| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-41661 | Admidio: Reflected XSS in msg_window.php via Square Bracket to HTML Tag Conversion | Admidio | admidio | Medium | 6.1 | 2026-05-07 02:59:35 | Deep Dive |
| CVE-2026-41660 | Admidio: Inverted 2FA Reset Authorization Check Lets Group Leaders Strip Admin TOTP | Admidio | admidio | High | 7.1 | 2026-05-07 02:59:30 | Deep Dive |
| CVE-2026-41659 | Admidio: Hidden Profile Field Values Leaked via Blind Search Oracle in Member Assignment | Admidio | admidio | Low | 2.7 | 2026-05-07 02:59:20 | Deep Dive |
| CVE-2026-41658 | Admidio: Missing Authorization on Inventory Module Destructive Endpoints Allows Any Authenticated User to Delete Items | Admidio | admidio | Medium | 6.5 | 2026-05-07 02:58:28 | Deep Dive |
| CVE-2026-41657 | Admidio: Cross-Organization Member Data Exposure via Permission Check Mismatch in contacts_data.php | Admidio | admidio | Medium | 4.9 | 2026-05-07 02:58:09 | Deep Dive |
| CVE-2026-41656 | Admidio: Path Traversal via Unvalidated `name` Parameter in Document Add Mode Enables Arbitrary Server File Read | Admidio | admidio | Medium | 4.5 | 2026-05-07 02:58:03 | Deep Dive |
| CVE-2026-41655 | Admidio: Path Traversal in ECard Preview Allows Reading Arbitrary Server Files Including Database Credentials | Admidio | admidio | Medium | 6.5 | 2026-05-07 02:55:38 | Deep Dive |
| CVE-2026-4807 | Appointment Booking Calendar <= 1.6.10.6 - Unauthenticated Arbitrary Appointment View, Modification and Deletion | croixhaug | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | Medium | 6.5 | 2026-05-07 02:27:12 | Deep Dive |
| CVE-2026-44600 | Tor 安全漏洞 | torproject | Tor | Low | 3.7 | 2026-05-07 02:20:51 | Deep Dive |
| CVE-2026-44599 | Tor 安全漏洞 | torproject | Tor | Low | 3.7 | 2026-05-07 02:11:56 | Deep Dive |
| CVE-2026-6222 | Forminator Forms <= 1.51.1 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Disclosure via 'forminator_action' Parameter | wpmudev | Forminator Forms – Contact Form, Payment Form & Custom Form Builder | Medium | 5.3 | 2026-05-07 01:25:27 | Deep Dive |
| CVE-2026-40003 | USB-based arbitrary memory write vulnerability in ZTE ZX297520V3 soc BootROM | ZTE | ZX297520V3 BootROM | Medium | 5.1 | 2026-05-07 01:15:25 | Deep Dive |
| CVE-2026-44597 | Tor 安全漏洞 | torproject | Tor | Low | 3.7 | 2026-05-07 00:56:47 | Deep Dive |
| CVE-2026-36458 | ChestnutCMS 安全漏洞 | - | - | - | - | 2026-05-07 00:00:00 | Deep Dive |
| CVE-2026-30496 | Optoma CinemaX P2 安全漏洞 | - | - | - | - | 2026-05-07 00:00:00 | Deep Dive |
| CVE-2026-30495 | Optoma CinemaX P2 安全漏洞 | - | - | - | - | 2026-05-07 00:00:00 | Deep Dive |
| CVE-2025-67202 | sidekiq-cron 安全漏洞 | - | - | - | - | 2026-05-07 00:00:00 | Deep Dive |
| CVE-2025-63706 | next-npm-version 1.0.1 安全漏洞 | - | - | - | - | 2026-05-07 00:00:00 | Deep Dive |
| CVE-2025-63705 | Node Typescript OCR 安全漏洞 | - | - | 中危 | - | 2026-05-07 00:00:00 | Deep Dive |
| CVE-2026-36387 | CodeAstro Membership Management System 代码问题漏洞 | - | - | - | - | 2026-05-07 00:00:00 | Deep Dive |