2026-04-22
2026-04-22 22:16Z
HIGH

CVE-2026-41455 — WeKan: before 8.35 contains a server-side request forgery vulnerability in webhook integration URL handling

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-41455

WeKan before 8.35 contains a server-side request forgery vulnerability in webhook integration URL handling where the url schema field accepts any string without protocol restriction or destination validation. Attackers who can create or modify integrations can set webhook URLs to internal network addresses, causing the server to issue HTTP POST requests to attacker-controlled internal targets with full board event payloads, and can additionally exploit response handling to ov CVSSv3.1 8.5 (HIGH)

CWECWE 918VNDWekanTYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2026-04-22
2026-04-22 22:16Z
HIGH

CVE-2026-41454 — WeKan: before 8.35 contains a missing authorization vulnerability in the Integration REST API endpoints

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-41454

WeKan before 8.35 contains a missing authorization vulnerability in the Integration REST API endpoints that allows authenticated board members to perform administrative actions without proper privilege verification. Attackers can enumerate integrations including webhook URLs, create new integrations, modify or delete existing integrations, and manage integration activities by exploiting insufficient authorization checks in the JsonRoutes REST handlers. CVSSv3.1 8.3 (HIGH)

CWECWE 862VNDWekanTYPVulnerability
8.3
CVSS v3.1
92
Edit Score
2026-04-22
2026-04-22 22:16Z
HIGH

CVE-2026-41175 — Statamic: Prior to versions 5.73.20 and 6.13.0, manipulating query parameters on Control Panel and REST

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-41175

Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.20 and 6.13.0, manipulating query parameters on Control Panel and REST API endpoints, or arguments in GraphQL queries, could result in the loss of content, assets, and user accounts. The Control Panel requires authentication with minimal permissions in order to exploit. e.g. "view entries" permission to delete entries, or "view users" permission to delete users, etc. The REST and Gra CVSSv3.1 8.1 (HIGH)

CWECWE 470VNDStatamicTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-04-22
2026-04-22 21:17Z
CRIT

CVE-2026-41167 — Jellystat: Because the vulnerable call site dispatches via `node-postgres`'s simple query protocol (no parameter array

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-41167

Jellystat is a free and open source Statistics App for Jellyfin. Prior to version 1.1.10, multiple API endpoints in Jellystat build SQL queries by interpolating unsanitized request-body fields directly into raw SQL strings. An authenticated user can inject arbitrary SQL via `POST /api/getUserDetails` and `POST /api/getLibrary`, enabling full read of any table in the database - including `app_config`, which stores the Jellystat admin credentials, the Jellyfin API key, and the CVSSv3.1 9.1 (CRITICAL)

CWECWE 89VNDJellystatTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2026-04-22
2026-04-22 21:17Z
HIGH

CVE-2026-40937 — Rustfs Rustfs: This enables cross-user event interception and audit evasion.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-40937

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-alpha.94, all four notification target admin API endpoints in `rustfs/src/admin/handlers/event.rs` use a `check_permissions` helper that validates authentication only (access key + session token), without performing any admin-action authorization via `validate_admin_request`. Every other admin handler in the codebase correctly calls `validate_admin_request` with a specific `AdminAction`. This is the o CVSSv3.1 8.3 (HIGH)

CWECWE 862VNDRustfsTYPVulnerability
8.3
CVSS v3.1
92
Edit Score
2026-04-22
2026-04-22 21:17Z
CRIT

CVE-2026-33656 — EspoCRM: Prior to version 9.3.4, EspoCRM's built-in formula scripting engine allowing updating attachment's sourceId thus

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-33656

EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, EspoCRM's built-in formula scripting engine allowing updating attachment's sourceId thus allowing an authenticated admin to overwrite the `sourceId` field on `Attachment` entities. Because `sourceId` is concatenated directly into a file path with no sanitization in `EspoUploadDir::getFilePath()`, an attacker can redirect any file read or write operation to an arbitrary path within CVSSv3.1 9.1 (CRITICAL)

CWECWE 22VNDEspocrmTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2026-04-22
2026-04-22 20:16Z
CRIT

CVE-2026-33471 — Nimiq Nimiq_proof-of-stake: nimiq-block contains block primitives to be used in Nimiq's Rust implementation.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-33471

nimiq-block contains block primitives to be used in Nimiq's Rust implementation. `SkipBlockProof::verify` computes its quorum check using `BitSet.len()`, then iterates `BitSet` indices and casts each `usize` index to `u16` (`slot as u16`) for slot lookup. Prior to version 1.3.0, if an attacker can get a `SkipBlockProof` verified where `MultiSignature.signers` contains out-of-range indices spaced by 65536, these indices inflate `len()` but collide onto the same in-range `u16` CVSSv3.1 9.6 (CRITICAL)

CWECWE 345CWECWE 20CWECWE 190CWECWE 1284VNDNimiqTYPVulnerability
9.6
CVSS v3.1
98
Edit Score
728 × 90 / responsive · programmatic ad slot
2026-04-22
2026-04-22 19:17Z
CRIT

CVE-2026-34415 — Xerte: Online Toolkits versions 3.15 and earlier contain an incomplete input validation vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-34415

Xerte Online Toolkits versions 3.15 and earlier contain an incomplete input validation vulnerability in the elFinder connector endpoint that fails to block PHP-executable extensions .php4 due to an incorrect regex pattern. Unauthenticated attackers can exploit this flaw combined with authentication bypass and path traversal vulnerabilities to upload malicious PHP code, rename it with a .php4 extension, and execute arbitrary operating system commands on the server. CVSSv3.1 9.8 (CRITICAL)

CWECWE 184VNDXerteTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-22
2026-04-22 19:17Z
HIGH

CVE-2026-34413 — Xerte: Online Toolkits versions 3.15 and earlier contain a missing authentication vulnerability in the

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-34413

Xerte Online Toolkits versions 3.15 and earlier contain a missing authentication vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where an HTTP redirect to unauthenticated callers does not call exit() or die(), allowing PHP execution to continue and process the full request server-side. Unauthenticated attackers can perform file operations on project media directories including creating directories, uploading files, renaming files, duplic CVSSv3.1 8.6 (HIGH)

CWECWE 497VNDXerteTYPVulnerability
8.6
CVSS v3.1
93
Edit Score
2026-04-22
2026-04-22 19:17Z
HIGH

CVE-2026-26354 — Dell Powerprotect_dp_series_appliance: PowerProtect Data Domain with Domain Operating System (DD OS) of Feature Release versions

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-26354

Dell PowerProtect Data Domain with Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.60, contain a stack-based Buffer Overflow vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution. CVSSv3.1 8.1 (HIGH) · EPSS 15th percentile

CWECWE 787CWECWE 121VNDDellTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-04-22
2026-04-22 18:38Z
CRIT

Mythos in Practice: Attack Paths, Exploitability, and What Actually Matters Most

Horizon3.ai·horizon3.aiCVE-2026-34197in the wild

Horizon3.ai analysis of Anthropic's Mythos AI system demonstrates that AI-assisted vulnerability discovery and exploit generation significantly reduces friction in attack chain development. Mythos successfully identified and exploited zero-days across major OSes and browsers, chained multiple weaknesses into RCE and privilege escalation, and enabled non-expert engineers to produce working exploits with minimal human input. The research emphasizes that risk is determined by exploitability in context and attack path viability, not vulnerability severity alone.

SRFApplicationSRFOsTACTA0001TACTA0007TACTA0042TACTA0043TYPResearchTYPVulnerability
8.8
CVSS v3.1
78
Edit Score
2026-04-22
2026-04-22 17:16Z
HIGH

CVE-2026-5816 — Gitlab Gitlab: has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5816

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.4 and 18.11 before 18.11.1 that could have allowed an unauthenticated user to execute arbitrary JavaScript in a user's browser session due to improper path validation under certain conditions. CVSSv3.1 8.0 (HIGH)

CWECWE 41VNDGitlabTYPVulnerability
8.0
CVSS v3.1
90
Edit Score
2026-04-22
2026-04-22 17:16Z
HIGH

CVE-2026-5262 — Gitlab Gitlab: has remediated an issue in GitLab CE/EE affecting all versions from 16.1.0 before

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5262

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.1.0 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an unauthenticated user to access tokens in the Storybook development environment due to improper input validation. CVSSv3.1 8.0 (HIGH)

CWECWE 79VNDGitlabTYPVulnerability
8.0
CVSS v3.1
90
Edit Score
2026-04-22
2026-04-22 17:16Z
HIGH

CVE-2026-4922 — Gitlab Gitlab: has remediated an issue in GitLab CE/EE affecting all versions from 17.0 before

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-4922

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.0 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed an unauthenticated user to execute GraphQL mutations on behalf of authenticated users due to insufficient CSRF protection. CVSSv3.1 8.1 (HIGH)

CWECWE 352VNDGitlabTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-04-22
2026-04-22 16:16Z
CRIT

CVE-2018-25272 — ELBA5: 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain database

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2018-25272

ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain database credentials and execute arbitrary commands with SYSTEM level permissions. Attackers can connect to the database using default connector credentials, decrypt the DBA password, and execute commands via the xp_cmdshell stored procedure or add backdoor users to the BEDIENER table. CVSSv3.1 9.8 (CRITICAL) · EPSS 28th percentile

CWECWE 326VNDElba5TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-22
2026-04-22 16:16Z
CRIT

CVE-2018-25270 — Thinkphp Thinkphp: 5.0.23 contains a remote code execution vulnerability that allows unauthenticated attackers to execute

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2018-25270

ThinkPHP 5.0.23 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by invoking functions through the routing parameter. Attackers can craft requests to the index.php endpoint with malicious function parameters to execute system commands with application privileges. CVSSv3.1 9.8 (CRITICAL) · EPSS 39th percentile

CWECWE 639VNDThinkphpTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-22
2026-04-22 16:16Z
HIGH

CVE-2018-25268 — Lizardsystems Lanspy: 2.0.1.159 contains a local buffer overflow vulnerability that allows attackers to overwrite the

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2018-25268

LanSpy 2.0.1.159 contains a local buffer overflow vulnerability that allows attackers to overwrite the instruction pointer by supplying oversized input to the scan field. Attackers can craft a payload with 688 bytes of padding followed by 4 bytes of controlled data to crash the application or potentially achieve code execution. CVSSv3.1 8.4 (HIGH) · EPSS 2th percentile

CWECWE 787VNDLizardsystemsVNDLanspyTYPVulnerability
8.4
CVSS v3.1
92
Edit Score
2026-04-22
2026-04-22 16:16Z
HIGH

CVE-2018-25265 — Lizardsystems Lanspy: 2.0.1.159 contains a local buffer overflow vulnerability in the scan section that allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2018-25265

LanSpy 2.0.1.159 contains a local buffer overflow vulnerability in the scan section that allows local attackers to execute arbitrary code by exploiting structured exception handling mechanisms. Attackers can craft malicious payloads using egghunter techniques to locate and execute shellcode, triggering code execution through SEH chain manipulation and controlled jumps. CVSSv3.1 8.4 (HIGH) · EPSS 2th percentile

CWECWE 787VNDLizardsystemsVNDLanspyTYPVulnerability
8.4
CVSS v3.1
92
Edit Score
2026-04-22
2026-04-22 16:16Z
HIGH

CVE-2018-25261 — Entersrl Iperius_backup: Iperius Backup 5.8.1 contains a local buffer overflow vulnerability in the structured exception handling

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2018-25261

Iperius Backup 5.8.1 contains a local buffer overflow vulnerability in the structured exception handling (SEH) mechanism that allows local attackers to execute arbitrary code by supplying a malicious file path. Attackers can create a backup job with a crafted payload in the external file location field that triggers a buffer overflow when the backup job executes, enabling code execution with application privileges. CVSSv3.1 8.4 (HIGH) · EPSS 4th percentile

CWECWE 787VNDEntersrlVNDIperiusTYPVulnerability
8.4
CVSS v3.1
92
Edit Score
2026-04-22
2026-04-22 16:16Z
HIGH

CVE-2018-25260 — Magix Music_editor_deluxe: Music Editor 3.1 contains a buffer overflow vulnerability in the FreeDB Proxy Options

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2018-25260

MAGIX Music Editor 3.1 contains a buffer overflow vulnerability in the FreeDB Proxy Options dialog that allows local attackers to execute arbitrary code by exploiting structured exception handling. Attackers can craft a malicious payload, paste it into the Server field via the CD menu's FreeDB Proxy Options, and trigger code execution when settings are accepted. CVSSv3.1 8.4 (HIGH) · EPSS 5th percentile

CWECWE 787VNDMagixTYPVulnerability
8.4
CVSS v3.1
92
Edit Score
2026-04-22
2026-04-22 16:16Z
HIGH

CVE-2018-25259 — Lizardsystems Terminal_services_manager: Terminal Services Manager 3.1 contains a stack-based buffer overflow vulnerability in the computer names

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2018-25259

Terminal Services Manager 3.1 contains a stack-based buffer overflow vulnerability in the computer names field that allows local attackers to execute arbitrary code by triggering structured exception handling. Attackers can craft a malicious input file with shellcode and jump instructions that overwrite the SEH handler pointer to execute calc.exe or other payloads when imported through the add computers wizard. CVSSv3.1 8.4 (HIGH) · EPSS 3th percentile

CWECWE 306VNDLizardsystemsVNDTerminalTYPVulnerability
8.4
CVSS v3.1
92
Edit Score
2026-04-22
2026-04-22 15:16Z
HIGH

CVE-2026-35548 — Guardsix Logpoint: An authenticated Operator user could redirect the database connection to unintended internal systems, resulting

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-35548

An issue was discovered in guardsix (formerly Logpoint) ODBC Enrichment Plugins before 5.2.1 (5.2.1 is used in guardsix 7.9.0.0). A logic flaw allowed stored database credentials to be reused after modification of the target Host, IP address, or Port. When editing an existing Enrichment Source, previously stored credentials were retained even if the connection endpoint was changed. An authenticated Operator user could redirect the database connection to unintended internal sy CVSSv3.1 8.5 (HIGH) · EPSS 9th percentile

CWECWE 918VNDGuardsixTYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2026-04-22
2026-04-22 14:17Z
HIGH

CVE-2026-6859 — Redhat Instructlab: This allows a remote attacker to achieve arbitrary Python code execution by convincing a

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-6859

A flaw was found in InstructLab. The `linux_train.py` script hardcodes `trust_remote_code=True` when loading models from HuggingFace. This allows a remote attacker to achieve arbitrary Python code execution by convincing a user to run `ilab train/download/generate` with a specially crafted malicious model from the HuggingFace Hub. This vulnerability can lead to complete system compromise. CVSSv3.1 8.8 (HIGH) · EPSS 36th percentile

CWECWE 829VNDInstructlabTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-22
2026-04-22 14:17Z
CRIT

CVE-2026-6356 — Augmentt Augmentt: A vulnerability in the web application allows standard users to escalate their privileges to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-6356

A vulnerability in the web application allows standard users to escalate their privileges to those of a super administrator through parameter manipulation, enabling them to access and modify sensitive information. CVSSv3.1 9.6 (CRITICAL) · EPSS 9th percentile

CWECWE 1220VNDAugmenttTYPVulnerability
9.6
CVSS v3.1
98
Edit Score
2026-04-22
2026-04-22 14:17Z
HIGH

CVE-2026-41651 — Packagekit_project Packagekit: between and including versions 1.0.2 and 1.3.4 is vulnerable to a time-of-check time-of-use

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-41651

PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture API. PackageKit between and including versions 1.0.2 and 1.3.4 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition on transaction flags that allows unprivileged users to install packages as root and thus leads to a local privilege escalation. This is patched in version 1.3.5. A local unprivileged user can install arbitrar CVSSv3.1 8.8 (HIGH)

CWECWE 367VNDPackagekit ProjectVNDPackagekitTYPVulnerability
8.8
CVSS v3.1
94
Edit Score