| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-6887 | BorG Technology Corporation|Borg SPM 2007 - SQL Injection | BorG Technology Corporation | Borg SPM 2007 | Critical | 9.8 | 2026-04-23 09:30:30 | Deep Dive |
| CVE-2026-6886 | BorG Technology Corporation|Borg SPM 2007 - Authentication Bypass | BorG Technology Corporation | Borg SPM 2007 | Critical | 9.8 | 2026-04-23 09:25:16 | Deep Dive |
| CVE-2026-6885 | BorG Technology Corporation|Borg SPM 2007 - Arbitrary File Upload | BorG Technology Corporation | Borg SPM 2007 | Critical | 9.8 | 2026-04-23 09:05:07 | Deep Dive |
| CVE-2026-3960 | Remote Code Execution in h2oai/h2o-3 | h2oai | h2oai/h2o-3 | - | - | 2026-04-23 08:47:49 | Deep Dive |
| CVE-2026-3259 | Sensitive Data Disclosure in BigQuery via Materialized View Error Messages | Google Cloud | BigQuery | - | - | 2026-04-23 08:35:04 | Deep Dive |
| CVE-2026-5464 | ExactMetrics <= 9.1.2 - Authenticated (Editor+) Arbitrary Plugin Installation/Activation via exactmetrics_connect_process | smub | ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) | High | 7.2 | 2026-04-23 08:28:26 | Deep Dive |
| CVE-2026-41564 | CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking | MIK | CryptX | - | - | 2026-04-23 07:29:26 | Deep Dive |
| CVE-2026-41040 | GROWI 安全漏洞 | GROWI, Inc. | GROWI | - | - | 2026-04-23 06:59:38 | Deep Dive |
| CVE-2025-10549 | DLL Hijacking in EfficientLab Controlio Leads to Local Privilege Escalation | EfficientLab, LLC | Controlio | - | - | 2026-04-23 06:57:27 | Deep Dive |
| CVE-2026-34488 | i-PRO IP Setting Software 代码问题漏洞 | i-PRO Co., Ltd. | IP Setting Software | - | - | 2026-04-23 06:17:14 | Deep Dive |
| CVE-2026-4512 | WP reCaptcha by WebDesignBy < 2.0 – Admin+ Stored XSS | Unknown | reCaptcha by WebDesignBy | - | - | 2026-04-23 06:00:09 | Deep Dive |
| CVE-2026-4106 | HT Mega < 3.0.7 – Unauthenticated PII Disclosure | Unknown | HT Mega Addons for Elementor | - | - | 2026-04-23 06:00:06 | Deep Dive |
| CVE-2026-41990 | Libgcrypt 缓冲区错误漏洞 | gnupg | Libgcrypt | Medium | 4.0 | 2026-04-23 04:39:05 | Deep Dive |
| CVE-2026-41989 | Libgcrypt 缓冲区错误漏洞 | gnupg | Libgcrypt | Medium | 6.7 | 2026-04-23 04:30:26 | Deep Dive |
| CVE-2026-40529 | KANATA CMS ALAYA SQL注入漏洞 | KANATA Limited | CMS ALAYA | - | - | 2026-04-23 04:15:33 | Deep Dive |
| CVE-2026-41988 | uuid 安全漏洞 | uuidjs | uuid | Low | 3.2 | 2026-04-23 04:00:55 | Deep Dive |
| CVE-2026-41233 | Froxlor has a Reseller Domain Quota Bypass via Unvalidated adminid Parameter in Domains.add() | froxlor | froxlor | Medium | 5.4 | 2026-04-23 04:00:19 | Deep Dive |
| CVE-2026-41232 | Froxlor has an Email Sender Alias Domain Ownership Bypass via Wrong Array Index that Allows Cross-Customer Email Spoofing | froxlor | froxlor | Medium | 5.0 | 2026-04-23 03:54:56 | Deep Dive |
| CVE-2026-41231 | Froxlor has Incomplete Symlink Validation in DataDump.add() that Allows Arbitrary Directory Ownership Takeover via Cron | froxlor | froxlor | High | 7.5 | 2026-04-23 03:52:43 | Deep Dive |
| CVE-2026-41230 | Froxlor has a BIND Zone File Injection via Unsanitized DNS Record Content in DomainZones::add() | froxlor | froxlor | High | 8.5 | 2026-04-23 03:47:11 | Deep Dive |