| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-31537 | smb: server: make use of smbdirect_socket.send_io.bcredits | Linux | Linux | - | - | 2026-04-24 14:30:25 | Deep Dive |
| CVE-2026-31536 | smb: server: let send_done handle a completion without IB_SEND_SIGNALED | Linux | Linux | - | - | 2026-04-24 14:30:24 | Deep Dive |
| CVE-2026-31535 | smb: client: make use of smbdirect_socket.recv_io.credits.available | Linux | Linux | - | - | 2026-04-24 14:30:24 | Deep Dive |
| CVE-2026-25660 | Authentication bypass for certain API calls | Ericsson | CodeChecker | - | - | 2026-04-24 13:10:26 | Deep Dive |
| CVE-2026-21515 | Azure IoT Central Elevation of Privilege Vulnerability | Microsoft | Azure IOT Central | Critical | 9.9 | 2026-04-24 12:51:34 | Deep Dive |
| CVE-2026-38743 | Apache Airflow: Dags endpoint might provide access to otherwise inaccessible entities | Apache Software Foundation | Apache Airflow | - | - | 2026-04-24 12:36:40 | Deep Dive |
| CVE-2026-40690 | Apache Airflow: Assets graph view bypasses DAG level access control displaying unrelated topologies and all DAGs names to unauthorized users | Apache Software Foundation | Apache Airflow | - | - | 2026-04-24 12:35:33 | Deep Dive |
| CVE-2026-5265 | Ovn: ovn: heap over-read in icmp error response generation - security issue | Red Hat | Fast Datapath for RHEL 7 | Medium | 6.5 | 2026-04-24 12:25:07 | Deep Dive |
| CVE-2026-5367 | Ovn: ovn: information disclosure via crafted dhcpv6 packets | Red Hat | Fast Datapath for RHEL 7 | High | 8.6 | 2026-04-24 12:25:05 | Deep Dive |
| CVE-2026-4313 | Stored XSS in AdaptiveGRC | C&F | AdaptiveGRC | - | - | 2026-04-24 11:05:43 | Deep Dive |
| CVE-2026-6043 | Insecure Default Configuration in P4 Server | Perforce | Helix Core Server (P4D) | - | - | 2026-04-24 11:02:51 | Deep Dive |
| CVE-2026-23902 | Apache DolphinScheduler: Users are able to use tenants that are not defined on the platform during workflow execution. | Apache Software Foundation | Apache DolphinScheduler | - | - | 2026-04-24 10:56:18 | Deep Dive |
| CVE-2025-62233 | Apache DolphinScheduler: Deserialization of untrusted data in RPC | Apache Software Foundation | Apache DolphinScheduler | - | - | 2026-04-24 10:54:55 | Deep Dive |
| CVE-2026-41044 | Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All: Authenticated user can perform RCE via DestinationView MBean exposed by Jolokia | Apache Software Foundation | Apache ActiveMQ | - | - | 2026-04-24 10:16:54 | Deep Dive |
| CVE-2026-41043 | Apache ActiveMQ, Apache ActiveMQ Web: ActiveMQ Web Console - XSS vulnerability when browsing queues | Apache Software Foundation | Apache ActiveMQ | - | - | 2026-04-24 10:16:24 | Deep Dive |
| CVE-2026-40466 | Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Possible bypass of CVE-2026-34197 via HTTP discovery second-stage URI | Apache Software Foundation | Apache ActiveMQ Broker | - | - | 2026-04-24 10:15:44 | Deep Dive |
| CVE-2026-6272 | kuksa.val.v2任意读JWT可伪造信号数据漏洞 | Eclipse Foundation | Eclipse KUKSA - Databroker | - | - | 2026-04-24 08:28:18 | Deep Dive |
| CVE-2026-21728 | Tempo query limit results in unbounded memory allocation | Grafana | Tempo | High | 7.5 | 2026-04-24 08:00:47 | Deep Dive |
| CVE-2026-3569 | Liaison Site Prober <= 1.2.1 - Missing Authorization to Unauthenticated Information Exposure in '/logs' REST API Endpoint | liaison | Liaison Site Prober | Medium | 5.3 | 2026-04-24 07:45:09 | Deep Dive |
| CVE-2026-3565 | Taqnix <= 1.0.3 - Cross-Site Request Forgery to Account Deletion via 'taqnix_delete_my_account' AJAX Action | taqnix | Taqnix | Medium | 4.3 | 2026-04-24 07:45:08 | Deep Dive |