| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-41680 | Marked: OOM Denial of Service via Infinite Recursion in marked Tokenizer | markedjs | marked | - | - | 2026-04-24 17:26:28 | Deep Dive |
| CVE-2026-41898 | rust-openssl: Unchecked callback-returned length in PSK and cookie generate trampolines can cause OpenSSL to leak adjacent memory to the network peer | rust-openssl | rust-openssl | - | - | 2026-04-24 17:20:38 | Deep Dive |
| CVE-2026-41681 | rust-openssl: MdCtxRef::digest_final() writes past caller buffer with no length check | rust-openssl | rust-openssl | - | - | 2026-04-24 17:19:15 | Deep Dive |
| CVE-2026-41678 | rust-openssl: Incorrect bounds assertion in aes key wrap | rust-openssl | rust-openssl | - | - | 2026-04-24 17:18:27 | Deep Dive |
| CVE-2026-41677 | rust-openssl: Out-of-bounds read in PEM password callback when user callback returns an oversized length | rust-openssl | rust-openssl | - | - | 2026-04-24 17:17:18 | Deep Dive |
| CVE-2026-41676 | rust-openssl: Deriver::derive and PkeyCtxRef::derive can overflow short buffers on OpenSSL 1.1.1 | rust-openssl | rust-openssl | - | - | 2026-04-24 17:16:21 | Deep Dive |
| CVE-2026-41140 | Poetry: Path traversal in tar extraction on Python 3.10.0 - 3.10.12 and 3.11.0 - 3.11.4 | python-poetry | poetry | - | - | 2026-04-24 17:10:34 | Deep Dive |
| CVE-2026-41322 | @astrojs/node: Cache Poisoning due to incorrect error handling when if-match header is malformed | withastro | astro | Medium | 5.3 | 2026-04-24 17:08:13 | Deep Dive |
| CVE-2026-41321 | @astrojs/cloudflare: SSRF via redirect following in Cloudflare image-binding-transform endpoint | withastro | @astrojs/cloudflare | Low | 2.2 | 2026-04-24 17:04:06 | Deep Dive |
| CVE-2026-41067 | Astro: XSS via incomplete `</script>` sanitization in `define:vars` allows case-insensitive and whitespace-based bypass | withastro | astro | Medium | 6.1 | 2026-04-24 16:57:23 | Deep Dive |
| CVE-2026-41079 | OpenPrinting CUPS: Heap out-of-bounds read in SNMP supply-level polling leaks stack memory to authenticated users | OpenPrinting | cups | Medium | 4.3 | 2026-04-24 16:54:39 | Deep Dive |
| CVE-2026-41411 | Vim: Command injection via backtick expansion in tag filenames | vim | vim | Medium | 6.6 | 2026-04-24 16:51:40 | Deep Dive |
| CVE-2026-40897 | Math.js: Unsafe object property setter in mathjs | josdejong | mathjs | High | 8.8 | 2026-04-24 16:48:35 | Deep Dive |
| CVE-2026-41066 | lxml: Default configuration of iterparse() and ETCompatXMLParser() allows XXE to local files | lxml | lxml | High | 7.5 | 2026-04-24 16:45:20 | Deep Dive |
| CVE-2026-6912 | Privilege Escalation via Self-Writable Cognito Custom Attribute in AWS Ops Wheel | AWS | AWS Ops Wheel | High | 8.8 | 2026-04-24 16:11:46 | Deep Dive |
| CVE-2026-6911 | Authentication Bypass via Missing JWT Signature Verification in AWS Ops Wheel | AWS | AWS Ops Wheel | Critical | 9.8 | 2026-04-24 16:08:46 | Deep Dive |
| CVE-2026-39920 | BridgeHead FileStore < 24A Apache Axis2 Default Credentials RCE | BridgeHead Software | FileStore | Critical | 9.8 | 2026-04-24 15:48:26 | Deep Dive |
| CVE-2026-31672 | wifi: rt2x00usb: fix devres lifetime | Linux | Linux | - | - | 2026-04-24 14:45:20 | Deep Dive |
| CVE-2026-31671 | xfrm_user: fix info leak in build_report() | Linux | Linux | - | - | 2026-04-24 14:45:19 | Deep Dive |
| CVE-2026-31670 | net: rfkill: prevent unlimited numbers of rfkill events from being created | Linux | Linux | - | - | 2026-04-24 14:45:18 | Deep Dive |