| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-30805 | Insecure Default Initialization in API Authentication leads to Authentication Bypass | Pandora FMS | Pandora FMS | - | - | 2026-05-12 15:09:57 | Deep Dive |
| CVE-2026-8111 | Ivanti Endpoint Manager(EPM) SQL注入漏洞 | ivanti | Endpoint Manager | High | 8.8 | 2026-05-12 14:33:46 | Deep Dive |
| CVE-2026-8110 | Ivanti Endpoint Manager 安全漏洞 | ivanti | Endpoint Manager | High | 7.8 | 2026-05-12 14:31:26 | Deep Dive |
| CVE-2026-8109 | Ivanti Endpoint Manager 安全漏洞 | ivanti | Endpoint Manager | Medium | 6.5 | 2026-05-12 14:29:11 | Deep Dive |
| CVE-2026-8051 | Ivanti Virtual Traffic Manager 操作系统命令注入漏洞 | ivanti | Virtual Traffic Manager | High | 7.2 | 2026-05-12 14:24:42 | Deep Dive |
| CVE-2026-8401 | Sandbox escape in the Profile Backup component | Mozilla | Firefox | - | - | 2026-05-12 14:24:33 | Deep Dive |
| CVE-2026-7432 | Ivanti Secure Access Client 竞争条件问题漏洞 | ivanti | Secure Access Client | High | 7.8 | 2026-05-12 14:21:58 | Deep Dive |
| CVE-2026-43983 | Pocket ID: OIDC refresh token flow bypasses authorization revocation, account disabling, and group restrictions | pocket-id | pocket-id | 中危 | - | 2026-05-12 14:19:01 | Deep Dive |
| CVE-2026-7431 | Ivanti Secure Access Client 安全漏洞 | ivanti | Secure Access Client | Medium | 4.4 | 2026-05-12 14:18:57 | Deep Dive |
| CVE-2026-32687 | SQL injection via channel name in Postgrex.Notifications.listen/3 and unlisten/3 | elixir-ecto | postgrex | - | - | 2026-05-12 14:18:08 | Deep Dive |
| CVE-2026-8043 | Ivanti Xtraction 安全漏洞 | ivanti | Xtraction | Critical | 9.6 | 2026-05-12 14:11:30 | Deep Dive |
| CVE-2026-42260 | Open-WebSearch: SSRF in `fetchWebContent` MCP tool: bracketed IPv6 literals and non-resolving hostname check bypass `isPrivateOrLocalHostname` | Aas-ee | open-webSearch | High | 8.2 | 2026-05-12 14:09:06 | Deep Dive |
| CVE-2026-8368 | LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects | OALDERS | LWP::UserAgent | - | - | 2026-05-12 14:01:25 | Deep Dive |
| CVE-2026-43937 | YAF.NET: Pre-Handler Authorization Bypass on Admin Pages Enabling Blind SQL Execution via `/Admin/RunSql` | YAFNET | YAFNET | High | 8.8 | 2026-05-12 14:00:36 | Deep Dive |
| CVE-2026-6866 | Initialization of a Resource with an Insecure Default vulnerability on EcoStruxure™ Panel Server | Schneider Electric | EcoStruxure™ Panel Server | - | - | 2026-05-12 13:59:34 | Deep Dive |
| CVE-2026-5061 | Consul-template vulnerable to sandbox path bypass in file helper via a symlink attack | HashiCorp | Tooling | Medium | 4.7 | 2026-05-12 13:58:20 | Deep Dive |
| CVE-2026-43938 | YAF.NET: Unauthenticated Stored Second-Order XSS in Admin Event Log via Reflected `User-Agent` Header | YAFNET | YAFNET | High | 8.1 | 2026-05-12 13:57:57 | Deep Dive |
| CVE-2026-43939 | YAF.NET: Stored XSS in Forum Thread Posts/Replies Allowing Arbitrary JavaScript Execution for All Thread Viewers | YAFNET | YAFNET | High | 7.3 | 2026-05-12 13:56:40 | Deep Dive |
| CVE-2026-43930 | Parse Server: MFA SMS one-time password accepted twice under concurrent login | parse-community | parse-server | - | - | 2026-05-12 13:34:51 | Deep Dive |
| CVE-2026-43916 | pam_authnft: Heap buffer overflow in NETLINK_SOCK_DIAG reply walker | identd-ng | pam_authnft | - | - | 2026-05-12 13:31:44 | Deep Dive |