| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-3837 | Frappe Framework 16.10.0 - Stored DOM XSS in Multiple Field Formatters | Frappe | Frappe | - | - | 2026-04-22 19:52:56 | Deep Dive |
| CVE-2026-34067 | nimiq-transaction vulnerable to panic via `HistoryTreeProof` length mismatch | nimiq | nimiq-transaction | Low | 3.1 | 2026-04-22 19:52:44 | Deep Dive |
| CVE-2026-34066 | nimiq-blockchain: Peer-triggerable panic during history sync | nimiq | nimiq-blockchain | Medium | 5.3 | 2026-04-22 19:47:49 | Deep Dive |
| CVE-2026-34065 | nimiq-primitives: Node crash due to missing interlink validation in election macro block proposals | nimiq | nimiq-primitives | High | 7.5 | 2026-04-22 19:45:01 | Deep Dive |
| CVE-2026-34064 | nimiq-account: Vesting insufficient funds error can panic | nimiq | nimiq-account | Medium | 5.3 | 2026-04-22 19:43:04 | Deep Dive |
| CVE-2026-34063 | network-libp2p: Peer can crash the node by opening discovery protocol substream twice | nimiq | network-libp2p | High | 7.5 | 2026-04-22 19:40:27 | Deep Dive |
| CVE-2026-3673 | Frappe Framework 16.10.0 - Stored DOM XSS in Tag Pill Renderer | Frappe | Frappe | - | - | 2026-04-22 19:32:37 | Deep Dive |
| CVE-2026-6019 | BaseCookie.js_output() does not neutralize embedded characters | Python Software Foundation | CPython | - | - | 2026-04-22 19:28:09 | Deep Dive |
| CVE-2026-34062 | Nimiq has Allocation of Resources Without Limits or Throttling in its libp2p request/response | nimiq | network-libp2p | Medium | 5.3 | 2026-04-22 19:23:37 | Deep Dive |
| CVE-2026-33471 | nimiq-block has skip block quorum bypass via out-of-range BitSet indices & u16 truncation | nimiq | nimiq-block | Critical | 9.6 | 2026-04-22 19:13:05 | Deep Dive |
| CVE-2026-34413 | Xerte Online Toolkits Missing Authentication via connector.php | thexerteproject | xerteonlinetoolkits | High | 8.6 | 2026-04-22 18:33:44 | Deep Dive |
| CVE-2026-34415 | Xerte Online Toolkits File Upload RCE via elfinder Connector | thexerteproject | xerteonlinetoolkits | Critical | 9.8 | 2026-04-22 18:33:18 | Deep Dive |
| CVE-2026-34414 | Xerte Online Toolkits Path Traversal via connector.php | thexerteproject | xerteonlinetoolkits | High | 7.1 | 2026-04-22 18:32:46 | Deep Dive |
| CVE-2026-41459 | Xerte Online Toolkits Path Disclosure via /setup | thexerteproject | xerteonlinetoolkits | Medium | 5.3 | 2026-04-22 18:32:26 | Deep Dive |
| CVE-2026-28950 | Apple iOS和Apple iPadOS 安全漏洞 | Apple | iOS and iPadOS | - | - | 2026-04-22 18:22:39 | Deep Dive |
| CVE-2026-26354 | Dell PowerProtect Data Domain(Dell PowerProtect DD) 安全漏洞 | Dell | PowerProtect Data Domain | High | 8.1 | 2026-04-22 18:11:01 | Deep Dive |
| CVE-2026-41468 | Beghelli Sicuro24 SicuroWeb AngularJS Sandbox Escape via Template Injection | Beghelli | SicuroWeb (Sicuro24) | High | 8.7 | 2026-04-22 18:04:39 | Deep Dive |
| CVE-2026-41469 | Beghelli Sicuro24 SicuroWeb Missing Content Security Policy | Beghelli | SicuroWeb (Sicuro24) | Medium | 5.2 | 2026-04-22 18:04:19 | Deep Dive |
| CVE-2026-32885 | DDEV has ZipSlip path traversal in tar and zip archive extraction | ddev | ddev | Medium | 6.5 | 2026-04-22 16:54:48 | Deep Dive |
| CVE-2026-3254 | Improper Restriction of Rendered UI Layers or Frames in GitLab | GitLab | GitLab | Low | 3.5 | 2026-04-22 16:29:49 | Deep Dive |