Daily CVE Report: Zero New Vulnerabilities Published, But Medium-Severity Flaws in FreeScout, OpenViking, and Wikimedia Persist

In a notable anomaly, the daily CVE feed for April 8, 2026, reported zero new vulnerabilities published in the preceding 24 hours, despite a persistent backdrop of active, medium-severity flaws in widely used open-source software. This quiet period stands in contrast to the ongoing exposure from existing CVEs, which continue to pose risks to organizational security postures. The highest CVSS score among tracked vulnerabilities remains a critical 10, underscoring the latent threat environment even on a day with no new entries.

The report details three specific medium-severity vulnerabilities currently in circulation. CVE-2026-35584 (CVSS 6.9) affects FreeScout, a popular open-source help desk built on Laravel, where an unauthenticated endpoint could expose conversation data. Similarly, CVE-2026-22680 (CVSS 6.9) impacts OpenViking versions before 0.3.3, allowing unauthorized access to background task metadata due to a missing authorization check. A third entry, CVE-2026-22711 (CVSS 6.9), points to an improper neutralization vulnerability within software from The Wikimedia Foundation, highlighting cross-site scripting risks in a major platform.

This snapshot reveals a critical operational reality for security teams: the absence of new CVEs does not equate to safety. The persistent medium-severity flaws in foundational tools like help desks, task managers, and content platforms represent tangible, unpatched attack vectors. Organizations relying on FreeScout, OpenViking, or affected Wikimedia software must prioritize applying available patches or mitigations. The report signals that vigilance must be maintained against known, exploitable weaknesses, as the threat landscape is defined as much by existing vulnerabilities as by the daily influx of new ones.