CVE-2026-6859: A flaw was found Vulnerability - Sherlock
A flaw was found vulnerability (CVE-2026-6859) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
Weekly Roundup
Security Roundup: April 17 to April 24, 2026
Weekly cybersecurity vulnerability roundup from Sherlock Forensics. 43 critical and high-severity CVEs analyzed from April 17 to April 24, 2026 with impact assessment and remediation guidance.
43 Vulnerabilities This Week
Critical findings
CVE-2026-5935: IBM Total Storage Service Remote code
IBM Total Storage Service remote code execution (CVE-2026-5935) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-41468: Beghelli Sicuro24 SicuroWeb embeds
Beghelli Sicuro24 SicuroWeb embeds vulnerability (CVE-2026-41468) scores CVSS 8.7 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-3621: IBM WebSphere Application Server
IBM WebSphere Application Server vulnerability (CVE-2026-3621) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-41455: WeKan before 8.35 server-side request
WeKan before 8.35 server-side request vulnerability (CVE-2026-41455) scores CVSS 8.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-41454: WeKan before 8.35 missing authorization
WeKan before 8.35 missing authorization vulnerability (CVE-2026-41454) scores CVSS 8.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-6832: Hermes WebUI Directory Traversal CVSS 8.1 HIGH
Hermes WebUI directory traversal (CVE-2026-6832) scores CVSS 8.1 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-40520: FreePBX RCE CVSS 7.2 HIGH
FreePBX API module remote code execution (CVE-2026-40520) scores CVSS 7.2 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-34282: Oracle Denial of Service CVSS 7.5 HIGH
Oracle denial of service vulnerability (CVE-2026-34282) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-4132: HTTP Headers Plugin RCE CVSS 7.2 HIGH
HTTP Headers plugin remote code execution (CVE-2026-4132) scores CVSS 7.2 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-33519: Incorrect Authorization CVSS 9.8 CRITICAL
Incorrect authorization vulnerability (CVE-2026-33519) scores CVSS 9.8 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-34305: Oracle CVSS 7.5 HIGH
Oracle vulnerability (CVE-2026-34305) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-34292: Oracle CVSS 7.2 HIGH
Oracle vulnerability (CVE-2026-34292) scores CVSS 7.2 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-22016: Oracle CVSS 7.5 HIGH
Oracle vulnerability (CVE-2026-22016) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-5478: The Everest Forms plugin File read | Sherlock
The Everest Forms plugin file read (CVE-2026-5478) scores CVSS 8.1 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-6631 Analysis: CVSS 8.8 HIGH
A vulnerability was determined buffer overflow (CVE-2026-6631) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-41296: OpenClaw before 2026.3.31 contains File read
OpenClaw before 2026.3.31 contains file read (CVE-2026-41296) scores CVSS 8.2 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-34428: Vvveb prior to 1.0.8.1 contains File read |
Vvveb prior to 1.0.8.1 contains file read (CVE-2026-34428) scores CVSS 7.7 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-6249: Vvveb CMS 1.0.8 contains Remote code executio
Vvveb CMS 1.0.8 contains remote code execution (CVE-2026-6249) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-39918: Vvveb prior to 1.0.8.1 contains Remote code
Vvveb prior to 1.0.8.1 contains remote code execution (CVE-2026-39918) scores CVSS 9.8 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-6662 Analysis: CVSS 7.3 HIGH
A vulnerability was found vulnerability (CVE-2026-6662) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-6635: A security vulnerability has Vulnerability |
A security vulnerability has vulnerability (CVE-2026-6635) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-41297: OpenClaw before 2026.3.31 contains Vulnerabi
OpenClaw before 2026.3.31 contains vulnerability (CVE-2026-41297) scores CVSS 7.6 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-41329: OpenClaw before 2026.3.31 contains Privilege
OpenClaw before 2026.3.31 contains privilege escalation (CVE-2026-41329) scores CVSS 9.9 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-41299: OpenClaw before 2026.3.28 contains Access co
OpenClaw before 2026.3.28 contains access control (CVE-2026-41299) scores CVSS 7.1 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-6248: The wpForo Forum plugin Remote code execution
The wpForo Forum plugin remote code execution (CVE-2026-6248) scores CVSS 8.1 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-6568 Analysis: CVSS 7.3 HIGH
A vulnerability was determined directory traversal (CVE-2026-6568) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-6602 Analysis: CVSS 7.3 HIGH
A vulnerability was found vulnerability (CVE-2026-6602) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-6596 Analysis: CVSS 7.3 HIGH
CVE-2026-6596 scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-5966: ThreatSonar Anti-Ransomware developed by Dire
ThreatSonar Anti-Ransomware developed by directory traversal (CVE-2026-5966) scores CVSS 8.1 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-6581 Analysis: CVSS 8.8 HIGH
A vulnerability was detected buffer overflow (CVE-2026-6581) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-6605 Analysis: CVSS 7.3 HIGH
CVE-2026-6605 scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-6604 Analysis: CVSS 7.3 HIGH
A vulnerability was identified vulnerability (CVE-2026-6604) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-6603 Analysis: CVSS 7.3 HIGH
A vulnerability was determined code injection (CVE-2026-6603) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-6569 Analysis: CVSS 7.3 HIGH
A vulnerability was identified vulnerability (CVE-2026-6569) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-6580: A security vulnerability has Vulnerability |
A security vulnerability has vulnerability (CVE-2026-6580) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-6574 Analysis: CVSS 7.3 HIGH
A vulnerability has been vulnerability (CVE-2026-6574) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-5710 Analysis: CVSS 7.5 HIGH
The Drag and Drop directory traversal (CVE-2026-5710) scores CVSS 7.5 HIGH. Analysis of affected systems, exploitation risk and remediation steps.
CVE-2026-6518 Analysis: CVSS 8.8 HIGH
The CMP – Coming remote code execution (CVE-2026-6518) scores CVSS 8.8 HIGH. Analysis of affected systems, exploitation risk and remediation steps.
CVE-2026-40525: Auth Bypass CVSS 9.1 | Sherlock Forensics
OpenViking prior to commit c7bb167 authentication bypass (CVE-2026-40525) scores CVSS 9.1 CRITICAL. Analysis of affected systems, exploitation risk and.
CVE-2026-40515 Analysis: CVSS 7.5 HIGH
OpenHarness before commit bd4df81 contains vulnerability (CVE-2026-40515) scores CVSS 7.5 HIGH. Analysis of affected systems, exploitation risk and.
CVE-2026-2262 Analysis: CVSS 7.5 HIGH
The Easy Appointments plugin vulnerability (CVE-2026-2262) scores CVSS 7.5 HIGH. Analysis of affected systems, exploitation risk and remediation steps.
CVE-2026-40516 Analysis: CVSS 8.3 HIGH
OpenHarness before commit bd4df81 contains vulnerability (CVE-2026-40516) scores CVSS 8.3 HIGH. Analysis of affected systems, exploitation risk and.