9.1 | 2026-04-02 23:27:02 | Deep Dive |
| CVE-2026-26927 | URL (HTTP Origin) call location spoofing in Szafir SDK Web | Krajowa Izba Rozliczeniowa | Szafir SDK Web | - | - | 2026-04-02 14:01:39 | Deep Dive |
| CVE-2018-25235 | NetworkActiv Web Server 4.0 Username Field Buffer Overflow DoS | Networkactiv | NetworkActiv Web Server | Medium | 6.2 | 2026-03-30 11:02:26 | Deep Dive |