| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-20203 | Improper Access Control in Data Model Acceleration in Splunk Enterprise | Splunk | Splunk Enterprise | Medium | 4.3 | 2026-04-15 15:17:56 | Deep Dive |
| CVE-2026-20204 | Improper Handling and Insufficient Isolation of Specific Temporary Files in Splunk Enterprise | Splunk | Splunk Enterprise | High | 7.1 | 2026-04-15 15:17:54 | Deep Dive |
| CVE-2026-20202 | Improper Input Validation during User Account Creation in Splunk Enterprise | Splunk | Splunk Enterprise | Medium | 6.6 | 2026-04-15 15:17:44 | Deep Dive |
| CVE-2026-40105 | XWiki has Reflected Cross-Site Scripting (XSS) in its page history compare functionality | xwiki | xwiki-platform | 中危 | - | 2026-04-15 00:07:23 | Deep Dive |
| CVE-2026-40104 | XWiki's REST APIs can list all pages/spaces, leading to unavailability | xwiki | org.xwiki.platform:xwiki-platform-oldcore | 中危 | - | 2026-04-15 00:01:59 | Deep Dive |
| CVE-2026-33825 | Microsoft Defender Elevation of Privilege Vulnerability | Microsoft | Microsoft Defender Antimalware Platform | High | 7.8 | 2026-04-14 16:57:49 | Deep Dive |
| CVE-2026-27683 | Reflected cross site scripting vulnerability in SAP BusinessObjects Business Intelligence Platform | SAP_SE | SAP BusinessObjects Business Intelligence Platform | Medium | 4.1 | 2026-04-14 00:08:16 | Deep Dive |
| CVE-2026-24318 | Insecure Session Management vulnerability in SAP BusinessObjects Business Intelligence Platform | SAP_SE | SAP BusinessObjects Business Intelligence Platform | Medium | 4.2 | 2026-04-14 00:06:18 | Deep Dive |
| CVE-2026-6179 | Stored Cross Site Scripting in NightWolf Penetration Testing Platform | FPT Software | NightWolf Penetration Testing Platform | 中危 | - | 2026-04-13 02:27:53 | Deep Dive |
| CVE-2026-1584 | Gnutls: gnutls: remote denial of service via crafted clienthello with invalid psk binder | Red Hat | Red Hat Enterprise Linux 10 | High | 7.5 | 2026-04-09 18:00:21 | Deep Dive |
| CVE-2026-39980 | OpenCTI affected by RCE via notifier template | OpenCTI-Platform | opencti | Critical | 9.1 | 2026-04-09 16:54:32 | Deep Dive |
| CVE-2026-4878 | Libcap: libcap: privilege escalation via toctou race condition in cap_set_file() | Red Hat | Red Hat Hardened Images | Medium | 6.7 | 2026-04-09 14:49:03 | Deep Dive |
| CVE-2026-33229 | XWiki Platform affected by remote code execution with script right through unprotected Velocity scripting API | xwiki | xwiki-platform | - | - | 2026-04-08 14:53:36 | Deep Dive |
| CVE-2026-39466 | WordPress Broken Link Checker plugin <= 2.4.7 - SQL Injection vulnerability | WPMU DEV - Your All-in-One WordPress Platform | Broken Link Checker | - | - | 2026-04-08 08:30:07 | Deep Dive |
| CVE-2025-14821 | Libssh: libssh: insecure default configuration leads to local man-in-the-middle attacks on windows | Red Hat | Red Hat Hardened Images | High | 7.8 | 2026-04-07 16:34:11 | Deep Dive |
| CVE-2026-5745 | Libarchive: a null pointer dereference vulnerability exists in the acl parser of libarchive | Red Hat | Red Hat Enterprise Linux 10 | Medium | 5.5 | 2026-04-07 14:57:32 | Deep Dive |
| CVE-2026-5384 | runZero Platform incorrect credential scope | runZero | Platform | Medium | 5.8 | 2026-04-07 14:12:43 | Deep Dive |
| CVE-2026-5382 | runZero Platform MCP endpoint information leak | runZero | Platform | Low | 3.0 | 2026-04-07 14:12:23 | Deep Dive |
| CVE-2026-5381 | runZero Platform task information leak | runZero | Platform | Low | 2.2 | 2026-04-07 14:12:16 | Deep Dive |
| CVE-2026-5380 | runZero Platform cleartext secret exposure | runZero | Platform | Medium | 5.3 | 2026-04-07 14:12:06 | Deep Dive |