| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-4935 | SureTriggers < 1.1.23 – Unauthenticated SQLi | Unknown | OttoKit: All-in-One Automation Platform | - | - | 2026-05-08 06:00:05 | Deep Dive |
| CVE-2026-8069 | PredatorSense V3: Local Privilege Escalation (LPE) vulnerability | Acer | PredatorSense V3 | - | - | 2026-05-08 05:57:23 | Deep Dive |
| CVE-2026-8148 | NAVER MYBOX Explorer for Windows 安全漏洞 | NAVER | NAVER MYBOX Explorer | - | - | 2026-05-08 04:36:13 | Deep Dive |
| CVE-2026-8138 | Tenda CX12L SetPptpServerCfg” formSetPPTPServer stack-based overflow | Tenda | CX12L | High | 8.8 | 2026-05-08 04:15:10 | Deep Dive |
| CVE-2026-8137 | Totolink X5000R formDdns sub_458E40 buffer overflow | Totolink | X5000R | High | 8.8 | 2026-05-08 04:00:13 | Deep Dive |
| CVE-2026-42279 | solidtime: Time entry update endpoint allows cross-organization modification of a known time-entry UUID | solidtime-io | solidtime | Medium | 5.8 | 2026-05-08 03:57:32 | Deep Dive |
| CVE-2026-42278 | UltraDAG: Smart Account Spending Policy Bypass via Pockets | UltraDAGcom | core | - | - | 2026-05-08 03:55:01 | Deep Dive |
| CVE-2026-42277 | Onyx: IDOR in /chat/file/{file_id} allows any authenticated user to download other users files | onyx-dot-app | onyx | Medium | 6.5 | 2026-05-08 03:51:12 | Deep Dive |
| CVE-2026-42276 | Onyx: IDOR in /chat/stop-chat-session allows any authenticated user to interrupt other users chat sessions | onyx-dot-app | onyx | Medium | 4.3 | 2026-05-08 03:49:57 | Deep Dive |
| CVE-2026-42275 | zrok: WebDAV drive backend follows symlinks outside DriveRoot, enabling host filesystem read/write | openziti | zrok | High | 8.7 | 2026-05-08 03:45:57 | Deep Dive |
| CVE-2026-8136 | SourceCodester Pharmacy Sales and Inventory System index.php users cross site scripting | SourceCodester | Pharmacy Sales and Inventory System | Low | 2.4 | 2026-05-08 03:45:09 | Deep Dive |
| CVE-2026-42274 | Heimdall: Authorization bypass via path normalization mismatch | dadrus | heimdall | - | - | 2026-05-08 03:43:42 | Deep Dive |
| CVE-2026-42273 | Heimdall: Case-sensitive host matching may lead to policy bypass | dadrus | heimdall | - | - | 2026-05-08 03:42:50 | Deep Dive |
| CVE-2026-42272 | Heimdall: Case-sensitive handling of URL-encoded slashes may lead to inconsistent path interpretation | dadrus | heimdall | - | - | 2026-05-08 03:40:18 | Deep Dive |
| CVE-2026-42208 | LiteLLM: SQL injection in Proxy API key verification | BerriAI | litellm | - | - | 2026-05-08 03:38:14 | Deep Dive |
| CVE-2026-42203 | LiteLLM: Server-Side Template Injection in /prompts/test endpoint | BerriAI | litellm | - | - | 2026-05-08 03:36:59 | Deep Dive |
| CVE-2026-42271 | LiteLLM: Authenticated command execution via MCP stdio test endpoints | BerriAI | litellm | - | - | 2026-05-08 03:35:17 | Deep Dive |
| CVE-2026-44298 | Kimai: Arbitrary file read in invoice PDF renderer (admin) | kimai | kimai | Medium | 4.1 | 2026-05-08 03:32:07 | Deep Dive |
| CVE-2026-41498 | Kimai: Team API Missing Object-Level Authorization | kimai | kimai | Low | 3.3 | 2026-05-08 03:30:32 | Deep Dive |
| CVE-2026-8133 | zyx0814 FilePress Shares Filelist API admin.php sql injection | zyx0814 | FilePress | High | 7.3 | 2026-05-08 03:30:14 | Deep Dive |