| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-41990 | Libgcrypt 缓冲区错误漏洞 | gnupg | Libgcrypt | Medium | 4.0 | 2026-04-23 04:39:05 | Deep Dive |
| CVE-2026-41989 | Libgcrypt 缓冲区错误漏洞 | gnupg | Libgcrypt | Medium | 6.7 | 2026-04-23 04:30:26 | Deep Dive |
| CVE-2026-40529 | KANATA CMS ALAYA SQL注入漏洞 | KANATA Limited | CMS ALAYA | - | - | 2026-04-23 04:15:33 | Deep Dive |
| CVE-2026-41988 | uuid 安全漏洞 | uuidjs | uuid | Low | 3.2 | 2026-04-23 04:00:55 | Deep Dive |
| CVE-2026-41233 | Froxlor has a Reseller Domain Quota Bypass via Unvalidated adminid Parameter in Domains.add() | froxlor | froxlor | Medium | 5.4 | 2026-04-23 04:00:19 | Deep Dive |
| CVE-2026-41232 | Froxlor has an Email Sender Alias Domain Ownership Bypass via Wrong Array Index that Allows Cross-Customer Email Spoofing | froxlor | froxlor | Medium | 5.0 | 2026-04-23 03:54:56 | Deep Dive |
| CVE-2026-41231 | Froxlor has Incomplete Symlink Validation in DataDump.add() that Allows Arbitrary Directory Ownership Takeover via Cron | froxlor | froxlor | High | 7.5 | 2026-04-23 03:52:43 | Deep Dive |
| CVE-2026-41230 | Froxlor has a BIND Zone File Injection via Unsanitized DNS Record Content in DomainZones::add() | froxlor | froxlor | High | 8.5 | 2026-04-23 03:47:11 | Deep Dive |
| CVE-2026-41229 | Froxlor has a PHP Code Injection via Unescaped Single Quotes in userdata.inc.php Generation (MysqlServer API) | froxlor | froxlor | Critical | 9.1 | 2026-04-23 03:44:26 | Deep Dive |
| CVE-2026-41228 | Froxlor has Local File Inclusion via path traversal in API `def_language` parameter that leads to Remote Code Execution | froxlor | froxlor | Critical | 9.9 | 2026-04-23 03:41:47 | Deep Dive |
| CVE-2026-3361 | WP Store Locator <= 2.2.261 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpsl_address' Post Meta | tijmensmit | WP Store Locator | Medium | 6.4 | 2026-04-23 03:26:37 | Deep Dive |
| CVE-2026-3007 | Stored Cross-Site Scripting (XSS) Vulnerability | Three Learning | Koollab Learning Management System | Medium | 5.4 | 2026-04-23 02:54:25 | Deep Dive |
| CVE-2026-3844 | Breeze Cache <= 2.4.4 - Unauthenticated Arbitrary File Upload via fetch_gravatar_from_remote | cloudways | Breeze Cache | Critical | 9.8 | 2026-04-23 02:25:22 | Deep Dive |
| CVE-2026-2951 | Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor <= 3.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gutentor Block HTML | gutentor | Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor | Medium | 5.4 | 2026-04-23 02:25:21 | Deep Dive |
| CVE-2026-1923 | Social Rocket – Social Sharing Plugin <= 1.3.4.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via id | socialrocket | Social Rocket – Social Sharing Plugin | Medium | 6.4 | 2026-04-23 01:24:32 | Deep Dive |
| CVE-2026-41211 | `vite-plus/binding` has path traversal `downloadPackageManager()` that leads to writes outside of `VP_HOME` | voidzero-dev | vite-plus | - | - | 2026-04-23 00:56:16 | Deep Dive |
| CVE-2026-41679 | Paperclip Vulnerable to Unauthenticated Remote Code Execution via Import Authorization Bypass | paperclipai | paperclip | Critical | 10.0 | 2026-04-23 00:53:16 | Deep Dive |
| CVE-2026-41208 | Paperclip: Privilege Escalation via Agent-Controlled workspaceStrategy.provisionCommand Leading to OS Command Execution | paperclipai | @paperclipai/server | High | 8.8 | 2026-04-23 00:47:46 | Deep Dive |
| CVE-2026-41206 | PySpector has a Plugin Code Execution Bypass via Incomplete Static Analysis in PluginSecurity.validate_plugin_code | ParzivalHack | PySpector | - | - | 2026-04-23 00:42:49 | Deep Dive |
| CVE-2026-41200 | STIG Manager has reflected XSS vulnerability in the Web App | NUWCDIVNPT | stig-manager | - | - | 2026-04-23 00:40:23 | Deep Dive |