2026-04-17
2026-04-17 20:16Z
HIGH

CVE-2026-40434 — Anviz Crosschex_standard: CrossChex Standard lacks source verification in the client/server channel, enabling TCP packet injection

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-40434

Anviz CrossChex Standard lacks source verification in the client/server channel, enabling TCP packet injection by an attacker on the same network to alter or disrupt application traffic. CVSSv3.1 8.1 (HIGH) · EPSS 7th percentile

CWECWE 940VNDAnvizTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-04-17
2026-04-17 20:16Z
CRIT

CVE-2026-40342 — Firebirdsql Firebird: An authenticated user with CREATE FUNCTION privileges can use a crafted ENGINE name to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-40342

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the external engine plugin loader concatenates a user-supplied engine name into a filesystem path without filtering path separators or .. components. An authenticated user with CREATE FUNCTION privileges can use a crafted ENGINE name to load an arbitrary shared library from anywhere on the filesystem via path traversal. The library's initialization code executes imm CVSSv3.1 9.9 (CRITICAL) · EPSS 25th percentile

CWECWE 94CWECWE 22CWECWE 73CWECWE 427VNDFirebirdsqlVNDFirebirdTYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2026-04-17
2026-04-17 20:16Z
HIGH

CVE-2026-40066 — Anviz Cx7_firmware: CX2 Lite and CX7 are vulnerable to unverified update packages that can be

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-40066

Anviz CX2 Lite and CX7 are vulnerable to unverified update packages that can be uploaded. The device unpacks and executes a script resulting in unauthenticated remote code execution. CVSSv3.1 8.8 (HIGH) · EPSS 8th percentile

CWECWE 494VNDAnvizTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-17
2026-04-17 20:16Z
HIGH

CVE-2026-35682 — Anviz Cx2_lite_firmware: CX2 Lite is vulnerable to an authenticated command injection via a filename parameter

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-35682

Anviz CX2 Lite is vulnerable to an authenticated command injection via a filename parameter that enables arbitrary command execution (e.g., starting telnetd), resulting in root‑level access. CVSSv3.1 8.8 (HIGH) · EPSS 50th percentile

CWECWE 77VNDAnvizTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-17
2026-04-17 20:16Z
CRIT

CVE-2026-35546 — Anviz Cx7_firmware: CX2 Lite and CX7 are vulnerable to unauthenticated firmware uploads.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-35546

Anviz CX2 Lite and CX7 are vulnerable to unauthenticated firmware uploads. This causes crafted archives to be accepted, enabling attackers to plant and execute code and obtain a reverse shell. CVSSv3.1 9.8 (CRITICAL) · EPSS 23th percentile

CWECWE 306VNDAnvizTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-17
2026-04-17 20:16Z
CRIT

CVE-2026-33516 — Neutrinolabs Xrdp: Versions through 0.10.5 contain an out-of-bounds read vulnerability during the RDP capability exchange phase.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-33516

xrdp is an open source RDP server. Versions through 0.10.5 contain an out-of-bounds read vulnerability during the RDP capability exchange phase. The issue occurs when memory is accessed before validating the remaining buffer length. A remote, unauthenticated attacker can trigger this vulnerability by sending a specially crafted Confirm Active PDU. Successful exploitation could lead to a denial of service (process crash) or potential disclosure of sensitive information from th CVSSv3.1 9.1 (CRITICAL) · EPSS 40th percentile

CWECWE 125VNDNeutrinolabsVNDRdpTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2026-04-17
2026-04-17 20:16Z
HIGH

CVE-2026-32623 — Neutrinolabs Xrdp: Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in the NeutrinoRDP module.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-32623

xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in the NeutrinoRDP module. When proxying RDP sessions from xrdp to another server, the module fails to properly validate the size of reassembled fragmented virtual channel data against its allocated memory buffer. A malicious downstream RDP server (or an attacker capable of performing a Man-in-the-Middle attack) could exploit this flaw to cause memory corruption, pote CVSSv3.1 8.1 (HIGH) · EPSS 65th percentile

CWECWE 122VNDNeutrinolabsVNDRdpTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
728 × 90 / responsive · programmatic ad slot
2026-04-17
2026-04-17 20:16Z
HIGH

CVE-2026-32107 — Neutrinolabs Xrdp: This improper privilege management could allow an authenticated local attacker to escalate privileges to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-32107

xrdp is an open source RDP server. In versions through 0.10.5, the session execution component did not properly handle an error during the privilege drop process. This improper privilege management could allow an authenticated local attacker to escalate privileges to root and execute arbitrary code on the system. An additional exploit would be needed to facilitate this. This issue has been fixed in version 0.10.6. CVSSv3.1 8.8 (HIGH) · EPSS 2th percentile

CWECWE 273VNDNeutrinolabsVNDRdpTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-17
2026-04-17 19:16Z
CRIT

CVE-2026-40525 — Volcengine Openviking: prior to version 0.3.9 contains an authentication bypass vulnerability in the VikingBot OpenAPI

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-40525

OpenViking prior to version 0.3.9 contains an authentication bypass vulnerability in the VikingBot OpenAPI HTTP route surface where the authentication check fails open when the api_key configuration value is unset or empty. Remote attackers with network access to the exposed service can invoke privileged bot-control functionality without providing a valid X-API-Key header, including submitting attacker-controlled prompts, creating or using bot sessions, and accessing downstre CVSSv3.1 9.1 (CRITICAL) · EPSS 33th percentile

CWECWE 636VNDOpenvikingVNDVolcengineTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2026-04-17
2026-04-17 19:16Z
HIGH

CVE-2026-28224 — Firebirdsql Firebird: In versions prior to 5.0.4, 4.0.7 and 3.0.14, when the server receives an op_crypt_key_callback

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-28224

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when the server receives an op_crypt_key_callback packet without prior authentication, the port_server_crypt_callback handler is not initialized, resulting in a null pointer dereference and server crash. An unauthenticated attacker who knows only the server's IP and port can exploit this to crash the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0 CVSSv3.1 8.2 (HIGH) · EPSS 26th percentile

CWECWE 476VNDFirebirdsqlVNDFirebirdTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2026-04-17
2026-04-17 19:16Z
HIGH

CVE-2026-27890 — Firebirdsql Firebird: In versions prior to 5.0.4, 4.0.7 and 3.0.14, when processing CNCT_specific_data segments during authentication

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-27890

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when processing CNCT_specific_data segments during authentication, the server assumes segments arrive in strictly ascending order. If segments arrive out of order, the Array class's grow() method computes a negative size value, causing a SIGSEGV crash. An unauthenticated attacker who knows only the server's IP and port can exploit this to crash the server. This issu CVSSv3.1 8.2 (HIGH) · EPSS 26th percentile

CWECWE 787CWECWE 119VNDFirebirdsqlVNDFirebirdTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2026-04-17
2026-04-17 19:05Z
HIGH

Mythos Didn’t Break Cybersecurity. It Exposed What Was Already Broken.

Horizon3.ai·horizon3.ai

Horizon3.ai's analysis of Mythos AI and similar vulnerability-discovery systems argues that the real cybersecurity gap is not vulnerability volume but the industry's inability to prioritize based on actual exploitability and attack-path impact. The piece contends that organizations are already overwhelmed with unremediable backlogs and that AI-accelerated vulnerability discovery merely exposes pre-existing structural failures in how risk is assessed and remediated.

SRFApplicationTACTA0001SRFNetworkTACTA0007TACTA0008TYPResearchTYPThreat IntelSTGDiscovery
72
Edit Score
2026-04-17
2026-04-17 18:16Z
HIGH

CVE-2026-5718 — Drag: The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5718

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions up to, and including, 1.3.9.7. This is due to insufficient file type validation that occurs when custom blacklist types are configured, which replaces the default dangerous extension denylist instead of merging with it, and the wpcf7_antiscript_file_name() sanitization function being bypassed for filenames containing non-ASCII characters. This make CVSSv3.1 8.1 (HIGH) · EPSS 36th percentile

CWECWE 434VNDDragTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-04-17
2026-04-17 17:17Z
HIGH

CVE-2026-40516 — Hkuds Openharness: before commit bd4df81 contains a server-side request forgery vulnerability in the web_fetch and

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-40516

OpenHarness before commit bd4df81 contains a server-side request forgery vulnerability in the web_fetch and web_search tools that allows attackers to access private and localhost HTTP services by manipulating tool parameters without proper validation of target addresses. Attackers can influence an agent session to invoke these tools against loopback, RFC1918, link-local, or other non-public addresses to read response bodies from local development services, cloud metadata endp CVSSv3.1 8.3 (HIGH) · EPSS 11th percentile

CWECWE 918VNDHkudsVNDOpenharnessTYPVulnerability
8.3
CVSS v3.1
92
Edit Score
2026-04-17
2026-04-17 17:09Z
INFO

v2.12.1-rc1: fix: BED-4600 - Add Request Timeout (#188)

AzureHound releases·github.com

AzureHound v2.12.1-rc1 release candidate adds request timeout handling to prevent indefinite hangs on failed API calls (BED-4600). This is a routine bug-fix release with no security vulnerabilities disclosed.

SWAzurehoundVNDSpecteropsTYPTool
15
Edit Score
2026-04-17
2026-04-17 11:00Z
HIGH

We beat Google’s zero-knowledge proof of quantum cryptanalysis

Trail of Bits·blog.trailofbits.com

Trail of Bits demonstrated a cryptographic proof forgery attack against Google's zero-knowledge proof of quantum circuit optimization by exploiting memory safety vulnerabilities in the SP1 zkVM prover's Rust implementation. The attack leveraged unsafe deserialization (rkyv access_unchecked) and register aliasing to bypass Toffoli gate counting and implement non-reversible quantum operations, producing a forged proof with 0 Toffoli gates vs. Google's 2.1M while maintaining correctness on elliptic curve point addition.

TACTA0005VNDGoogleVNDSuccinct LabsTYPResearchTYPExploitSTGDefense EvasionTECT1027EXPDeserialization
88
Edit Score
2026-04-17
2026-04-17 09:16Z
CRIT

CVE-2025-15625 — Sparxsystems Pro_cloud_server: Unauthenticated user is able to execute arbitrary SQL commands in Sparx Pro Cloud Server

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-15625

Unauthenticated user is able to execute arbitrary SQL commands in Sparx Pro Cloud Server database in certain cases. CVSSv3.1 9.8 (CRITICAL) · EPSS 7th percentile

CWECWE 89CWECWE 200VNDSparxsystemsTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-17
2026-04-17 08:16Z
HIGH

CVE-2026-23853 — Dell Powerprotect_dp_series_appliance: An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to unauthorized

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-23853

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain a use of weak credentials vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to unauthorized access to the system. CVSSv3.1 8.4 (HIGH) · EPSS 2th percentile

CWECWE 1391VNDDellTYPVulnerability
8.4
CVSS v3.1
92
Edit Score
2026-04-17
2026-04-17 04:16Z
HIGH

CVE-2026-3605 — Hashicorp Vault: An authenticated user with access to a kvv2 path through a policy containing a

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-3605

An authenticated user with access to a kvv2 path through a policy containing a glob may be able to delete secrets they were not authorized to read or write, resulting in denial-of-service. This vulnerability did not allow a malicious user to delete secrets across namespaces, nor read any secret data. Fxed in Vault Community Edition 2.0.0 and Vault Enterprise 2.0.0, 1.21.5, 1.20.10, and 1.19.16. CVSSv3.1 8.1 (HIGH) · EPSS 2th percentile

CWECWE 288VNDHashicorpTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-04-17
2026-04-17 00:00Z
CRIT

Microsoft addresses 163 CVEs, 88 advisories for April Patch Tuesday

Microsoft released 163 patches across 17 product families in April 2026 Patch Tuesday, addressing 8 Critical-severity vulnerabilities and 154 Important-severity issues. Two vulnerabilities are actively exploited in the wild: CVE-2026-32201 (SharePoint spoofing) and CVE-2026-33825 (Defender EoP). The patch load includes 20 RCEs and 94 elevation-of-privilege vulnerabilities, with IKE (CVE-2026-33824, CVSS 9.8) and multiple Office RCEs requiring immediate attention.

SRFApplicationSRFOsTACTA0004TACTA0002TACTA0003VNDMicrosoftVNDGoogleVNDAdobe
9.8
CVSS v3.1
68
Edit Score
2026-04-16
2026-04-16 23:44Z
INFO

v9.0.2-rc1

BloodHound releases·github.com

BloodHound v9.0.2-rc1 release candidate published with bug fixes for cipher support (BED-8029) and Azure post-processing failures with PostgreSQL (BED-8031). This is a pre-release version containing 4 commits since v9.0.1.

VNDBloodhoundVNDSpecter OpsTYPTool
25
Edit Score
2026-04-16
2026-04-16 23:19Z
MED

WerReportCreate API

Hexacorn·hexacorn.com

Hexacorn documents the WerReportCreate API, a Windows error reporting mechanism used across native OS binaries and libraries. The research catalogs how various system components invoke this API with unique event names for diagnostic purposes, revealing the breadth of Windows error reporting infrastructure.

SRFOsTACTA0007VNDMicrosoftTYPResearchTECT1014
62
Edit Score
2026-04-16
2026-04-16 22:16Z
HIGH

CVE-2026-41113 — sagredo qmail before 2026.04.07 allows tls_quit remote code execution because of popen in notlshosts_auto

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-41113

sagredo qmail before 2026.04.07 allows tls_quit remote code execution because of popen in notlshosts_auto in qmail-remote.c. CVSSv3.1 8.1 (HIGH) · EPSS 26th percentile

CWECWE 78TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-04-16
2026-04-16 19:44Z
CRIT

CVE-2026-33032: Nginx UI Missing MCP Authentication

Rapid7 Research·rapid7.comCVE-2026-33032CVE-2026-27944in the wild

CVE-2026-33032 is a critical missing authentication vulnerability (CVSS 9.8) in Nginx UI that allows unauthenticated attackers to access a Model Context Protocol (MCP) server capable of performing privileged operations on managed Nginx instances. The vulnerability is being actively exploited in the wild as part of a two-stage attack chain with CVE-2026-27944 (information leak), affecting versions 2.3.5 and below. Patched in version 2.3.6.

SRFApplicationTACTA0001TACTA0007SRFWebVNDNginxTYPVulnerabilityTYPAdvisorySTGDiscovery
82
Edit Score
2026-04-16
2026-04-16 18:16Z
CRIT

CVE-2026-27820 — Ruby-lang Zlib: Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain a buffer overflow vulnerability

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-27820

zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain a buffer overflow vulnerability in the Zlib::GzipReader. The zstream_buffer_ungets function prepends caller-provided bytes ahead of previously produced output but fails to guarantee the backing Ruby string has enough capacity before the memmove shifts the existing data. This can lead to memory corruption when the buffer length exceeds capaci CVSSv3.1 9.8 (CRITICAL) · EPSS 2th percentile

CWECWE 120CWECWE 131VNDRuby LangTYPVulnerability
9.8
CVSS v3.1
99
Edit Score