| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-41244 | Mojic: Observable Timing Discrepancy in HMAC Verification | notamitgamer | mojic | Medium | 4.7 | 2026-04-24 19:11:55 | Deep Dive |
| CVE-2026-41894 | SiYuan: Incomplete Fix Bypass for CVE-2026-30869: Path Traversal via Double URL Encoding in `/export/` Endpoint | siyuan-note | siyuan | - | - | 2026-04-24 18:56:54 | Deep Dive |
| CVE-2026-41421 | SiYuan Desktop Notification XSS Leads to Electron RCE | siyuan-note | siyuan | High | 8.8 | 2026-04-24 18:53:50 | Deep Dive |
| CVE-2026-41419 | 4ga Boards: Import Path Traversal Leads to Arbitrary File Read | RARgames | 4gaBoards | High | 7.6 | 2026-04-24 18:50:45 | Deep Dive |
| CVE-2026-41418 | 4ga Boards: User Enumeration via Timing Side-Channel in Authentication Endpoint | RARgames | 4gaBoards | Medium | 5.3 | 2026-04-24 18:49:39 | Deep Dive |
| CVE-2026-41326 | Kata Containers: CopyFile Policy Subversion via Symlinks | kata-containers | kata-containers | - | - | 2026-04-24 18:46:22 | Deep Dive |
| CVE-2026-41416 | PJSIP: Asymmetric ptime integer overflow in Media Stream | pjsip | pjproject | - | - | 2026-04-24 18:40:08 | Deep Dive |
| CVE-2026-41415 | PJSIP: SIP Multipart CID URI Length Underflow | pjsip | pjproject | - | - | 2026-04-24 18:38:36 | Deep Dive |
| CVE-2026-41414 | Skim: Arbitrary code execution via pull_request_target fork checkout in pr.yml | skim-rs | skim | High | 7.4 | 2026-04-24 18:32:36 | Deep Dive |
| CVE-2026-41492 | Unauthenticated Admin Token Disclosure Leading to Authentication Bypass via /debug/vars in Dgraph | dgraph-io | dgraph | Critical | 9.8 | 2026-04-24 18:29:41 | Deep Dive |
| CVE-2026-41327 | Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in Upsert Condition Field | dgraph-io | dgraph | Critical | 9.1 | 2026-04-24 18:27:51 | Deep Dive |
| CVE-2026-41328 | Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in NQuad Lang Field | dgraph-io | dgraph | Critical | 9.1 | 2026-04-24 18:25:44 | Deep Dive |
| CVE-2026-33666 | Zserio: Integer Overflow in BitStreamReader on 32-bit platforms | ndsev | zserio | High | 7.5 | 2026-04-24 18:21:11 | Deep Dive |
| CVE-2026-33524 | Zserio: Integer Overflow in BitStreamReader and Unbounded Memory Allocation in Deserialization | ndsev | zserio | High | 7.5 | 2026-04-24 18:18:03 | Deep Dive |
| CVE-2026-33662 | OP-TEE: RSASSA EMSA- PKCS1-v1_5 underflow in emsa_pkcs1_v1_5_encode() | OP-TEE | optee_os | High | 7.5 | 2026-04-24 18:13:29 | Deep Dive |
| CVE-2026-41907 | uuid: Missing buffer bounds check in `v3`/`v5`/`v6` when `buf` is provided | uuidjs | uuid | - | - | 2026-04-24 18:09:25 | Deep Dive |
| CVE-2026-42042 | Axios: XSRF Token Cross-Origin Leakage via Prototype Pollution Gadget in `withXSRFToken` Boolean Coercion | axios | axios | Medium | 5.4 | 2026-04-24 18:03:30 | Deep Dive |
| CVE-2026-42039 | Axios: unbounded recursion in toFormData causes DoS via deeply nested request data | axios | axios | - | - | 2026-04-24 18:01:31 | Deep Dive |
| CVE-2026-42036 | Axios: HTTP adapter streamed responses bypass maxContentLength | axios | axios | Medium | 5.3 | 2026-04-24 18:00:33 | Deep Dive |
| CVE-2026-42034 | Axios: HTTP adapter streamed uploads bypass maxBodyLength when maxRedirects: 0 | axios | axios | Medium | 5.3 | 2026-04-24 17:59:48 | Deep Dive |