| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-34576 | Postiz: SSRF in upload-from-url endpoint allows fetching internal resources and cloud metadata | gitroomhq | postiz-app | - | - | 2026-04-02 17:23:15 | Deep Dive |
| CVE-2026-33875 | Authenticator Vulnerable to Authentication Flow Hijack | gematik | app-Authenticator | Critical | 9.3 | 2026-03-27 20:25:16 | Deep Dive |
| CVE-2026-33874 | Authenticator vulnerable to Remote Code Execution | gematik | app-Authenticator | High | 7.8 | 2026-03-27 20:23:53 | Deep Dive |
| CVE-2026-4971 | SourceCodester Note Taking App cross-site request forgery | SourceCodester | Note Taking App | Medium | 4.3 | 2026-03-27 19:15:20 | Deep Dive |
| CVE-2026-4968 | SourceCodester Diary App diary.php cross-site request forgery | SourceCodester | Diary App | Medium | 4.3 | 2026-03-27 17:41:53 | Deep Dive |
| CVE-2026-33486 | Roadiz has Server-Side Request Forgery (SSRF) in roadiz/documents | roadiz | core-bundle-dev-app | Medium | 6.8 | 2026-03-26 17:15:31 | Deep Dive |
| CVE-2026-28809 | XXE in esaml SAML library allows local file read and potential SSRF | dropbox | esaml | 中危 | - | 2026-03-23 10:09:29 | Deep Dive |
| CVE-2026-3651 | Build App Online <= 1.0.23 - Missing Authorization to Arbitrary Post Author Modification via 'build-app-online-update-vendor-product' AJAX Action | hakeemnala | Build App Online | Medium | 5.3 | 2026-03-21 03:26:47 | Deep Dive |
| CVE-2026-2375 | App Builder – Create Native Android & iOS Apps On The Flight <= 5.5.10 - Unauthenticated Privilege Escalation via 'role' Parameter | appcheap | App Builder – Create Native Android & iOS Apps On The Flight | Medium | 6.5 | 2026-03-21 03:26:32 | Deep Dive |
| CVE-2026-27067 | WordPress Mobile App Editor plugin <= 1.3.1 - Arbitrary File Upload vulnerability | Syarif | Mobile App Editor | Critical | 9.1 | 2026-03-19 08:41:18 | Deep Dive |
| CVE-2026-3090 | Post SMTP <= 3.8.0 - Unauthenticated Stored Cross-Site Scripting via 'event_type' | saadiqbal | Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App | High | 7.2 | 2026-03-18 15:28:29 | Deep Dive |
| CVE-2026-2559 | Post SMTP <= 3.8.0 - Missing Authorization to Authenticated (Subscriber+) Office 365 OAuth Configuration Overwrite | saadiqbal | Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App | Medium | 5.3 | 2026-03-18 15:28:28 | Deep Dive |
| CVE-2026-4243 | La Nacion App app.lanacion.activity BuildConfig.java credentials storage | - | La Nacion App | Low | 2.5 | 2026-03-16 15:02:08 | Deep Dive |
| CVE-2026-4242 | BabyChakra Pregnancy & Parenting App app.babychakra.babychakra Configuration.java credentials storage | BabyChakra | Pregnancy & Parenting App | Low | 2.5 | 2026-03-16 14:32:09 | Deep Dive |
| CVE-2026-4219 | INDEX Conferences & Exhibitions Organization YWF BPOF APGCS App ae.index.apgcs BuildConfig.java hard-coded credentials | INDEX Conferences & Exhibitions Organization | YWF BPOF APGCS App | Low | 3.3 | 2026-03-16 06:02:08 | Deep Dive |
| CVE-2026-4218 | myAEDES App aedes.me.beta EngageBayUtils.java information disclosure | - | myAEDES App | Low | 2.5 | 2026-03-16 05:32:08 | Deep Dive |
| CVE-2026-4217 | XREAL Nebula App ai.nreal.nebula.universal CloudStoragePlugin.java credentials storage | XREAL | Nebula App | Low | 2.5 | 2026-03-16 05:02:11 | Deep Dive |
| CVE-2026-4216 | i-SENS SmartLog App air.SmartLog.android hard-coded credentials | i-SENS | SmartLog App | Medium | 5.3 | 2026-03-16 05:02:08 | Deep Dive |
| CVE-2026-32381 | WordPress App Landing Page theme <= 1.2.2 - Broken Access Control vulnerability | raratheme | App Landing Page | 中危 | - | 2026-03-13 11:42:09 | Deep Dive |
| CVE-2026-23656 | Windows App Installer Spoofing Vulnerability | Microsoft | Windows App Client for Windows Desktop | Medium | 5.9 | 2026-03-10 17:05:05 | Deep Dive |