| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-9661 | OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23/24/26/28 | Hitachi | Hitachi Virtual Storage Platform One Block 23 | High | 8.1 | 2026-05-07 07:08:15 | Deep Dive |
| CVE-2026-44406 | DLL Hijacking Vulnerability in ZTE Cloud PC Client uSmartview | ZTE | ZXCLOUD iRAI | Medium | 5.7 | 2026-05-07 06:49:54 | Deep Dive |
| CVE-2026-41586 | ObjectInputStream.readObject() without ObjectInputFilter in fabric-sdk-java allows Java deserialization RCE | hyperledger | fabric | - | - | 2026-05-07 05:12:36 | Deep Dive |
| CVE-2026-41143 | YesWiki vulnerable to authenticated SQL Injection via id_fiche in EntryManager::formatDataBeforeSave() | YesWiki | yeswiki | High | 8.8 | 2026-05-07 05:08:23 | Deep Dive |
| CVE-2026-41139 | Unsafe array index getter in mathjs | josdejong | mathjs | 高危 | - | 2026-05-07 05:06:29 | Deep Dive |
| CVE-2026-7252 | WP-Optimize <= 4.5.2 - Authenticated (Author+) Arbitrary File Deletion via 'original-file' Post Meta | davidanderson | WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance | High | 8.1 | 2026-05-07 04:27:11 | Deep Dive |
| CVE-2026-6692 | Slider Revolution 7.0.0 - 7.0.10 - Authenticated (Subscriber+) Arbitrary File Upload via _get_media_url | Revolution Slider | Slider Revolution | High | 8.8 | 2026-05-07 04:27:10 | Deep Dive |
| CVE-2026-4348 | BetterDocs Pro <= 3.7.0 - Unauthenticated SQL Injection via Encyclopedia 'limit' Parameter | betterdocs | BetterDocs Pro | High | 7.5 | 2026-05-07 04:27:10 | Deep Dive |
| CVE-2026-41413 | Istio Vulnerable to SSRF via RequestAuthentication jwksUri | istio | istio | Medium | 5.0 | 2026-05-07 04:18:32 | Deep Dive |
| CVE-2026-41641 | NocoBase Vulnerable to SQL Validation Bypass via `sqlCollection:update` Missing `checkSQL` Call | nocobase | nocobase | High | 7.2 | 2026-05-07 04:13:34 | Deep Dive |
| CVE-2026-8063 | Post-auth null pointer dereference when aggregating against a view with empty search pipeline | MongoDB Inc. | MongoDB Server | Medium | 6.5 | 2026-05-07 04:12:55 | Deep Dive |
| CVE-2026-41640 | NocoBase Vulnerable to SQL Injection via String Concatenation in Recursive Eager Loading | nocobase | nocobase | High | 7.5 | 2026-05-07 04:09:59 | Deep Dive |
| CVE-2026-42217 | OpenEXR: Shift exponent overflow in `readVariableLengthInteger()` (`ImfIDManifest.cpp`) | AcademySoftwareFoundation | openexr | - | - | 2026-05-07 04:04:55 | Deep Dive |
| CVE-2026-42216 | OpenEXR: Out-of-bounds read in `IDManifest::init()` during prefix expansion | AcademySoftwareFoundation | openexr | - | - | 2026-05-07 04:02:00 | Deep Dive |
| CVE-2026-41142 | OpenEXR is Vulnerable to Integer overflow in ImageChannel::resize leads to heap OOB write via OpenEXRUtil public API | AcademySoftwareFoundation | openexr | High | 8.8 | 2026-05-07 03:58:09 | Deep Dive |
| CVE-2026-40981 | VMware Spring Cloud Config 安全漏洞 | Spring | Spring Cloud Config | High | 7.5 | 2026-05-07 03:55:44 | Deep Dive |
| CVE-2026-41002 | VMware Spring Cloud Config 安全漏洞 | Spring | Spring Cloud Config | High | 7.2 | 2026-05-07 03:53:18 | Deep Dive |
| CVE-2026-41004 | VMware Spring Cloud Config 日志信息泄露漏洞 | Spring | Spring Cloud Config | Medium | 4.4 | 2026-05-07 03:51:32 | Deep Dive |
| CVE-2026-41675 | xmldom: XML node injection through unvalidated processing instruction serialization | xmldom | xmldom | - | - | 2026-05-07 03:49:34 | Deep Dive |
| CVE-2026-40982 | VMware Spring Cloud Config 路径遍历漏洞 | Spring | Spring Cloud Config | Critical | 9.1 | 2026-05-07 03:49:30 | Deep Dive |