| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-34587 | Kirby has Server-Side Template Injection (SSTI) via double template resolution in option rendering | getkirby | kirby | - | - | 2026-04-24 00:23:37 | Deep Dive |
| CVE-2026-32870 | Kirby has XML injection in its XML creator toolkit | getkirby | kirby | - | - | 2026-04-24 00:19:14 | Deep Dive |
| CVE-2026-31956 | Xibo CMS has Preview and SavedReport IDOR via disableUserCheck without controller-level authorization | xibosignage | xibo-cms | Medium | 4.3 | 2026-04-24 00:16:03 | Deep Dive |
| CVE-2026-31955 | Xibo CMS has Authenticated Server-Side Request Forgery (SSRF) in Remote DataSet Functionality | xibosignage | xibo-cms | Medium | 4.9 | 2026-04-24 00:14:16 | Deep Dive |
| CVE-2026-31953 | Xibo CMS has Stored XSS via Notification Body with Zero-Click Execution on Login | xibosignage | xibo-cms | Medium | 6.4 | 2026-04-24 00:08:22 | Deep Dive |
| CVE-2026-25775 | SenseLive X3050 Missing authentication for critical function | SenseLive | X3050 | Critical | 9.8 | 2026-04-24 00:06:17 | Deep Dive |
| CVE-2026-31952 | Xibo CMS API has SQL Injection via DataSet Filter Parameter | xibosignage | xibo-cms | High | 7.6 | 2026-04-24 00:05:05 | Deep Dive |
| CVE-2026-35064 | SenseLive X3050 Missing authentication for critical function | SenseLive | X3050 | High | 7.5 | 2026-04-24 00:04:31 | Deep Dive |
| CVE-2026-40620 | SenseLive X3050 Missing authentication for critical function | SenseLive | X3050 | Critical | 9.8 | 2026-04-24 00:02:58 | Deep Dive |
| CVE-2026-27841 | SenseLive X3050 Cross-Site request forgery | SenseLive | X3050 | High | 8.1 | 2026-04-24 00:00:57 | Deep Dive |
| CVE-2026-29051 | melange has Path Traversal via .PKGINFO in --persist-lint-results | chainguard-dev | melange | Medium | 4.4 | 2026-04-24 00:00:36 | Deep Dive |
| CVE-2026-42095 | Arianna 访问控制错误漏洞 | KDE | Arianna | Medium | 4.0 | 2026-04-24 00:00:00 | Deep Dive |
| CVE-2026-31051 | Hostbill 资源管理错误漏洞 | - | - | - | - | 2026-04-24 00:00:00 | Deep Dive |
| CVE-2026-31052 | Hostbill 资源管理错误漏洞 | - | - | - | - | 2026-04-24 00:00:00 | Deep Dive |
| CVE-2026-31050 | Hostbill 跨站脚本漏洞 | - | - | - | - | 2026-04-24 00:00:00 | Deep Dive |
| CVE-2025-61872 | Mahara 跨站脚本漏洞 | - | - | - | - | 2026-04-24 00:00:00 | Deep Dive |
| CVE-2025-67259 | ClassroomIO.com 访问控制错误漏洞 | - | - | - | - | 2026-04-24 00:00:00 | Deep Dive |
| CVE-2025-59308 | Mahara 访问控制错误漏洞 | - | - | - | - | 2026-04-24 00:00:00 | Deep Dive |
| CVE-2026-30368 | Lightspeed Classroom 安全漏洞 | Lightspeed | Lightspeed Classroom | Medium | 5.4 | 2026-04-24 00:00:00 | Deep Dive |
| CVE-2026-40623 | SenseLive X3050 Missing Authorization | SenseLive | X3050 | High | 8.1 | 2026-04-23 23:58:47 | Deep Dive |