| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-40300 | Zulip: Message edit history visible in "moves only" policy through /api/v1/messages/{id}/history | zulip | zulip | - | - | 2026-05-12 16:33:03 | Deep Dive |
| CVE-2026-25431 | WordPress Hustle plugin <= 7.8.10.1 - Broken Access Control vulnerability | WPMU DEV | Hustle | Medium | 5.3 | 2026-05-12 16:32:39 | Deep Dive |
| CVE-2026-43993 | JunoClaw: SSRF in WAVS computeDataVerify allows cloud-metadata and internal-service access | Dragonmonk111 | junoclaw | High | 8.2 | 2026-05-12 16:29:41 | Deep Dive |
| CVE-2026-43992 | JunoClaw: MCP write tools exposed raw BIP-39 mnemonic as a tool-call parameter | Dragonmonk111 | junoclaw | Critical | 9.8 | 2026-05-12 16:25:31 | Deep Dive |
| CVE-2026-43990 | JunoClaw: plugin-shell shell-metacharacter injection via shell wrapper | Dragonmonk111 | junoclaw | High | 8.4 | 2026-05-12 16:22:22 | Deep Dive |
| CVE-2026-43989 | JunoClaw: upload_wasm accepted arbitrary filesystem paths without validation | Dragonmonk111 | junoclaw | High | 8.5 | 2026-05-12 16:21:29 | Deep Dive |
| CVE-2026-43991 | JunoClaw: plugin-shell shell-injection bypass via substring blocklist | Dragonmonk111 | junoclaw | High | 8.4 | 2026-05-12 16:19:54 | Deep Dive |
| CVE-2026-8407 | Devolutions Server 安全漏洞 | Devolutions | Server | 中危 | - | 2026-05-12 16:16:51 | Deep Dive |
| CVE-2026-5089 | YAML::Syck versions before 1.38 for Perl has an out-of-bounds read | TODDR | YAML::Syck | - | - | 2026-05-12 16:14:22 | Deep Dive |
| CVE-2026-43515 | Apache Tomcat: Security constraints not correctly applied | Apache Software Foundation | Apache Tomcat | - | - | 2026-05-12 15:33:23 | Deep Dive |
| CVE-2026-43514 | Apache Tomcat: AJP secret compared in non-constant time | Apache Software Foundation | Apache Tomcat | - | - | 2026-05-12 15:32:10 | Deep Dive |
| CVE-2026-43513 | Apache Tomcat: LockOutRealm treats user names as case-sensitive | Apache Software Foundation | Apache Tomcat | - | - | 2026-05-12 15:26:26 | Deep Dive |
| CVE-2026-43512 | Apache Tomcat: Digest authenticator will authenticate any unknown user | Apache Software Foundation | Apache Tomcat | - | - | 2026-05-12 15:24:02 | Deep Dive |
| CVE-2026-41293 | Apache Tomcat: HTTP/2 request headers not validated | Apache Software Foundation | Apache Tomcat | - | - | 2026-05-12 15:19:35 | Deep Dive |
| CVE-2026-42498 | Apache Tomcat: WebSocket authentication header exposure | Apache Software Foundation | Apache Tomcat | - | - | 2026-05-12 15:17:57 | Deep Dive |
| CVE-2026-41284 | Apache Tomcat: Unbounded read in WebDAV LOCK and PROPFIND handling | Apache Software Foundation | Apache Tomcat | - | - | 2026-05-12 15:14:45 | Deep Dive |
| CVE-2026-34187 | SQL Injection in Graph Container Parameter | Pandora FMS | Pandora FMS | - | - | 2026-05-12 15:13:28 | Deep Dive |
| CVE-2026-30810 | Server-Side Request Forgery in API Checker leads to Privilege Escalation | Pandora FMS | Pandora FMS | - | - | 2026-05-12 15:12:47 | Deep Dive |
| CVE-2026-30808 | Session Fixation in Authentication leads to Session Hijacking | Pandora FMS | Pandora FMS | - | - | 2026-05-12 15:11:46 | Deep Dive |
| CVE-2026-30807 | Cross-Site Request Forgery on Extension Pages | Pandora FMS | Pandora FMS | - | - | 2026-05-12 15:11:02 | Deep Dive |