| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-4397 | Medtronic MyCareLink Patient Monitor Data Encryption Weakness | Medtronic | MyCareLink Patient Monitor 24950 | Medium | 6.8 | 2026-05-07 15:03:36 | Deep Dive |
| CVE-2025-4386 | Medtronic MyCareLink Patient Monitor Hardware Debug Port | Medtronic | MyCareLink Patient Monitor 24950 | Medium | 6.8 | 2026-05-07 15:00:21 | Deep Dive |
| CVE-2026-32686 | Unbounded exponent in decimal enables unauthenticated DoS | ericmj | decimal | - | - | 2026-05-07 14:04:47 | Deep Dive |
| CVE-2026-44349 | Daptin fuzzy search injects unvalidated column name into raw SQL | daptin | daptin | 中危 | - | 2026-05-07 13:57:10 | Deep Dive |
| CVE-2026-41422 | Daptin vulnerable to SQL injection via unvalidated goqu.L() calls in aggregate API | daptin | daptin | High | 8.3 | 2026-05-07 13:56:19 | Deep Dive |
| CVE-2026-41689 | Wallos: Shared local webhook allowlist lets low-privilege users send arbitrary requests to allowlisted internal services | ellite | Wallos | Medium | 6.0 | 2026-05-07 13:53:13 | Deep Dive |
| CVE-2026-41688 | Incomplete fix for CVE-2026-33399: SSRF in Wallos | ellite | Wallos | High | 7.7 | 2026-05-07 13:52:01 | Deep Dive |
| CVE-2026-42011 | Gnutls: gnutls: security bypass due to incorrect name constraint handling | Red Hat | Red Hat Enterprise Linux 10 | High | 7.4 | 2026-05-07 13:51:05 | Deep Dive |
| CVE-2026-41687 | Wallos: SSRF CGNAT Bypass in subscription/payments Logo URL — is_cgnat_ip() Not Used in Inline Checks | ellite | Wallos | Medium | 4.3 | 2026-05-07 13:48:44 | Deep Dive |
| CVE-2026-44264 | Weblate is vulnerable to XSS via crafted Markdown | WeblateOrg | weblate | Medium | 4.3 | 2026-05-07 13:43:31 | Deep Dive |
| CVE-2026-44263 | Weblate: Private Translation Enumeration via Screenshot API | WeblateOrg | weblate | Medium | 4.3 | 2026-05-07 13:42:47 | Deep Dive |
| CVE-2026-41519 | Weblate's API Token Not Invalidated on Password Change | WeblateOrg | weblate | Medium | 4.2 | 2026-05-07 13:41:43 | Deep Dive |
| CVE-2026-41654 | Weblate is Vulnerable to Authenticated SSRF via Project Backup Import bypassing validate_repo_url | WeblateOrg | weblate | 中危 | - | 2026-05-07 13:40:13 | Deep Dive |
| CVE-2026-41650 | fast-xml-parser XMLBuilder: XML Comment and CDATA Injection via Unescaped Delimiters | NaturalIntelligence | fast-xml-parser | Medium | 6.1 | 2026-05-07 13:36:56 | Deep Dive |
| CVE-2026-41505 | RELATE: Predictable Token Generation in auth.py and exam.py | inducer | relate | High | 8.7 | 2026-05-07 13:35:02 | Deep Dive |
| CVE-2026-41554 | WordPress Bricks Builder theme 1.9.2-2.2 - Cross Site Scripting (XSS) vulnerability | Bricks | Bricks Builder | High | 7.1 | 2026-05-07 13:28:59 | Deep Dive |
| CVE-2026-41589 | Wish has SCP Path Traversal that allows arbitrary file read/write | charmbracelet | wish | Critical | 9.6 | 2026-05-07 13:17:59 | Deep Dive |
| CVE-2026-41490 | Dagster Vulnerable to SQL Injection via Dynamic Partition Keys in Database I/O Manager Integrations | dagster-io | dagster | High | 8.3 | 2026-05-07 13:15:16 | Deep Dive |
| CVE-2025-14341 | Input Data Manipulation in DivvyDrive Information Technologies' DivvyDrive | DivvyDrive Information Technologies Inc. | DivvyDrive | High | 8.3 | 2026-05-07 13:13:47 | Deep Dive |
| CVE-2026-41685 | Incus: Unbounded binary import disk exhaustion | lxc | incus | Medium | 4.3 | 2026-05-07 13:09:35 | Deep Dive |