| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-44244 | GitPython: Newline injection in config_writer().set_value() enables RCE via core.hooksPath | gitpython-developers | GitPython | High | 7.8 | 2026-05-07 18:22:40 | Deep Dive |
| CVE-2026-42284 | GitPython: Unsafe option check validates multi_options before shlex.split transforms it | gitpython-developers | GitPython | High | 8.1 | 2026-05-07 18:19:20 | Deep Dive |
| CVE-2026-42215 | GitPython: Command injection via Git options bypass | gitpython-developers | GitPython | High | 8.8 | 2026-05-07 18:17:03 | Deep Dive |
| CVE-2026-8083 | SourceCodester Pharmacy Sales and Inventory System ajax.php save_user sql injection | SourceCodester | Pharmacy Sales and Inventory System | High | 7.3 | 2026-05-07 18:15:10 | Deep Dive |
| CVE-2026-42214 | Improper Control of Generation of Code ('Code Injection') in dail8859/NotepadNext | dail8859 | NotepadNext | High | 7.8 | 2026-05-07 18:14:20 | Deep Dive |
| CVE-2026-41906 | FreeScout: Conversation Change-Customer Cross-Mailbox Authorization Bypass | freescout-help-desk | freescout | High | 7.1 | 2026-05-07 18:09:23 | Deep Dive |
| CVE-2026-44742 | Postorius 跨站脚本漏洞 | Postorius project | Postorius | High | 7.2 | 2026-05-07 18:09:20 | Deep Dive |
| CVE-2026-41905 | FreeScout vulnerable to SSRF via Helper::sanitizeRemoteUrl: redirect destination not re-validated, allowing internal HTTP / cloud-metadata access | freescout-help-desk | freescout | High | 7.7 | 2026-05-07 18:08:09 | Deep Dive |
| CVE-2026-41904 | FreeScout Stored XSS vulnerability in mailbox auto-reply: payload reaches every customer's email client (no CSP), bypassing strip_tags validator with mixed text+HTML content | freescout-help-desk | freescout | High | 7.6 | 2026-05-07 18:05:44 | Deep Dive |
| CVE-2026-41902 | FreeScout's user invitation hash never expires: permanent unauthenticated account takeover if invite link leaks | freescout-help-desk | freescout | Critical | 9.1 | 2026-05-07 18:03:51 | Deep Dive |
| CVE-2026-41903 | FreeScout IDOR Vulnerability: PERM_EDIT_USERS allows modifying any user's notification subscriptions (incomplete fix of CVE-2025-48472) | freescout-help-desk | freescout | Medium | 5.4 | 2026-05-07 18:02:01 | Deep Dive |
| CVE-2026-8081 | router-for-me CLIProxyAPI api_tools.go server-side request forgery | router-for-me | CLIProxyAPI | Medium | 6.3 | 2026-05-07 18:00:14 | Deep Dive |
| CVE-2026-7415 | Open MQTT orchestration without read/write ACLs in Yarbo robot firmware | Yarbo | Firmware | Critical | 9.8 | 2026-05-07 16:11:17 | Deep Dive |
| CVE-2026-7414 | Hardcoded credentials in Yarbo robot firmware | Yarbo | Firmware | Critical | 9.8 | 2026-05-07 16:10:02 | Deep Dive |
| CVE-2026-7413 | Persistent undocumented backdoor access in Yarbo robot | Yarbo | Firmware | High | 7.2 | 2026-05-07 16:09:26 | Deep Dive |
| CVE-2026-5787 | Ivanti EPMM 信任管理问题漏洞 | Ivanti | Endpoint Manager Mobile | High | 8.9 | 2026-05-07 15:36:41 | Deep Dive |
| CVE-2026-5788 | Ivanti EPMM 访问控制错误漏洞 | Ivanti | Endpoint Manager Mobile | High | 7.0 | 2026-05-07 15:29:50 | Deep Dive |
| CVE-2026-7821 | Ivanti EPMM 信任管理问题漏洞 | Ivanti | Endpoint Manager Mobile | High | 7.4 | 2026-05-07 15:26:44 | Deep Dive |
| CVE-2026-6973 | Ivanti EPMM 输入验证错误漏洞 | Ivanti | Endpoint Manager Mobile | High | 7.2 | 2026-05-07 15:21:25 | Deep Dive |
| CVE-2026-5786 | Ivanti EPMM 访问控制错误漏洞 | Ivanti | Endpoint Manager Mobile | High | 8.8 | 2026-05-07 15:18:54 | Deep Dive |