| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-66467 | Apache CloudStack: MinIO policy remains intact on bucket deletion | Apache Software Foundation | Apache CloudStack | High | 8.0 | 2026-05-08 12:16:05 | Deep Dive |
| CVE-2025-66172 | Apache CloudStack: Any user can attach a volume in their VMs from backups they should not have access to | Apache Software Foundation | Apache CloudStack | - | - | 2026-05-08 12:13:18 | Deep Dive |
| CVE-2026-8077 | Weak credentials vulnerability in the CashDro 3 web administration panel | CashDro | CashDro 3 Administration Panel | - | - | 2026-05-08 12:12:56 | Deep Dive |
| CVE-2025-66171 | Apache CloudStack: Any user can create a new VM from backups they should not have access to | Apache Software Foundation | Apache CloudStack | - | - | 2026-05-08 12:11:04 | Deep Dive |
| CVE-2025-66170 | Apache CloudStack: Any user can list backups that they should not have access to | Apache Software Foundation | Apache CloudStack | - | - | 2026-05-08 12:06:32 | Deep Dive |
| CVE-2026-8076 | Weak credentials vulnerability in the CashDro 3 web administration panel | CashDro | CashDro 3 Administration Panel | - | - | 2026-05-08 11:55:53 | Deep Dive |
| CVE-2026-8153 | Command injection in Dashboard Server interface | Universal Robots | PolyScope 5 | Critical | 9.8 | 2026-05-08 11:45:18 | Deep Dive |
| CVE-2026-3318 | Multiple vulnerabilities in Cradle e-commerce | Cradle | e-commerce | - | - | 2026-05-08 11:24:53 | Deep Dive |
| CVE-2026-7475 | Sky Addons <= 3.3.2 - Authenticated (Author+) Stored Cross-Site Scripting via Custom Script | wowdevs | Sky Addons – Elementor Addons with Widgets & Templates | Medium | 6.4 | 2026-05-08 09:26:48 | Deep Dive |
| CVE-2026-7650 | E2Pdf – Export Pdf Tool for WordPress <= 1.32.17 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute | oleksandrz | E2Pdf – Export Pdf Tool for WordPress | Medium | 6.4 | 2026-05-08 09:26:47 | Deep Dive |
| CVE-2026-5341 | NMR Strava activities <= 1.0.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes | mirceatm | NMR Strava activities | Medium | 6.4 | 2026-05-08 09:26:47 | Deep Dive |
| CVE-2026-6213 | Remote Spark SparkView RCE | Remote Spark (https://www.remotespark.com/) | SparkView | - | - | 2026-05-08 09:04:24 | Deep Dive |
| CVE-2026-7330 | Auto Affiliate Links <= 6.8.8 - Unauthenticated Stored Cross-Site Scripting via 'url' Parameter | thedark | Auto Affiliate Links | High | 7.2 | 2026-05-08 08:26:33 | Deep Dive |
| CVE-2026-5127 | User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration <= 4.3.1 - Authenticated (Subscriber+) PHP Object Injection | wedevs | User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration | High | 8.8 | 2026-05-08 08:26:33 | Deep Dive |
| CVE-2013-10075 | Apache::Session versions through 1.94 for Perl re-creates deleted sessions | CHORNY | Apache::Session | - | - | 2026-05-08 07:44:13 | Deep Dive |
| CVE-2026-43284 | xfrm: esp: avoid in-place decrypt on shared skb frags | Linux | Linux | High | 8.8 | 2026-05-08 07:21:48 | Deep Dive |
| CVE-2026-44928 | Uriparser 安全漏洞 | uriparser | uriparser | Low | 2.9 | 2026-05-08 07:15:28 | Deep Dive |
| CVE-2026-44927 | Uriparser 安全漏洞 | uriparser | uriparser | Low | 2.9 | 2026-05-08 07:13:05 | Deep Dive |
| CVE-2026-44916 | OpenStack Ironic 安全漏洞 | OpenStack | Ironic | Low | 3.0 | 2026-05-08 06:38:37 | Deep Dive |
| CVE-2026-8149 | GCM chunking can lead to bad tag exception on decryption | Legion of the Bouncy Castle Inc. | BC-FJA | - | - | 2026-05-08 06:01:41 | Deep Dive |