| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-39820 | Quadratic string concatentation in consumeComment in net/mail | Go standard library | net/mail | - | - | 2026-05-07 19:41:20 | Deep Dive |
| CVE-2026-42499 | Quadratic string concatenation in consumePhrase in net/mail | Go standard library | net/mail | - | - | 2026-05-07 19:41:19 | Deep Dive |
| CVE-2026-39817 | Invoking "go tool pack" does not sanitize output paths in cmd/go | Go toolchain | cmd/go | - | - | 2026-05-07 19:41:19 | Deep Dive |
| CVE-2026-39819 | Invoking "go bug" follows symlinks in predictable temporary filenames in cmd/go | Go toolchain | cmd/go | - | - | 2026-05-07 19:41:19 | Deep Dive |
| CVE-2026-39826 | Escaper bypass leads to XSS in html/template | Go standard library | html/template | - | - | 2026-05-07 19:41:19 | Deep Dive |
| CVE-2026-33811 | Crash when handling long CNAME response in net | Go standard library | net | - | - | 2026-05-07 19:41:19 | Deep Dive |
| CVE-2026-39836 | Panic in Dial and LookupPort when handling NUL byte on Windows in net | Go standard library | net | - | - | 2026-05-07 19:41:18 | Deep Dive |
| CVE-2026-39825 | ReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputil | Go standard library | net/http/httputil | - | - | 2026-05-07 19:41:18 | Deep Dive |
| CVE-2026-33814 | Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net | golang.org/x/net | golang.org/x/net/http2 | - | - | 2026-05-07 19:41:18 | Deep Dive |
| CVE-2026-8088 | OSGeo gdal GDapi.c GDfieldinfo out-of-bounds | OSGeo | gdal | Low | 3.3 | 2026-05-07 19:30:12 | Deep Dive |
| CVE-2026-8087 | OSGeo gdal GDapi.c GDnentries heap-based overflow | OSGeo | gdal | Medium | 5.3 | 2026-05-07 19:00:15 | Deep Dive |
| CVE-2026-42259 | Saltcorn: Open Redirect in `POST /auth/login` due to incomplete `is_relative_url` validation (backslash bypass) | saltcorn | saltcorn | - | - | 2026-05-07 18:54:57 | Deep Dive |
| CVE-2026-42241 | ParquetSharp: Possible Stack Overflow When Reading a ParquetFile with Large Decimal Type Width | G-Research | ParquetSharp | Medium | 5.3 | 2026-05-07 18:52:07 | Deep Dive |
| CVE-2026-43510 | CISA manage.get.gov insecure portfolio administrative privileges | CISA | manage.get.gov | High | 7.6 | 2026-05-07 18:50:57 | Deep Dive |
| CVE-2026-42239 | Budibase auth session cookies are set with httpOnly:false — any XSS can lead to full account takeover | Budibase | budibase | High | 8.1 | 2026-05-07 18:49:59 | Deep Dive |
| CVE-2026-42225 | GnuTLS backend silently skips certificate chain verification when verify_peer is false | pjsip | pjproject | - | - | 2026-05-07 18:47:27 | Deep Dive |
| CVE-2026-8086 | OSGeo gdal SWapi.c SWnentries heap-based overflow | OSGeo | gdal | Medium | 5.3 | 2026-05-07 18:45:13 | Deep Dive |
| CVE-2026-41653 | BentoPDF: Stored XSS via Markdown Editor Leading to Persistent File Exfiltration | alam00000 | bentopdf | - | - | 2026-05-07 18:43:18 | Deep Dive |
| CVE-2026-8084 | OSGeo gdal HDF-EOS Grid File SWapi.c memmove out-of-bounds | OSGeo | gdal | Low | 3.3 | 2026-05-07 18:30:13 | Deep Dive |
| CVE-2026-44243 | GitPython: Path traversal in GitPython reference APIs allows arbitrary file write and delete outside the repository | gitpython-developers | GitPython | - | - | 2026-05-07 18:22:54 | Deep Dive |