| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-45218 | WordPress WP Travel plugin <= 11.4.0 - SQL Injection vulnerability | WP Travel | WP Travel | High | 7.7 | 2026-05-12 11:02:10 | Deep Dive |
| CVE-2026-45211 | WordPress APIExperts Square for WooCommerce plugin <= 4.7.1 - SQL Injection vulnerability | Saad Iqbal | APIExperts Square for WooCommerce | High | 8.5 | 2026-05-12 11:02:10 | Deep Dive |
| CVE-2026-45215 | WordPress WP EasyPay plugin <= 4.3.0 - Sensitive Data Exposure vulnerability | Saad Iqbal | WP EasyPay | Medium | 5.3 | 2026-05-12 11:02:10 | Deep Dive |
| CVE-2026-45214 | WordPress Xpro Elementor Addons plugin <= 1.5.1 - SQL Injection vulnerability | Xpro | Xpro Elementor Addons | High | 8.5 | 2026-05-12 11:02:10 | Deep Dive |
| CVE-2026-32684 | Hikvision Hik-Connect APP 安全漏洞 | Hikvision | Hik-Connect APP | Low | 2.9 | 2026-05-12 10:51:09 | Deep Dive |
| CVE-2026-2465 | Improper Authorization in E-Kalite's Turboard FOR-S | E-Kalite Software Hardware Engineering Design and Internet Services Industry and Trade Ltd. Co. | Turboard FOR-S | High | 8.8 | 2026-05-12 10:27:45 | Deep Dive |
| CVE-2026-41713 | Prompt Injection via Memory Poisoning in PromptChatMemoryAdvisor | VMware | Spring AI | High | 8.2 | 2026-05-12 10:17:39 | Deep Dive |
| CVE-2026-41712 | ChatMemory DEFAULT_CONVERSATION_ID causes unintended cross-user data leakage | VMware | Spring AI | High | 7.5 | 2026-05-12 10:17:36 | Deep Dive |
| CVE-2026-8072 | Insecure generation of SAT access credentials in Ingecon EMS Board | Ingeteam | Ingecon Sun EMS Board | - | - | 2026-05-12 09:57:03 | Deep Dive |
| CVE-2026-6001 | IDOR in Abis Technology's BAPSİS | ABIS Technology Ltd. Co. | BAPSİS | High | 8.8 | 2026-05-12 09:53:12 | Deep Dive |
| CVE-2025-6577 | SQLi in Akilli Commerce's E-Commerce Website | Akilli Commerce Software Technologies Ltd. Co. | E-Commerce Website | Critical | 9.8 | 2026-05-12 09:31:55 | Deep Dive |
| CVE-2026-6813 | Continually <= 4.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'continually_embed_code' Parameter | continually | Continually | Medium | 4.4 | 2026-05-12 09:29:04 | Deep Dive |
| CVE-2026-6800 | FastBots <= 1.0.12 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings | fastbots | FastBots | Medium | 4.4 | 2026-05-12 09:29:02 | Deep Dive |
| CVE-2026-7428 | Insecure default administrative credentials in AlloyDB for PostgreSQL | Google Cloud | AlloyDB for PostgreSQL | - | - | 2026-05-12 09:16:35 | Deep Dive |
| CVE-2026-8162 | multiparty vulnerable to Denial of Service via Uncaught Exception in filename* parameter parsing | multiparty | multiparty | High | 7.5 | 2026-05-12 09:05:13 | Deep Dive |
| CVE-2026-5029 | RCE in Code Runner MCP Server | Code Runner MCP Server | Code Runner MCP Server | - | - | 2026-05-12 09:01:50 | Deep Dive |
| CVE-2026-8161 | multiparty vulnerable to Denial of Service via Prototype Pollution leading to Uncaught Exception | multiparty | multiparty | High | 7.5 | 2026-05-12 08:50:38 | Deep Dive |
| CVE-2026-8159 | multiparty vulnerable to ReDoS via filename parsing | multiparty | multiparty | High | 7.5 | 2026-05-12 08:35:40 | Deep Dive |
| CVE-2026-1934 | Motors – Car Dealership & Classified Listings Plugin <= 1.4.103 - Missing Authorization to Authenticated (Subscriber+) Payment Bypass via 'stm_payment_status' Parameter | stylemix | Motors – Car Dealership & Classified Listings Plugin | Medium | 4.3 | 2026-05-12 08:27:45 | Deep Dive |
| CVE-2026-44412 | Siemens Solid Edge 安全漏洞 | Siemens | Solid Edge SE2026 | High | 7.8 | 2026-05-12 08:21:20 | Deep Dive |