| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-56079 | Capgo - Cross-Tenant Authorization Bypass via PostgREST Webhook Access | Capgo | Capgo | Medium | 6.5 | 2026-06-19 21:39:20 | Deep Dive |
| CVE-2026-56080 | Cap-go - Authentication Logic Flaw in Enforce Password Policy | Cap-go | capgo | Medium | 4.9 | 2026-06-19 21:39:20 | Deep Dive |
| CVE-2026-56073🧪 | Cap-go - OTP Bypass via Response Manipulation in Email Verification | Cap-go | capgo | Critical | 9.4 | 2026-06-19 21:39:19 | Deep Dive |
| CVE-2026-47645 | Microsoft 365 Copilot's Business Chat Elevation of Privilege Vulnerability | Microsoft | Microsoft 365 Copilot | High | 8.8 | 2026-06-19 20:29:42 | Deep Dive |
| CVE-2026-48582 | Microsoft Exchange Online Elevation of Privilege Vulnerability | Microsoft | Microsoft Exchange Online | Critical | 9.6 | 2026-06-19 20:29:42 | Deep Dive |
| CVE-2026-50519 | Microsoft Visual Studio Code CoPilot Chat Security Feature Bypass Vulnerability | Microsoft | GitHub Copilot Chat | Medium | 6.5 | 2026-06-19 20:28:35 | Deep Dive |
| CVE-2026-48584 | Microsoft Azure Synapse Elevation of Privilege Vulnerability | Microsoft | Azure Synapse | Critical | 9.9 | 2026-06-19 20:27:48 | Deep Dive |
| CVE-2026-42895 | Microsoft Copilot Tampering Vulnerability | Microsoft | Microsoft 365 Copilot | Medium | 6.5 | 2026-06-19 20:27:47 | Deep Dive |
| CVE-2026-45480 | Azure Active Directory Elevation of Privilege Vulnerability | Microsoft | Azure Active Directory | Critical | 10.0 | 2026-06-19 20:27:46 | Deep Dive |
| CVE-2026-32208 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | Microsoft | Microsoft Edge (Chromium-based) | High | 8.8 | 2026-06-19 20:27:45 | Deep Dive |
| CVE-2026-50559 | Authentication/Authorization Bypass via Advanced Path Normalization Vulnerabilities | quarkusio | quarkus | High | 7.5 | 2026-06-19 20:26:39 | Deep Dive |
| CVE-2026-48794 | Authelia has an Edge Case Access Control Rule Mismatch | authelia | authelia | - | - | 2026-06-19 20:23:04 | Deep Dive |
| CVE-2026-47203 | Authelia Missing Username Canonicalization in Basic Auth (LDAP) | authelia | authelia | - | - | 2026-06-19 20:19:48 | Deep Dive |
| CVE-2026-48129 | Kestra task inputFiles accepts traversal filenames for worker file writes | kestra-io | kestra | Medium | 6.5 | 2026-06-19 20:16:24 | Deep Dive |
| CVE-2026-49346 | libde265 has a heap buffer overflow in de265_image_get_buffer via SPS dimension integer overflow | strukturag | libde265 | High | 7.1 | 2026-06-19 20:12:15 | Deep Dive |
| CVE-2026-49295 | libde265 has an out-of-bounds write in process_reference_picture_set via predicted short-term RPS | strukturag | libde265 | High | 7.1 | 2026-06-19 20:09:23 | Deep Dive |
| CVE-2026-49337 | libde265 has an unbounded memory leak via orphaned slice headers in `read_slice_NAL` | strukturag | libde265 | Medium | 4.3 | 2026-06-19 19:53:19 | Deep Dive |
| CVE-2026-48787 | gin-vue-admin vulnerable to RCE | flipped-aurora | gin-vue-admin | - | - | 2026-06-19 19:46:42 | Deep Dive |
| CVE-2026-48089 | DevGuard has improper authorization on public assets | l3montree-dev | devguard | - | - | 2026-06-19 19:38:04 | Deep Dive |
| CVE-2026-48774 | ProxySQL MCP run_sql_readonly executes side-effecting MySQL multi-statements despite read-only contract | sysown | proxysql | High | 7.5 | 2026-06-19 19:34:40 | Deep Dive |