| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-22015 | Oracle MySQL Server 安全漏洞 | Oracle Corporation | MySQL Server | Medium | 4.3 | 2026-04-21 20:35:10 | Deep Dive |
| CVE-2026-22009 | Oracle MySQL Server 安全漏洞 | Oracle Corporation | MySQL Server | Medium | 6.5 | 2026-04-21 20:35:07 | Deep Dive |
| CVE-2026-22005 | Oracle MySQL Server 安全漏洞 | Oracle Corporation | MySQL Server | Medium | 4.9 | 2026-04-21 20:35:04 | Deep Dive |
| CVE-2026-22004 | Oracle MySQL Server 安全漏洞 | Oracle Corporation | MySQL Server | Medium | 4.9 | 2026-04-21 20:35:03 | Deep Dive |
| CVE-2026-22002 | Oracle MySQL Server 安全漏洞 | Oracle Corporation | MySQL Server | Medium | 4.9 | 2026-04-21 20:35:01 | Deep Dive |
| CVE-2026-22001 | Oracle MySQL Server 安全漏洞 | Oracle Corporation | MySQL Server | Low | 2.7 | 2026-04-21 20:35:00 | Deep Dive |
| CVE-2026-21999 | Oracle Database Server 安全漏洞 | Oracle Corporation | Oracle Database Server | Medium | 5.3 | 2026-04-21 20:35:00 | Deep Dive |
| CVE-2026-21998 | Oracle MySQL Server 安全漏洞 | Oracle Corporation | MySQL Server | Medium | 4.9 | 2026-04-21 20:34:59 | Deep Dive |
| CVE-2026-40576 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in excel-mcp-server | haris-musa | excel-mcp-server | Critical | 9.4 | 2026-04-21 16:35:16 | Deep Dive |
| CVE-2025-13826 | Incorrect input validation on the Zervit portable HTTP/Web server | Zervit | portable HTTP/Web server | - | - | 2026-04-21 08:19:58 | Deep Dive |
| CVE-2026-39320 | Signal K Server has an Unauthenticated Regular Expression Denial of Service (ReDoS) via WebSocket Subscription Paths | SignalK | signalk-server | High | 7.5 | 2026-04-21 00:07:10 | Deep Dive |
| CVE-2025-66335 | Apache Doris MCP Server: MCP SQL inject | Apache Software Foundation | Apache Doris MCP Server | - | - | 2026-04-20 13:27:28 | Deep Dive |
| CVE-2026-6620 | SonicCloudOrg sonic-server File Upload Endpoint FileTool.java upload path traversal | SonicCloudOrg | sonic-server | Medium | 6.3 | 2026-04-20 08:15:18 | Deep Dive |
| CVE-2025-15625 | Unauthenticated execution of arbitrary SQL queries in Sparx Pro Cloud Server | Sparx Systems Pty Ltd. | Sparx Pro Cloud Server | - | - | 2026-04-17 08:39:00 | Deep Dive |
| CVE-2025-15624 | Plaintext Storage of a Password in Sparx Pro Cloud Server. | Sparx Systems Pty Ltd. | Sparx Pro Cloud Server | - | - | 2026-04-17 08:38:37 | Deep Dive |
| CVE-2025-15623 | Sparx Pro Cloud Server reveals sensitive information to an unauthenticated user | Sparx Systems Pty Ltd. | Sparx Pro Cloud Server | - | - | 2026-04-17 08:37:28 | Deep Dive |
| CVE-2026-40255 | @adonisjs/http-server has an Open Redirect vulnerability | adonisjs | http-server | Medium | 6.1 | 2026-04-16 22:25:38 | Deep Dive |
| CVE-2025-12624 | Improper Token Invalidation in WSO2 Identity Server Allows Access After Account Lock | WSO2 | WSO2 Identity Server | Medium | 6.0 | 2026-04-16 10:25:20 | Deep Dive |
| CVE-2025-6024 | Cross-Site Scripting via Authentication Endpoint in Multiple WSO2 Products Allows Redirection to Malicious Websites | WSO2 | WSO2 API Manager | Medium | 6.1 | 2026-04-16 09:48:45 | Deep Dive |
| CVE-2024-2374 | XML External Entity Injection in Multiple WSO2 Products Allows Arbitrary file read and Denial of Service | WSO2 | WSO2 API Manager | High | 7.5 | 2026-04-16 08:12:58 | Deep Dive |