| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-6980 | Divyanshu-hash GitPilot-MCP main.py repo_path command injection | Divyanshu-hash | GitPilot-MCP | High | 7.3 | 2026-04-25 13:00:15 | Deep Dive |
| CVE-2026-6979 | devlikeapro WAHA API Request media.controller.ts server-side request forgery | devlikeapro | WAHA | Medium | 6.3 | 2026-04-25 12:00:21 | Deep Dive |
| CVE-2026-6978 | JiZhiCMS addcache.html htmlspecialchars_decode sql injection | - | JiZhiCMS | Medium | 4.7 | 2026-04-25 11:45:15 | Deep Dive |
| CVE-2026-6977 | vanna-ai vanna Legacy Flask API improper authorization | vanna-ai | vanna | High | 7.3 | 2026-04-25 10:15:14 | Deep Dive |
| CVE-2026-31685 | netfilter: ip6t_eui64: reject invalid MAC header for all packets | Linux | Linux | Critical | 9.4 | 2026-04-25 08:47:03 | Deep Dive |
| CVE-2026-31684 | net: sched: act_csum: validate nested VLAN headers | Linux | Linux | - | - | 2026-04-25 08:47:02 | Deep Dive |
| CVE-2026-31683 | batman-adv: avoid OGM aggregation when skb tailroom is insufficient | Linux | Linux | High | 7.8 | 2026-04-25 08:47:00 | Deep Dive |
| CVE-2026-31682 | bridge: br_nd_send: linearize skb before parsing ND options | Linux | Linux | Critical | 9.1 | 2026-04-25 08:46:59 | Deep Dive |
| CVE-2026-31681 | netfilter: xt_multiport: validate range encoding in checkentry | Linux | Linux | - | - | 2026-04-25 08:46:58 | Deep Dive |
| CVE-2026-31680 | net: ipv6: flowlabel: defer exclusive option free until RCU teardown | Linux | Linux | High | 7.8 | 2026-04-25 08:46:57 | Deep Dive |
| CVE-2026-31679 | openvswitch: validate MPLS set/set_masked payload length | Linux | Linux | High | 7.1 | 2026-04-25 08:46:56 | Deep Dive |
| CVE-2026-31678 | openvswitch: defer tunnel netdev_put to RCU release | Linux | Linux | High | 7.8 | 2026-04-25 08:46:54 | Deep Dive |
| CVE-2026-31677 | crypto: af_alg - limit RX SG extraction by receive buffer budget | Linux | Linux | - | - | 2026-04-25 08:46:53 | Deep Dive |
| CVE-2026-31676 | rxrpc: only handle RESPONSE during service challenge | Linux | Linux | High | 7.5 | 2026-04-25 08:46:52 | Deep Dive |
| CVE-2026-31675 | net/sched: sch_netem: fix out-of-bounds access in packet corruption | Linux | Linux | High | 7.8 | 2026-04-25 08:46:51 | Deep Dive |
| CVE-2026-31674 | netfilter: ip6t_rt: reject oversized addrnr in rt_mt6_check() | Linux | Linux | High | 7.1 | 2026-04-25 08:46:50 | Deep Dive |
| CVE-2026-31673 | af_unix: read UNIX_DIAG_VFS data under unix_state_lock | Linux | Linux | High | 7.8 | 2026-04-25 08:46:49 | Deep Dive |
| CVE-2026-6951 | Simple Git 代码注入漏洞 | - | simple-git | Critical | 9.8 | 2026-04-25 05:00:05 | Deep Dive |
| CVE-2026-42171 | NSIS 代码问题漏洞 | Nullsoft | Nullsoft Scriptable Install System | High | 7.8 | 2026-04-24 21:20:36 | Deep Dive |
| CVE-2026-41248 | Official Clerk JavaScript SDKs: Middleware-based route protection bypass | clerk | astro | Critical | 9.1 | 2026-04-24 21:04:36 | Deep Dive |