2026-04-08
2026-04-08 02:16Z
CRIT

CVE-2026-3296 — Everest: The Everest Forms plugin for WordPress is vulnerable to PHP Object Injection in all

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-3296

The Everest Forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.4.3 via deserialization of untrusted input from form entry metadata. This is due to the html-admin-page-entries-view.php file calling PHP's native unserialize() on stored entry meta values without passing the allowed_classes parameter. This makes it possible for unauthenticated attackers to inject a serialized PHP object payload through any public Everest Forms CVSSv3.1 9.8 (CRITICAL)

CWECWE 502VNDEverestTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-08
2026-04-08 02:16Z
HIGH

CVE-2026-33810 — Golang Go: When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-33810

When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool. CVSSv3.1 8.2 (HIGH)

CWECWE 1289CWECWE 295TYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2026-04-08
2026-04-08 02:16Z
CRIT

CVE-2026-27143 — Arithmetic: As a result, the compiler would allow for invalid indexing to occur at runtime

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-27143

Arithmetic over induction variables in loops were not correctly checked for underflow or overflow. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption. CVSSv3.1 9.8 (CRITICAL)

VNDArithmeticTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-08
2026-04-08 02:16Z
HIGH

CVE-2026-27140 — SWIG: file names containing 'cgo' and well-crafted payloads could lead to code smuggling and

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-27140

SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass. CVSSv3.1 8.8 (HIGH)

VNDSwigTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-08
2026-04-08 01:16Z
HIGH

CVE-2026-4788 — Ibm Tivoli_netcool\/impact: Tivoli Netcool Impact 7.1.0.0 through 7.1.0.37 stores sensitive information in log files that

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-4788

IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.37 stores sensitive information in log files that could be read by a local user. CVSSv3.1 8.4 (HIGH)

CWECWE 532VNDIbmTYPVulnerability
8.4
CVSS v3.1
92
Edit Score
2026-04-08
2026-04-08 01:16Z
HIGH

CVE-2026-3357 — Langflow Langflow: IBM Langflow Desktop 1.6.0 through 1.8.2 Langflow could allow an authenticated user to execute

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-3357

IBM Langflow Desktop 1.6.0 through 1.8.2 Langflow could allow an authenticated user to execute arbitrary code on the system, caused by an insecure default setting which permits the deserialization of untrusted data in the FAISS component. CVSSv3.1 8.8 (HIGH)

CWECWE 502VNDIbmVNDLangflowTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-08
2026-04-08 01:16Z
CRIT

CVE-2026-1346 — Ibm Security_verify_access: Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-1346

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow a locally authenticated user to escalate their privileges to root due to execution with unnecessary privileges than required. CVSSv3.1 9.3 (CRITICAL)

CWECWE 250VNDIbmTYPVulnerability
9.3
CVSS v3.1
97
Edit Score
728 × 90 / responsive · programmatic ad slot
2026-04-08
2026-04-08 00:16Z
HIGH

CVE-2026-1342 — Ibm Security_verify_access: Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-1342

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow a locally authenticated user to execute malicious scripts from outside of its control sphere. CVSSv3.1 8.5 (HIGH)

CWECWE 829VNDIbmTYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2026-04-07
2026-04-07 23:15Z
INFO

v9.0.0-rc2

BloodHound releases·github.com

BloodHound v9.0.0-rc2 released with bug fixes and feature additions including query space handling, user-agent parsing correction, DAWGS dependency bump, and new Azure ingestion support for AZContributor on management groups, resource groups, and subscriptions.

SRFApplicationVNDSpecter OpsTYPToolSTGRecon
35
Edit Score
2026-04-07
2026-04-07 22:16Z
CRIT

CVE-2026-39847 — Emmett: From 2.5.0 to before 2.8.1, the RSGI static handler for Emmett's internal assets (/__emmett__

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-39847

Emmett is a full-stack Python web framework designed with simplicity. From 2.5.0 to before 2.8.1, the RSGI static handler for Emmett's internal assets (/__emmett__ paths) is vulnerable to path traversal attacks. An attacker can use ../ sequences (eg /__emmett__/../rsgi/handlers.py) to read arbitrary files outside the assets directory. This vulnerability is fixed in 2.8.1. CVSSv3.1 9.1 (CRITICAL)

CWECWE 22VNDEmmettTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2026-04-07
2026-04-07 22:16Z
CRIT

CVE-2026-39846 — SiYuan: Prior to 3.6.4, a malicious note synced to another user can trigger remote code

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-39846

SiYuan is a personal knowledge management system. Prior to 3.6.4, a malicious note synced to another user can trigger remote code execution in the SiYuan Electron desktop client. The root cause is that table caption content is stored without safe escaping and later unescaped into rendered HTML, creating a stored XSS sink. Because the desktop renderer runs with nodeIntegration enabled and contextIsolation disabled, attacker-controlled JavaScript executes with access to Node.js CVSSv3.1 9.0 (CRITICAL)

CWECWE 94CWECWE 79VNDSiyuanTYPVulnerability
9.0
CVSS v3.1
95
Edit Score
2026-04-07
2026-04-07 22:16Z
CRIT

CVE-2026-34582 — Botan_project Botan: Prior to version 3.11.1, the TLS 1.3 implementation allowed ApplicationData records to be processed

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-34582

Botan is a C++ cryptography library. Prior to version 3.11.1, the TLS 1.3 implementation allowed ApplicationData records to be processed prior to the Finished message being received. A server which is attempting to enforce client authentication via certificates can by bypassed by a client which entirely omits Certificate, CertificateVerify, and the Finished message and instead sends application data records. This vulnerability is fixed in 3.11.1. CVSSv3.1 9.1 (CRITICAL)

CWECWE 841CWECWE 166VNDBotan ProjectVNDBotanTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2026-04-07
2026-04-07 22:16Z
CRIT

CVE-2026-34078 — Flatpak Flatpak: Prior to 1.16.4, the Flatpak portal accepts paths in the sandbox-expose options which can

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-34078

Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the Flatpak portal accepts paths in the sandbox-expose options which can be app-controlled symlinks pointing at arbitrary paths. Flatpak run mounts the resolved host path in the sandbox. This gives apps access to all host files and can be used as a primitive to gain code execution in the host context. This vulnerability is fixed in 1.16.4. CVSSv3.1 10.0 (CRITICAL) · EPSS 13th percentile

CWECWE 61VNDFlatpakTYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2026-04-07
2026-04-07 22:16Z
CRIT

CVE-2026-31789 — Openssl Openssl: Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-31789

Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bit platforms. Impact summary: A heap buffer overflow may lead to a crash or possibly an attacker controlled code execution or other undefined behavior. If an attacker can supply a crafted X.509 certificate with an excessively large OCTET STRING value in extensions such as the Subject Key Identifier (SKID) or Authority Key Identifier (AKID) which a CVSSv3.1 9.8 (CRITICAL)

CWECWE 787VNDOpensslTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-07
2026-04-07 22:16Z
HIGH

CVE-2026-28387 — Openssl Openssl: Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-28387

Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of potential consequences such as the corruption of valid data, crashes or execution of arbitrary code. However, the issue only affects clients that make use of TLSA records with both the PKIX-TA(0/PKIX-E CVSSv3.1 8.1 (HIGH)

CWECWE 416VNDOpensslTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-04-07
2026-04-07 22:16Z
HIGH

CVE-2026-28386 — Openssl Openssl: Issue summary: Applications using AES-CFB128 encryption or decryption on systems with AVX-512 and VAES

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-28386

Issue summary: Applications using AES-CFB128 encryption or decryption on systems with AVX-512 and VAES support can trigger an out-of-bounds read of up to 15 bytes when processing partial cipher blocks. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application if the input buffer ends at a memory page boundary and the following page is unmapped. There is no information disclosure as the over-read bytes are not written to o CVSSv3.1 7.5 (HIGH) · EPSS 15th percentile

CWECWE 125VNDOpensslTYPVulnerability
7.5
CVSS v3.1
88
Edit Score
2026-04-07
2026-04-07 21:17Z
CRIT

CVE-2026-39397 — PayloadCMS: @delmaredigital/payload-puck is a PayloadCMS plugin for integrating Puck visual page builder.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-39397

@delmaredigital/payload-puck is a PayloadCMS plugin for integrating Puck visual page builder. Prior to 0.6.23, all /api/puck/* CRUD endpoint handlers registered by createPuckPlugin() called Payload's local API with the default overrideAccess: true, bypassing all collection-level access control. The access option passed to createPuckPlugin() and any access rules defined on Puck-registered collections were silently ignored on these endpoints. This vulnerability is fixed in 0.6. CVSSv3.1 9.4 (CRITICAL)

CWECWE 862VNDPayloadcmsTYPVulnerability
9.4
CVSS v3.1
97
Edit Score
2026-04-07
2026-04-07 21:17Z
HIGH

CVE-2026-34045 — Podman: Prior to 1.26.2, an unauthenticated HTTP server exposed by Podman Desktop allows any network

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-34045

Podman Desktop is a graphical tool for developing on containers and Kubernetes. Prior to 1.26.2, an unauthenticated HTTP server exposed by Podman Desktop allows any network attacker to remotely trigger denial-of-service conditions and extract sensitive information. By abusing missing connection limits and timeouts, an attacker can exhaust file descriptors and kernel memory, leading to application crash or full host freeze. Additionally, verbose error responses disclose intern CVSSv3.1 8.2 (HIGH)

CWECWE 284CWECWE 209CWECWE 400VNDPodmanTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2026-04-07
2026-04-07 20:16Z
HIGH

CVE-2026-39371 — Rwsdk Redwoodsdk: In cookie-authenticated applications, this allowed cross-site GET navigations to trigger state-changing functions, because browsers

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-39371

RedwoodSDK is a server-first React framework. From 1.0.0-beta.50 to 1.0.5, erver functions exported from "use server" files could be invoked via GET requests, bypassing their intended HTTP method. In cookie-authenticated applications, this allowed cross-site GET navigations to trigger state-changing functions, because browsers send SameSite=Lax cookies on top-level GET requests. This affected all server functions -- both serverAction() handlers and bare exported functions in CVSSv3.1 8.1 (HIGH) · EPSS 0th percentile

CWECWE 352VNDRedwoodsdkVNDRwsdkTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-04-07
2026-04-07 20:16Z
HIGH

CVE-2026-39322 — Polarlearn Polarlearn: In 0-PRERELEASE-15 and earlier, POST /api/v1/auth/sign-in creates a valid session for banned accounts before

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-39322

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, POST /api/v1/auth/sign-in creates a valid session for banned accounts before verifying the supplied password. That session is then accepted across authenticated /api routes, enabling account data access and authenticated actions as the banned user. CVSSv3.1 8.8 (HIGH)

CWECWE 287VNDPolarlearnTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-07
2026-04-07 20:16Z
CRIT

CVE-2025-69515 — JXL: An issue in JXL 9 Inch Car Android Double Din Player Android v12.0 allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-69515

An issue in JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to force the infotainment system into accepting falsified GPS signals as legitimate, resulting in the device reporting an incorrect or static location. CVSSv3.1 9.1 (CRITICAL)

CWECWE 941VNDJxlTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2026-04-07
2026-04-07 19:32Z
CRIT

10 Minutes with Claude: Remote Code Execution in Apache ActiveMQ (CVE-2026-34197)

CVE-2026-34197 is a critical RCE in Apache ActiveMQ Classic that chains the Jolokia API, network connector functionality, and VM transport to force remote Spring XML configuration loading and arbitrary code execution. The vulnerability requires authentication (default admin:admin credentials are common), but becomes unauthenticated on versions 6.0.0–6.1.1 due to CVE-2024-32114. Patches are available in ActiveMQ 5.19.4 and 6.2.3.

SRFApplicationTACTA0002SRFNetworkTACTA0003VNDApacheVNDActivemqTYPWriteupTYPExploit
8.8
CVSS v3.1
92
Edit Score
2026-04-07
2026-04-07 19:30Z
CRIT

CVE-2026-34197 — Apache-activemq: The vulnerability affects versions before 5.19.4 and 6.0.0 before 6.2.3, and becomes

Horizon3.ai·horizon3.aiCVE-2026-34197CVE-2024-32114

CVE-2026-34197 is an authenticated remote code execution vulnerability in Apache ActiveMQ Classic's Jolokia JMX-HTTP bridge that allows attackers to inject malicious Spring XML configurations via crafted URIs to broker management operations (addNetworkConnector, addConnector). The vulnerability affects versions before 5.19.4 and 6.0.0 before 6.2.3, and becomes unauthenticated RCE when combined with CVE-2024-32114. Apache released patches on March 30, 2026, with public disclosure on April 7, 2026.

SRFApplicationTACTA0002SRFWebTACTA0003VNDApache ActivemqTYPExploitTYPVulnerabilitySTGExecution
8.8
CVSS v3.1
92
Edit Score
2026-04-07
2026-04-07 19:16Z
CRIT

CVE-2026-39355 — Kreaweb Genealogy: Prior to 5.9.1, a critical broken access control vulnerability in the genealogy application allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-39355

Genealogy is a family tree PHP application. Prior to 5.9.1, a critical broken access control vulnerability in the genealogy application allows any authenticated user to transfer ownership of arbitrary non-personal teams to themselves. This enables complete takeover of other users’ team workspaces and unrestricted access to all genealogy data associated with the compromised team. This vulnerability is fixed in 5.9.1. CVSSv3.1 9.9 (CRITICAL)

CWECWE 862VNDKreawebVNDGenealogyTYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2026-04-07
2026-04-07 19:16Z
CRIT

CVE-2026-39351 — Frappe Frappe: Prior to 16.14.0 and 15.104.0, Frappe allows unrestricted Doctype access via API exploit.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-39351

Frappe is a full-stack web application framework. Prior to 16.14.0 and 15.104.0, Frappe allows unrestricted Doctype access via API exploit. CVSSv3.1 9.1 (CRITICAL)

CWECWE 862VNDFrappeTYPVulnerability
9.1
CVSS v3.1
96
Edit Score