| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-41507 | Remote Code Execution (RCE) via String Literal Injection into math-codegen | mauriciopoppe | math-codegen | Critical | 9.8 | 2026-05-08 13:49:34 | Deep Dive |
| CVE-2026-41509 | Integer underflow in crypto_sign_open() leads to buffer overflow | CROSS-signature | CROSS-implementation | - | - | 2026-05-08 13:47:18 | Deep Dive |
| CVE-2026-41506 | go-git Credential leak via cross-host redirect in smart HTTP transport | go-git | go-git | Medium | 4.7 | 2026-05-08 13:43:20 | Deep Dive |
| CVE-2026-43350 | smb: client: require a full NFS mode SID before reading mode bits | Linux | Linux | High | 7.6 | 2026-05-08 13:41:53 | Deep Dive |
| CVE-2026-43349 | f2fs: fix to avoid uninit-value access in f2fs_sanity_check_node_footer | Linux | Linux | - | - | 2026-05-08 13:41:53 | Deep Dive |
| CVE-2026-43348 | mshv_vtl: Fix vmemmap_shift exceeding MAX_FOLIO_ORDER | Linux | Linux | - | - | 2026-05-08 13:41:52 | Deep Dive |
| CVE-2026-43347 | arm64: dts: qcom: monaco: Reserve full Gunyah metadata region | Linux | Linux | High | 7.5 | 2026-05-08 13:39:33 | Deep Dive |
| CVE-2026-43346 | ice: ptp: don't WARN when controlling PF is unavailable | Linux | Linux | 中危 | - | 2026-05-08 13:39:32 | Deep Dive |
| CVE-2026-43345 | net: ipa: fix event ring index not programmed for IPA v5.0+ | Linux | Linux | High | 7.5 | 2026-05-08 13:39:31 | Deep Dive |
| CVE-2026-43344 | perf/x86/intel/uncore: Fix die ID init and look up bugs | Linux | Linux | 中危 | - | 2026-05-08 13:39:31 | Deep Dive |
| CVE-2026-44340 | PraisonAI: Symlink-extraction bypass of `_safe_extractall` writes outside `dest_dir` | MervinPraison | PraisonAI | - | - | 2026-05-08 13:38:48 | Deep Dive |
| CVE-2026-39816 | Apache NiFi: Missing Execute Code Required Permission on TinkerpopClientService | Apache Software Foundation | Apache NiFi | - | - | 2026-05-08 13:38:13 | Deep Dive |
| CVE-2026-43343 | usb: gadget: f_subset: Fix unbalanced refcnt in geth_free | Linux | Linux | - | - | 2026-05-08 13:37:21 | Deep Dive |
| CVE-2026-43342 | usb: gadget: f_rndis: Protect RNDIS options with mutex | Linux | Linux | - | - | 2026-05-08 13:37:20 | Deep Dive |
| CVE-2026-43340 | comedi: Reinit dev->spinlock between attachments to low-level drivers | Linux | Linux | - | - | 2026-05-08 13:37:19 | Deep Dive |
| CVE-2026-43341 | net/ipv6: ioam6: prevent schema length wraparound in trace fill | Linux | Linux | Critical | 9.8 | 2026-05-08 13:37:19 | Deep Dive |
| CVE-2026-44339 | PraisonAI has unsafe tool resolution in `ToolExecutionMixin.execute_tool`: undeclared `__main__` callables execute | MervinPraison | PraisonAI | High | 8.6 | 2026-05-08 13:37:10 | Deep Dive |
| CVE-2026-44338 | PraisonAI ships and generates a legacy API server with authentication disabled by default, allowing unauthenticated workflow execution | MervinPraison | PraisonAI | High | 7.3 | 2026-05-08 13:35:45 | Deep Dive |
| CVE-2026-44337 | PraisonAI knowledge-store backends interpolate unvalidated collection names into SQL and CQL queries | MervinPraison | PraisonAI | Medium | 6.3 | 2026-05-08 13:33:52 | Deep Dive |
| CVE-2026-44336 | PraisonAI MCP `tools/call` path-traversal and RCE via Python `.pth` injection | MervinPraison | PraisonAI | - | - | 2026-05-08 13:32:34 | Deep Dive |