| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-41411 | Vim: Command injection via backtick expansion in tag filenames | vim | vim | Medium | 6.6 | 2026-04-24 16:51:40 | Deep Dive |
| CVE-2026-40897 | Math.js: Unsafe object property setter in mathjs | josdejong | mathjs | High | 8.8 | 2026-04-24 16:48:35 | Deep Dive |
| CVE-2026-41066 | lxml: Default configuration of iterparse() and ETCompatXMLParser() allows XXE to local files | lxml | lxml | High | 7.5 | 2026-04-24 16:45:20 | Deep Dive |
| CVE-2026-6912 | Privilege Escalation via Self-Writable Cognito Custom Attribute in AWS Ops Wheel | AWS | AWS Ops Wheel | High | 8.8 | 2026-04-24 16:11:46 | Deep Dive |
| CVE-2026-6911 | Authentication Bypass via Missing JWT Signature Verification in AWS Ops Wheel | AWS | AWS Ops Wheel | Critical | 9.8 | 2026-04-24 16:08:46 | Deep Dive |
| CVE-2026-39920 | BridgeHead FileStore < 24A Apache Axis2 Default Credentials RCE | BridgeHead Software | FileStore | Critical | 9.8 | 2026-04-24 15:48:26 | Deep Dive |
| CVE-2026-31672 | wifi: rt2x00usb: fix devres lifetime | Linux | Linux | - | - | 2026-04-24 14:45:20 | Deep Dive |
| CVE-2026-31671 | xfrm_user: fix info leak in build_report() | Linux | Linux | - | - | 2026-04-24 14:45:19 | Deep Dive |
| CVE-2026-31670 | net: rfkill: prevent unlimited numbers of rfkill events from being created | Linux | Linux | - | - | 2026-04-24 14:45:18 | Deep Dive |
| CVE-2026-31668 | seg6: separate dst_cache for input and output paths in seg6 lwtunnel | Linux | Linux | - | - | 2026-04-24 14:45:17 | Deep Dive |
| CVE-2026-31669 | mptcp: fix slab-use-after-free in __inet_lookup_established | Linux | Linux | - | - | 2026-04-24 14:45:17 | Deep Dive |
| CVE-2026-31667 | Input: uinput - fix circular locking dependency with ff-core | Linux | Linux | - | - | 2026-04-24 14:45:16 | Deep Dive |
| CVE-2026-31665 | netfilter: nft_ct: fix use-after-free in timeout object destroy | Linux | Linux | - | - | 2026-04-24 14:45:15 | Deep Dive |
| CVE-2026-31666 | btrfs: fix incorrect return value after changing leaf in lookup_extent_data_ref() | Linux | Linux | - | - | 2026-04-24 14:45:15 | Deep Dive |
| CVE-2026-31664 | xfrm: clear trailing padding in build_polexpire() | Linux | Linux | - | - | 2026-04-24 14:45:14 | Deep Dive |
| CVE-2026-31663 | xfrm: hold dev ref until after transport_finish NF_HOOK | Linux | Linux | - | - | 2026-04-24 14:45:13 | Deep Dive |
| CVE-2026-31662 | tipc: fix bc_ackers underflow on duplicate GRP_ACK_MSG | Linux | Linux | - | - | 2026-04-24 14:45:13 | Deep Dive |
| CVE-2026-31661 | wifi: brcmsmac: Fix dma_free_coherent() size | Linux | Linux | - | - | 2026-04-24 14:45:12 | Deep Dive |
| CVE-2026-31660 | nfc: pn533: allocate rx skb before consuming bytes | Linux | Linux | - | - | 2026-04-24 14:45:11 | Deep Dive |
| CVE-2026-31658 | net: altera-tse: fix skb leak on DMA mapping error in tse_start_xmit() | Linux | Linux | - | - | 2026-04-24 14:45:10 | Deep Dive |