| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-36388 | PHPGurukul Hospital Management System 跨站脚本漏洞 | - | - | - | - | 2026-05-07 00:00:00 | Deep Dive |
| CVE-2025-65122 | youtube-regex 资源管理错误漏洞 | - | - | - | - | 2026-05-07 00:00:00 | Deep Dive |
| CVE-2026-36341 | Webkul Krayin CRM 跨站脚本漏洞 | - | - | - | - | 2026-05-07 00:00:00 | Deep Dive |
| CVE-2025-63704 | Query String Parser 安全漏洞 | - | - | - | - | 2026-05-07 00:00:00 | Deep Dive |
| CVE-2025-63703 | parse-ini 安全漏洞 | - | - | - | - | 2026-05-07 00:00:00 | Deep Dive |
| CVE-2026-37709 | Snipe-IT 访问控制错误漏洞 | - | - | - | - | 2026-05-07 00:00:00 | Deep Dive |
| CVE-2026-40214 | OpenStack Cyborg 安全漏洞 | OpenStack | Cyborg | Medium | 6.3 | 2026-05-07 00:00:00 | Deep Dive |
| CVE-2026-40213 | OpenStack Cyborg 安全漏洞 | OpenStack | Cyborg | High | 7.4 | 2026-05-07 00:00:00 | Deep Dive |
| CVE-2026-3291 | Samsung Print Service Plugin – Potential Information Disclosure | HP, Inc | Samsung Print Service Plugin | - | - | 2026-05-06 21:53:04 | Deep Dive |
| CVE-2026-41484 | OpenTelemetry.Exporter.OneCollector vulnerable to denial of service via unbounded HTTP error response body | open-telemetry | opentelemetry-dotnet-contrib | Medium | 5.3 | 2026-05-06 21:00:07 | Deep Dive |
| CVE-2026-41483 | Unbounded HTTP response body read in OpenTelemetry.Resources.Azure | open-telemetry | opentelemetry-dotnet-contrib | Medium | 5.9 | 2026-05-06 20:58:33 | Deep Dive |
| CVE-2026-41310 | OpenTelemetry .NET Zipkin exporter has unbounded remote endpoint cache leading to memory growth | open-telemetry | opentelemetry-dotnet | Medium | 5.3 | 2026-05-06 20:54:37 | Deep Dive |
| CVE-2026-41417 | Netty vulnerable to HTTP request smuggling and RTSP request injection via DefaultHttpRequest.setUri() | netty | netty | Medium | 5.3 | 2026-05-06 20:52:47 | Deep Dive |
| CVE-2026-40296 | PhpSpreadsheet vulnerable to XSS in HTML writer via custom number format codes | PHPOffice | PhpSpreadsheet | Medium | 5.4 | 2026-05-06 20:48:35 | Deep Dive |
| CVE-2026-40281 | Gotenberg vulnerable to argument injection via newlines in ExifTool metadata values | gotenberg | gotenberg | Critical | 10.0 | 2026-05-06 20:46:48 | Deep Dive |
| CVE-2026-40251 | Incus out-of-bounds panic in snapshot metadata handling allows denial of service | lxc | incus | - | - | 2026-05-06 20:40:11 | Deep Dive |
| CVE-2026-40243 | Incus OVN TLS verification accepts peer-supplied roots and permits endpoint impersonation | lxc | incus | - | - | 2026-05-06 20:38:23 | Deep Dive |
| CVE-2026-40197 | Incus nil-pointer dereference in custom volume import allows denial of service | lxc | incus | - | - | 2026-05-06 20:36:24 | Deep Dive |
| CVE-2026-40195 | Incus nil-pointer dereference in storage bucket import allows denial of service | lxc | incus | - | - | 2026-05-06 20:33:34 | Deep Dive |
| CVE-2026-40332 | Masa CMS open redirect via improper handling of scheme-relative URLs | MasaCMS | MasaCMS | - | - | 2026-05-06 20:13:18 | Deep Dive |