| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-44497 | ZEBRA: Consensus Divergence in Transparent Sighash Hash-Type Handling due to Stale Buffer | ZcashFoundation | zebra | - | - | 2026-05-08 15:08:09 | Deep Dive |
| CVE-2026-41585 | ZEBRA: Denial of Service via Interrupted JSON-RPC Requests from Authenticated Clients | ZcashFoundation | zebra | - | - | 2026-05-08 15:06:15 | Deep Dive |
| CVE-2026-41584 | ZEBRA: rk Identity Point Panic in Transaction Verification | ZcashFoundation | zebra | - | - | 2026-05-08 15:05:06 | Deep Dive |
| CVE-2026-41583 | ZEBRA: Consensus Divergence in Transparent Sighash Hash-Type Handling | ZcashFoundation | zebra | - | - | 2026-05-08 14:55:50 | Deep Dive |
| CVE-2026-41588 | RELATE: Timing Attack Vulnerability in course/auth.py — check_sign_in_key() | inducer | relate | Critical | 9.0 | 2026-05-08 14:51:05 | Deep Dive |
| CVE-2026-41576 | Ajax30/BraveCMS-2.0: Stored HTML Injection in Contact Email via nl2br() and Unescaped Blade Template | Ajax30 | BraveCMS-2.0 | High | 7.1 | 2026-05-08 14:50:41 | Deep Dive |
| CVE-2026-41524 | Ajax30/BraveCMS-2.0: Stored XSS in Page / Article Content | Ajax30 | BraveCMS-2.0 | High | 8.7 | 2026-05-08 14:50:26 | Deep Dive |
| CVE-2026-41575 | th30d4y/IP: DOM-Based Cross-Site Scripting (XSS) Vulnerability | th30d4y | IP | Medium | 6.1 | 2026-05-08 14:42:24 | Deep Dive |
| CVE-2026-41574 | Nhost Vulnerable to Account Takeover via OAuth Email Verification Bypass | nhost | nhost | - | - | 2026-05-08 14:40:12 | Deep Dive |
| CVE-2026-41570 | PHPUnit: Argument injection via newline in PHP INI values forwarded to child processes | sebastianbergmann | phpunit | High | 7.8 | 2026-05-08 14:33:52 | Deep Dive |
| CVE-2026-41308 | Password Pusher: JSON API `/p.json` file upload alias bypasses file-push authentication | pglombardo | PasswordPusher | Medium | 6.5 | 2026-05-08 14:30:38 | Deep Dive |
| CVE-2026-41487 | Langfuse: Improper role-based-access control in Langfuse LLM connection management allowed users of role “member” to retrieve stored LLM provider API keys | langfuse | langfuse | - | - | 2026-05-08 14:27:49 | Deep Dive |
| CVE-2026-43475 | scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT | Linux | Linux | - | - | 2026-05-08 14:22:34 | Deep Dive |
| CVE-2026-43474 | fs: init flags_valid before calling vfs_fileattr_get | Linux | Linux | - | - | 2026-05-08 14:22:33 | Deep Dive |
| CVE-2026-43473 | scsi: mpi3mr: Add NULL checks when resetting request and reply queues | Linux | Linux | - | - | 2026-05-08 14:22:32 | Deep Dive |
| CVE-2026-43472 | unshare: fix unshare_fs() handling | Linux | Linux | - | - | 2026-05-08 14:22:32 | Deep Dive |
| CVE-2026-43471 | scsi: ufs: core: Fix possible NULL pointer dereference in ufshcd_add_command_trace() | Linux | Linux | - | - | 2026-05-08 14:22:31 | Deep Dive |
| CVE-2026-43470 | nfs: return EISDIR on nfs3_proc_create if d_alias is a dir | Linux | Linux | - | - | 2026-05-08 14:22:30 | Deep Dive |
| CVE-2026-43469 | xprtrdma: Decrement re_receiving on the early exit paths | Linux | Linux | High | 7.5 | 2026-05-08 14:22:30 | Deep Dive |
| CVE-2026-43468 | net/mlx5: Fix deadlock between devlink lock and esw->wq | Linux | Linux | - | - | 2026-05-08 14:22:29 | Deep Dive |