| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-42192 | Plunk: Stored XSS in campaign view | useplunk | plunk | Medium | 5.4 | 2026-05-08 21:13:25 | Deep Dive |
| CVE-2026-42193 | Plunk: SNS webhook forgery | useplunk | plunk | Critical | 9.1 | 2026-05-08 21:12:26 | Deep Dive |
| CVE-2026-44400 | MailEnable Enterprise Premium < 10.55 Authorization Bypass via WebAdmin | MailEnable | MailEnable Enterprise Premium | High | 8.1 | 2026-05-08 20:22:44 | Deep Dive |
| CVE-2026-7807 | SmarterTools SmarterMail < Build 9560 Server Local File Inclusion via the /api/v1/report/summary/{type} API | SmarterTools Inc. | SmarterMail | High | 8.1 | 2026-05-08 19:54:33 | Deep Dive |
| CVE-2026-42189 | Russh: Pre-auth DoS via unbounded allocation in keyboard-interactive auth | Eugeny | russh | High | 7.5 | 2026-05-08 19:49:51 | Deep Dive |
| CVE-2026-42160 | Data Space Portal: Incorrect Authorization and Client-Side Enforcement of Server-Side Security in ghcr.io/sovity/ds-portal-ce-backend | sovity | dataspace-portal | - | - | 2026-05-08 19:47:00 | Deep Dive |
| CVE-2026-42190 | RedwoodSDK: Same-site CSRF in in server actions | redwoodjs | sdk | Medium | 5.3 | 2026-05-08 19:35:18 | Deep Dive |
| CVE-2026-42180 | Lemmy: SSRF in /api/v3/post via Webmention dispatch | LemmyNet | lemmy | Medium | 6.3 | 2026-05-08 19:29:04 | Deep Dive |
| CVE-2026-42181 | Lemmy: SSRF and internal image disclosure in post link metadata via unvalidated og:image | LemmyNet | lemmy | Medium | 6.5 | 2026-05-08 19:26:08 | Deep Dive |
| CVE-2026-42185 | People: Privilege Escalation via Missing Role Ceiling in Mail Domain Invitation | suitenumerique | people | Medium | 5.5 | 2026-05-08 19:23:01 | Deep Dive |
| CVE-2026-42176 | Scoold: Persistent Admin Takeover by Overwriting the admins Configuration Setting via Forged JWT (missing `jti` validation) | Erudika | scoold | Medium | 6.7 | 2026-05-08 19:16:36 | Deep Dive |
| CVE-2026-44694 | n8n-MCP: Authenticated SSRF in n8n-mcp webhook and API client paths | czlonkowski | n8n-mcp | - | - | 2026-05-08 19:12:05 | Deep Dive |
| CVE-2026-42282 | n8n-MCP: Sensitive MCP tool-call arguments logged on authenticated requests in HTTP mode | czlonkowski | n8n-mcp | Medium | 4.3 | 2026-05-08 19:07:14 | Deep Dive |
| CVE-2026-41495 | n8n-MCP Logs Sensitive Request Data on Unauthorized /mcp Requests | czlonkowski | n8n-mcp | Medium | 5.3 | 2026-05-08 18:58:25 | Deep Dive |
| CVE-2026-41511 | OpenMcdf has an Infinite loop DoS via crafted CFB directory cycle | ironfede | openmcdf | Medium | 6.2 | 2026-05-08 18:52:39 | Deep Dive |
| CVE-2026-29202 | cPanel 输入验证错误漏洞 | WebPros | cPanel | - | - | 2026-05-08 18:51:06 | Deep Dive |
| CVE-2026-29203 | cPanel 安全漏洞 | WebPros | cPanel | - | - | 2026-05-08 18:51:06 | Deep Dive |
| CVE-2026-29201 | cPanel 输入验证错误漏洞 | WebPros | cPanel | - | - | 2026-05-08 18:51:06 | Deep Dive |
| CVE-2026-8178 | Remote Code Execution via Unsafe Class Loading in Amazon Redshift JDBC Driver | Amazon | Amazon Redshift JDBC Driver | High | 8.1 | 2026-05-08 18:36:47 | Deep Dive |
| CVE-2026-6659 | Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts | RSAVAGE | Crypt::PasswdMD5 | - | - | 2026-05-08 17:17:01 | Deep Dive |