Threat intel

What's happening in cyber, in plain English

We pull from NCSC, CISA, Have I Been Pwned and the NVD every six hours, then summarise each item into what it is, who it affects, and what you can do about it.

SeverityAll Critical High Medium Low Info

KindAll Alert Data breach Vulnerability Advisory Report

SourceAll CISA — Known Exploited Vulnerabilities (1583)NVD — high/critical CVEs (rolling 7d) (1233)Have I Been Pwned — public breach catalog (973)Microsoft MSRC — security update guide (99)Cisco PSIRT — security advisories (52)CISA — cybersecurity advisories (40)FCA — UK unauthorised firms & scam warnings (36)NCSC — news & alerts (15)NCSC — weekly threat report (0)ICO — UK data-breach trends (manual) (0)Action Fraud — UK fraud and cybercrime alerts (0)

HighAdvisoryCisco PSIRT — security advisories· 24 Apr 2026· summary pending
Cisco ACI Multi-Site CloudSec Encryption Information Disclosure Vulnerability
A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, remote attacker to read or modify intersite encrypted traffic. This vulnerability is due to an issue
HighCVENVD — high/critical CVEs (rolling 7d)· 24 Apr 2026· summary pending
CVE-2026-5364 — The Drag and Drop File Upload for Contact Form 7 plugin for WordPress is vulner…
The Drag and Drop File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions up to, and including, 1.1.3. This is due to the plugin extracting the file extension before sanitization occurs and allowing the file type
HighCVENVD — high/critical CVEs (rolling 7d)· 24 Apr 2026· summary pending
CVE-2026-6947 — DWM-222W USB Wi-Fi Adapter developed by D-Link has a Brute-Force Protection Byp…
DWM-222W USB Wi-Fi Adapter developed by D-Link has a Brute-Force Protection Bypass vulnerability, allowing unauthenticated adjacent network attackers to bypass login attempt limits to perform brute-force attacks to gain control over the device.
HighCVENVD — high/critical CVEs (rolling 7d)· 23 Apr 2026· summary pending
CVE-2026-41361 — OpenClaw before 2026.3.28 contains an SSRF guard bypass vulnerability that fail…
OpenClaw before 2026.3.28 contains an SSRF guard bypass vulnerability that fails to block four IPv6 special-use ranges. Attackers can exploit this by crafting URLs targeting internal or non-routable IPv6 addresses to bypass SSRF protections.
HighCVENVD — high/critical CVEs (rolling 7d)· 23 Apr 2026· summary pending
CVE-2026-41359 — OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowin…
OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissions to access admin-class Telegram configuration and cron persistence settings via the send endpoint. Attackers with operator.write cred
HighCVENVD — high/critical CVEs (rolling 7d)· 23 Apr 2026· summary pending
CVE-2026-41355 — OpenShell before 2026.3.28 contains an arbitrary code execution vulnerability i…
OpenShell before 2026.3.28 contains an arbitrary code execution vulnerability in mirror mode that converts untrusted sandbox files into workspace hooks. Attackers with mirror mode access can execute arbitrary code on the host during gateway startup by exploiti
HighCVENVD — high/critical CVEs (rolling 7d)· 23 Apr 2026· summary pending
CVE-2026-41353 — OpenClaw before 2026.3.22 contains an access control bypass vulnerability in th…
OpenClaw before 2026.3.22 contains an access control bypass vulnerability in the allowProfiles feature that allows attackers to circumvent profile restrictions through persistent profile mutation and runtime profile selection. Remote attackers can exploit this
HighCVENVD — high/critical CVEs (rolling 7d)· 23 Apr 2026· summary pending
CVE-2026-41352 — OpenClaw before 2026.3.31 contains a remote code execution vulnerability where…
OpenClaw before 2026.3.31 contains a remote code execution vulnerability where a device-paired node can bypass the node scope gate authentication mechanism. Attackers with device pairing credentials can execute arbitrary node commands on the host system withou
HighCVENVD — high/critical CVEs (rolling 7d)· 23 Apr 2026· summary pending
CVE-2026-41349 — OpenClaw before 2026.3.28 contains an agentic consent bypass vulnerability allo…
OpenClaw before 2026.3.28 contains an agentic consent bypass vulnerability allowing LLM agents to silently disable execution approval via config.patch parameter. Remote attackers can exploit this to bypass security controls and execute unauthorized operations
HighCVENVD — high/critical CVEs (rolling 7d)· 23 Apr 2026· summary pending
CVE-2026-41347 — OpenClaw before 2026.3.31 lacks browser-origin validation in HTTP operator endp…
OpenClaw before 2026.3.31 lacks browser-origin validation in HTTP operator endpoints when operating in trusted-proxy mode, allowing cross-site request forgery attacks. Attackers can exploit this by sending malicious requests from a browser in trusted-proxy dep
HighCVENVD — high/critical CVEs (rolling 7d)· 23 Apr 2026· summary pending
CVE-2026-41342 — OpenClaw before 2026.3.28 contains an authentication bypass vulnerability in th…
OpenClaw before 2026.3.28 contains an authentication bypass vulnerability in the remote onboarding component that persists unauthenticated discovery endpoints without explicit trust confirmation. Attackers can spoof discovery endpoints to redirect onboarding t
HighCVENVD — high/critical CVEs (rolling 7d)· 23 Apr 2026· summary pending
CVE-2026-41336 — OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAW_…
OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAW_BUNDLED_HOOKS_DIR environment variable, enabling loading of attacker-controlled hook code. Attackers can replace trusted default-on bundled hooks from untrusted workspaces to execut
HighCVENVD — high/critical CVEs (rolling 7d)· 23 Apr 2026· summary pending
CVE-2026-32172 — Uncontrolled search path element in Microsoft Power Apps allows an unauthorized…
Uncontrolled search path element in Microsoft Power Apps allows an unauthorized attacker to execute code over a network.
HighCVENVD — high/critical CVEs (rolling 7d)· 23 Apr 2026· summary pending
CVE-2026-26150 — Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized…
Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.
HighCVENVD — high/critical CVEs (rolling 7d)· 23 Apr 2026· summary pending
CVE-2026-6940 — radare2 prior to 6.1.4 contains a path traversal vulnerability in project delet…
radare2 prior to 6.1.4 contains a path traversal vulnerability in project deletion that allows local attackers to recursively delete arbitrary directories by supplying absolute paths that escape the configured dir.projects root directory. Attackers can craft a
HighCVENVD — high/critical CVEs (rolling 7d)· 23 Apr 2026· summary pending
CVE-2026-41279 — Flowise is a drag & drop user interface to build a customized large language mo…
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the text-to-speech generation endpoint (POST /api/v1/text-to-speech/generate) is whitelisted (no auth) and accepts a credentialId directly in the request b
HighCVENVD — high/critical CVEs (rolling 7d)· 23 Apr 2026· summary pending
CVE-2026-41278 — Flowise is a drag & drop user interface to build a customized large language mo…
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GET /api/v1/public-chatflows/:id endpoint returns the full chatflow object without sanitization for public chatflows. Docker validation revealed this i
HighCVENVD — high/critical CVEs (rolling 7d)· 23 Apr 2026· summary pending
CVE-2026-41277 — Flowise is a drag & drop user interface to build a customized large language mo…
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Mass Assignment vulnerability in the DocumentStore creation endpoint allows authenticated users to control the primary key (id) and internal state fields
HighCVENVD — high/critical CVEs (rolling 7d)· 23 Apr 2026· summary pending
CVE-2026-41275 — Flowise is a drag & drop user interface to build a customized large language mo…
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the password reset functionality on cloud.flowiseai.com sends a reset password link over the unsecured HTTP protocol instead of HTTPS. This behavior introd
HighCVENVD — high/critical CVEs (rolling 7d)· 23 Apr 2026· summary pending
CVE-2026-41273 — Flowise is a drag & drop user interface to build a customized large language mo…
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise contains an authentication bypass vulnerability that allows an unauthenticated attacker to obtain OAuth 2.0 access tokens associated with a public
HighCVENVD — high/critical CVEs (rolling 7d)· 23 Apr 2026· summary pending
CVE-2026-41271 — Flowise is a drag & drop user interface to build a customized large language mo…
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side Request Forgery (SSRF) vulnerability exists in FlowiseAI's POST/GET API Chain components that allows unauthenticated attackers to force the s
HighCVENVD — high/critical CVEs (rolling 7d)· 23 Apr 2026· summary pending
CVE-2026-41270 — Flowise is a drag & drop user interface to build a customized large language mo…
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side Request Forgery (SSRF) protection bypass vulnerability exists in the Custom Function feature. While the application implements SSRF protectio
HighCVENVD — high/critical CVEs (rolling 7d)· 23 Apr 2026· summary pending
CVE-2026-41269 — Flowise is a drag & drop user interface to build a customized large language mo…
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the Chatflow configuration file upload settings can be modified to allow the application/javascript MIME type. This lets an attacker upload .js files even
HighCVENVD — high/critical CVEs (rolling 7d)· 23 Apr 2026· summary pending
CVE-2026-41266 — Flowise is a drag & drop user interface to build a customized large language mo…
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, /api/v1/public-chatbotConfig/:id ep exposes sensitive data including API keys, HTTP authorization headers and internal configuration without any authentica
HighCVENVD — high/critical CVEs (rolling 7d)· 23 Apr 2026· summary pending
CVE-2026-41138 — Flowise is a drag & drop user interface to build a customized large language mo…
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, there is a remote code execution vulnerability in AirtableAgent.ts caused by lack of input verification when using Pandas. The user’s input is directly app
HighCVENVD — high/critical CVEs (rolling 7d)· 23 Apr 2026· summary pending
CVE-2026-41137 — Flowise is a drag & drop user interface to build a customized large language mo…
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, The CSVAgent allows providing a custom Pandas CSV read code. Due to lack of sanitization, an attacker can provide a command injection payload that will get
HighCVENVD — high/critical CVEs (rolling 7d)· 23 Apr 2026· summary pending
CVE-2026-34003 — A flaw was found in the X.Org X server's XKB key types request validation. A lo…
A flaw was found in the X.Org X server's XKB key types request validation. A local attacker could send a specially crafted request to the X server, leading to an out-of-bounds memory access vulnerability. This could result in the disclosure of sensitive inform
HighCVENVD — high/critical CVEs (rolling 7d)· 23 Apr 2026· summary pending
CVE-2026-34001 — A flaw was found in the X.Org X server. This use-after-free vulnerability occur…
A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence() function. An attacker with access to the X11 server can exploit this without user interaction, le
HighCVENVD — high/critical CVEs (rolling 7d)· 23 Apr 2026· summary pending
CVE-2026-33999 — A flaw was found in the X.Org X server. This integer underflow vulnerability, s…
A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violati
HighCVENVD — high/critical CVEs (rolling 7d)· 23 Apr 2026· summary pending
CVE-2026-41461 — SocialEngine versions 7.8.0 and prior contain a blind server-side request forge…
SocialEngine versions 7.8.0 and prior contain a blind server-side request forgery vulnerability in the /core/link/preview endpoint where user-supplied input passed via the uri request parameter is not sanitized before being used to construct outbound HTTP requ

Sources are pulled directly from each provider's public feed and never modified. AI summaries are produced for plain-English readability and are clearly labelled — always follow the source link for the authoritative advisory.