| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-8073 | Kirki <= 6.0.6 - Unauthenticated Limited Arbitrary File Read and Deletion via downloadZIP | themeum | Kirki – Freeform Page Builder, Website Builder & Customizer | High | 7.5 | 2026-05-19 18:33:53 | Deep Dive |
| CVE-2026-8096 | Kirki <= 6.0.6 - Missing Authorization to Authenticated (Subscriber+) Sensitive Form Submission Data Exposure via 'kirki_wp_admin_get_apis' Action | themeum | Kirki – Freeform Page Builder, Website Builder & Customizer | Medium | 6.5 | 2026-05-19 18:33:52 | Deep Dive |
| CVE-2026-33741 | EspoCRM: Stored XSS via SVG attachment loading same-origin JavaScript | espocrm | espocrm | Medium | 6.8 | 2026-05-19 18:14:36 | Deep Dive |
| CVE-2026-33642 | Kitty has a Heap Buffer Over-Read/Write via Integer Overflow in compose_rectangles Bounds Check | kovidgoyal | kitty | Critical | 9.9 | 2026-05-19 18:04:42 | Deep Dive |
| CVE-2026-33637 | Faraday: Protocol-relative URI objects still bypass host scoping (possible incomplete fix for GHSA-33mh-2634-fwr2) | lostisland | faraday | None | 0.0 | 2026-05-19 17:44:43 | Deep Dive |
| CVE-2026-33633🧪 | Kitty has a Heap Buffer Overflow in its Graphics Protocol Handler | kovidgoyal | kitty | High | 7.5 | 2026-05-19 17:36:08 | Deep Dive |
| CVE-2026-6009 | Jaspersoft Library Deserialisation Vulnerability | Jaspersoft | JasperReports Library Community Edition | - | - | 2026-05-19 17:23:41 | Deep Dive |
| CVE-2026-32134 | NanoMQ: NULL Pointer Dereference Crash in tcptran_pipe_peer During Session Restore | nanomq | nanomq | Medium | 5.9 | 2026-05-19 17:22:13 | Deep Dive |
| CVE-2026-8605 | Use of Hard-coded Credentials in ScadaBR | ScadaBR | ScadaBR | - | - | 2026-05-19 17:08:07 | Deep Dive |
| CVE-2026-8604 | Cross-Site request forgery (CSRF) in ScadaBR | ScadaBR | ScadaBR | - | - | 2026-05-19 17:05:48 | Deep Dive |
| CVE-2026-8603 | Improper neutralization of special elements used in an OS command ('OS command injection') in ScadaBR | ScadaBR | ScadaBR | - | - | 2026-05-19 17:03:38 | Deep Dive |
| CVE-2026-8602 | Missing authentication for critical function in ScadaBR | ScadaBR | ScadaBR | - | - | 2026-05-19 17:00:39 | Deep Dive |
| CVE-2026-47107 | Windmill < 1.703.2 Incorrect Default Permissions in nsjail Configuration | windmill-labs | windmill | High | 8.1 | 2026-05-19 16:42:55 | Deep Dive |
| CVE-2026-5511 | Information Disclosure via Diagnostic Interface Due to Improper Input Validation on TP-Link's Archer AX72 | TP-Link Systems Inc. | Archer AX72 (SG) v1.0 | - | - | 2026-05-19 15:58:46 | Deep Dive |
| CVE-2026-47358🧪 | terrascan 安全漏洞 | tenable | Terrascan | High | 7.5 | 2026-05-19 15:53:09 | Deep Dive |
| CVE-2026-47356🧪 | terrascan 代码问题漏洞 | tenable | Terrascan | High | 7.5 | 2026-05-19 15:53:05 | Deep Dive |
| CVE-2026-47357🧪 | terrascan 安全漏洞 | tenable | Terrascan | High | 7.5 | 2026-05-19 15:53:05 | Deep Dive |
| CVE-2026-5804 | Motorola Factory Test 安全漏洞 | Motorola | Phones | High | 8.4 | 2026-05-19 14:42:22 | Deep Dive |
| CVE-2026-8706 | Sensitive user data could be leaked to other applications through Reader mode | Mozilla | Firefox for iOS | - | - | 2026-05-19 14:27:38 | Deep Dive |
| CVE-2026-2586 | Eclipse Glassfish 代码注入漏洞 | Eclipse Foundation | Eclipse Glassfish | Critical | 9.1 | 2026-05-19 14:12:06 | Deep Dive |