| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-41309 | Open Source Social Network (OSSN) Vulnerable to Resource Exhaustion via Malicious Image Processing | opensource-socialnetwork | opensource-socialnetwork | High | 8.2 | 2026-04-24 02:31:53 | Deep Dive |
| CVE-2026-40867 | Horilla: Unauthorized Helpdesk Attachment Access via Attachment ID Manipulation | horilla-opensource | horilla | - | - | 2026-04-21 18:16:29 | Deep Dive |
| CVE-2026-40866 | Horilla: Unauthorized Document Overwrite via File Upload Endpoint | horilla-opensource | horilla | - | - | 2026-04-21 18:15:30 | Deep Dive |
| CVE-2026-40865 | Horilla: Insecure Direct Object Reference at `/employee/view-file/<int:id> | horilla-opensource | horilla | - | - | 2026-04-21 18:14:20 | Deep Dive |
| CVE-2026-32300 | Connect CMS: Improper Authorization in the My Page Profile Update Feature Allows Modification of Arbitrary User Information | opensource-workshop | connect-cms | High | 8.1 | 2026-03-23 21:40:59 | Deep Dive |
| CVE-2026-32299 | Connect CMS: Information Disclosure Due to Improper Authorization through the Page Content Retrieval Feature | opensource-workshop | connect-cms | High | 7.5 | 2026-03-23 21:37:49 | Deep Dive |
| CVE-2026-32279 | Connect CMS has SSRF in the External Page Migration Feature of its Page Management Plugin | opensource-workshop | connect-cms | Medium | 6.8 | 2026-03-23 21:36:22 | Deep Dive |
| CVE-2026-32278 | Connect CMS has Stored Cross-site Scripting (XSS) in the File Field of its Form Plugin | opensource-workshop | connect-cms | High | 8.2 | 2026-03-23 21:28:32 | Deep Dive |
| CVE-2026-32277 | Connect-CMS has DOM-based Cross-Site Scripting (XSS) in the Cabinet Plugin List View | opensource-workshop | connect-cms | High | 8.7 | 2026-03-23 21:22:08 | Deep Dive |
| CVE-2026-32276 | Connect-CMS has Arbitrary Code Execution by an Authenticated User in its Code Study Plugin | opensource-workshop | connect-cms | High | 8.8 | 2026-03-23 21:06:33 | Deep Dive |
| CVE-2026-3050 | horilla-opensource horilla Leads global.js cross site scripting | horilla-opensource | horilla | Low | 3.5 | 2026-02-24 01:02:09 | Deep Dive |
| CVE-2026-3049 | horilla-opensource horilla Query Parameter global_search.py get redirect | horilla-opensource | horilla | Medium | 4.3 | 2026-02-24 00:32:11 | Deep Dive |
| CVE-2026-1465 | A heap-based buffer over-read or buffer overflow in tildearrow/furnace | anyrtcIO-Community | anyRTC-RTMP-OpenSource | - | - | 2026-01-27 08:15:58 | Deep Dive |
| CVE-2026-24039 | Horilla's Improper Access Control Allows Employees to Auto-Approve Documents | horilla-opensource | horilla | Medium | 4.3 | 2026-01-22 03:43:41 | Deep Dive |
| CVE-2026-24038 | Horilla HR has 2FA Bypass through its OTP Handling Logic | horilla-opensource | horilla | High | 8.1 | 2026-01-22 03:39:06 | Deep Dive |
| CVE-2026-24037 | Horilla HRM has XSS Bypass through Project Name | horilla-opensource | horilla | Medium | 4.8 | 2026-01-22 03:31:37 | Deep Dive |
| CVE-2026-24036 | Horilla Exposes Unpublished Job Disclosures through Unauthenticated API | horilla-opensource | horilla | Medium | 5.3 | 2026-01-22 03:21:33 | Deep Dive |
| CVE-2026-24035 | Horilla has Improper Access Control Issue that Allows Unauthorized Document Upload on Behalf of Another Employee | horilla-opensource | horilla | Medium | 4.3 | 2026-01-22 02:43:11 | Deep Dive |
| CVE-2026-24034 | Horilla has File Upload XSS | horilla-opensource | horilla | Medium | 5.4 | 2026-01-22 02:41:38 | Deep Dive |
| CVE-2026-24010 | Horilla has HTML Injection Issue that, with Phishing, Leads to Account Takeover | horilla-opensource | horilla | - | - | 2026-01-22 02:37:19 | Deep Dive |