| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-41674 | xmldom: XML injection through unvalidated DocumentType serialization | xmldom | xmldom | - | - | 2026-05-07 03:47:51 | Deep Dive |
| CVE-2026-40004 | openssl.cnf Privilege Escalation Vulnerability in ZTE Cloud PC Client uSmartview | ZTE | ZXCLOUD iRAI | Medium | 5.5 | 2026-05-07 03:47:06 | Deep Dive |
| CVE-2026-41673 | xmldom: Denial of service via uncontrolled recursion in XML serialization | xmldom | xmldom | - | - | 2026-05-07 03:40:28 | Deep Dive |
| CVE-2026-41672 | xmldom: XML node injection through unvalidated comment serialization | xmldom | xmldom | - | - | 2026-05-07 03:36:17 | Deep Dive |
| CVE-2026-6214 | Forminator Forms <= 1.53.0 - Missing Authorization to Authenticated (Subscriber+) Scheduled Form Submission Export via forminator_export_entries Action on wp_loaded Hook | wpmudev | Forminator Forms – Contact Form, Payment Form & Custom Form Builder | Medium | 6.5 | 2026-05-07 03:27:06 | Deep Dive |
| CVE-2026-41891 | CI4MS: Deactivated User Session Bypass (active=0) | ci4-cms-erp | ci4ms | - | - | 2026-05-07 03:24:44 | Deep Dive |
| CVE-2026-41890 | CI4MS: Arbitrary Database Table Drop via Theme deleteProcess | ci4-cms-erp | ci4ms | - | - | 2026-05-07 03:23:31 | Deep Dive |
| CVE-2026-44603 | Tor 安全漏洞 | torproject | Tor | Low | 3.7 | 2026-05-07 03:21:25 | Deep Dive |
| CVE-2026-41203 | ci4ms Theme::upload is vulnerable to Zip Slip leading to RCE | ci4-cms-erp | ci4ms | - | - | 2026-05-07 03:19:46 | Deep Dive |
| CVE-2026-41202 | ci4ms Backup::restore is vulnerable to Zip Slip leading to RCE | ci4-cms-erp | ci4ms | - | - | 2026-05-07 03:18:01 | Deep Dive |
| CVE-2026-44602 | Tor 代码问题漏洞 | torproject | Tor | Low | 3.7 | 2026-05-07 03:17:32 | Deep Dive |
| CVE-2026-41201 | CI4MS: Backup Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM Blind XSS Version 2 | ci4-cms-erp | ci4ms | Critical | 9.1 | 2026-05-07 03:16:41 | Deep Dive |
| CVE-2026-41587 | CI4MS: Unrestricted PHP File Upload via Theme Installation Leads to Authenticated Remote Code Execution | ci4-cms-erp | ci4ms | - | - | 2026-05-07 03:14:39 | Deep Dive |
| CVE-2026-44601 | Tor 安全漏洞 | torproject | Tor | Low | 3.7 | 2026-05-07 03:09:51 | Deep Dive |
| CVE-2026-42194 | Incomplete fix for CVE-2026-32812: SSRF in admidio | Admidio | admidio | Medium | 6.8 | 2026-05-07 03:01:05 | Deep Dive |
| CVE-2026-41671 | Admidio: OIDC Token Introspection Endpoint Returns Active for All Tokens Without Validation | Admidio | admidio | Medium | 6.8 | 2026-05-07 03:00:56 | Deep Dive |
| CVE-2026-41670 | Admidio: SAML Response Sent to Unvalidated Assertion Consumer Service URL from AuthnRequest | Admidio | admidio | High | 8.2 | 2026-05-07 03:00:40 | Deep Dive |
| CVE-2026-41669 | Admidio: SAML Signature Validation Result Ignored — Forged AuthnRequests and LogoutRequests Processed | Admidio | admidio | High | 8.2 | 2026-05-07 03:00:30 | Deep Dive |
| CVE-2026-41663 | Admidio: CSRF on Admin Preferences Triggers Unauthorized Backup, .htaccess Write, and Email Send | Admidio | admidio | Low | 3.5 | 2026-05-07 03:00:12 | Deep Dive |
| CVE-2026-41662 | Admidio: Missing Minimum Administrator Check in Role Membership Removal | Admidio | admidio | Medium | 5.2 | 2026-05-07 02:59:51 | Deep Dive |