ScanForge Security Digest 2618-01

April 28, 2026200 items

24 critical66 high10 news

This week saw moderate vulnerability activity with 24 critical CVEs and 66 high-severity issues reported, though no new actively exploited vulnerabilities were added to CISA's catalog. Notable threats include a remote code execution vulnerability in the widely-used llama.cpp library, SQL injection flaws in Saltcorn database applications, and web shell upload capabilities in 7oroof Medcity systems—all requiring prompt patching. Recent security news highlights an uptick in supply chain attacks through legitimate repositories, account takeover campaigns targeting financial platforms, and continued exploitation of cloud infrastructure, indicating threat actors are diversifying tactics beyond traditional vulnerability exploitation. Organizations should prioritize patching the identified critical CVEs affecting their deployed infrastructure, enforce strict code review practices for open-source dependencies, and implement enhanced monitoring for suspicious account activities and cloud access patterns. The absence of KEV entries this period provides a brief window to address known critical risks before active exploitation becomes widespread.

Critical

10.0 Unrestricted Upload of File with Dangerous Type vulnerabilit 2 CVEs

CVE-2025-58963, CVE-2025-52758

10.0 llama.cpp provides LLM inference in C/C++. The unsafe `data` pointer member in the `rpc_tensor` stru CVE-2024-42479

9.9 Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.6, 1.5.6, CVE-2026-41478

9.9 Improper Control of Generation of Code ('Code Injection') vu 2 CVEs

CVE-2025-32222, CVE-2025-47588

9.8 Dgraph 3 CVEs

CVE-2026-41492, CVE-2026-40173, CVE-2026-41328

9.8 Vulnerability in the Oracle Advanced Inbound Telephony product of Oracle E-Business Suite (component CVE-2026-34275

9.8 Deserialization of Untrusted Data vulnerability in themesflat TF Woo Product Grid Addon For Elemento CVE-2025-59007

9.8 Deserialization of Untrusted Data vulnerability in wpinstinct WooCommerce Vehicle Parts Finder woo-v CVE-2025-49380

9.3 An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVis CVE-2026-42363

9.3 Xerte Online Toolkits versions 3.15 and earlier contain an incomplete input validation vulnerability CVE-2026-34415

9.3 Improper Neutralization of Special Elements used in an SQL C 4 CVEs

CVE-2025-52773, CVE-2025-59557, CVE-2025-49931, CVE-2025-49915

9.3 The Web GUI configuration panel of Hirsch (formerly Identiv and Viscount) Enterphone MESH through 20 CVE-2025-26793

High Severity

8.9 A security flaw 2 CVEs CVE-2026-7037, CVE-2026-7069

8.8 The Highland Software Custom Role Manager plugin for WordPress is vulnerable to CVE-2026-7106

8.8 CyberPanel versions prior to 2.4.4 contain an authentication bypass vulnerabilit CVE-2026-41473

8.8 arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ES CVE-2026-41429

8.8 SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, S CVE-2026-41421

8.8 Improper Input Validation, Improper Control of Generation of Code ('Code Injecti CVE-2026-40466

8.8 Actual is a local-first personal finance tool. Prior to version 26.4.0, any auth CVE-2026-33318

8.8 Xerte Online Toolkits versions 3.15 and earlier contain a missing authentication CVE-2026-34413

8.8 Composer 2 CVEs CVE-2026-40261, CVE-2026-40176

8.8 Deserialization of Untrusted Data vulnerability in NooTheme WeMusic noo-wemusic CVE-2025-53586

+33 more products affected

Security News

Robinhood account creation flaw abused to send phishing emails Bleeping Computer

Online trading platform Robinhood's account creation process was exploited by threat actors to inject phishing messages

GlassWorm malware attacks return via 73 OpenVSX "sleeper" extensions Bleeping Computer

A new wave of the Glassworm campaign is targeting the OpenVSX ecosystem with 73 "sleeper" extensions that turn malicious

UNC6692 Combines Social Engineering, Malware, Cloud Abuse Dark Reading

A newly discovered threat actor is using Microsoft Teams, AWS S3 buckets, and custom "Snow" malware in a multipronged ca

Canada arrests three for operating “SMS blaster” device in Toronto Bleeping Computer

Canadian authorities have arrested three men for operating an "SMS blaster" device that pretends to be a cellular tower

Alleged Silk Typhoon hacker extradited to US for cyberespionage Bleeping Computer

A Chinese national accused of carrying out cyberespionage operations for China's intelligence services has been extradit

FTC: Americans lost over $2.1 billion to social media scams in 2025 Bleeping Computer

The U.S. Federal Trade Commission (FTC) warned of a massive increase in losses from social media scams since 2020, excee

Unpatched 'PhantomRPC' Flaw in Windows Enables Privilege Escalation Dark Reading

A researcher discovered five different exploit paths that stem from an architectural weakness in how Windows' Remote Pro

PyPI package with 1.1M monthly downloads hacked to push infostealer Bleeping Computer

An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensi