| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-44283 | etcd: Read access via PrevKv in etcd transactions may bypass RBAC authorization checks | etcd-io | etcd | None | 0.0 | 2026-05-14 17:01:34 | Deep Dive |
| CVE-2026-41615 | Microsoft Authenticator Information Disclosure Vulnerability | Microsoft | Microsoft Authenticator for Android | Critical | 9.6 | 2026-05-14 17:00:38 | Deep Dive |
| CVE-2026-42897KEV | Microsoft Exchange Server Spoofing Vulnerability EPSS 0.10 | Microsoft | Microsoft Exchange Server 2016 Cumulative Update 23 | High | 8.1 | 2026-05-14 17:00:37 | Deep Dive |
| CVE-2026-42572 | Hatchet: Cross-tenant information disclosure in `listTasksByDAGIds` | hatchet-dev | hatchet | Medium | 5.3 | 2026-05-14 16:58:43 | Deep Dive |
| CVE-2026-44520 | Docling-Graph: SSRF via Missing Internal IP Validation in URLInputHandler | docling-project | docling-graph | Medium | 5.7 | 2026-05-14 16:56:58 | Deep Dive |
| CVE-2026-6332 | Clear Text Storage of Sensitive Information on EcoStruxure™ Machine Expert HVAC | Schneider Electric | Ecostruxure™ Machine Expert HVAC | - | - | 2026-05-14 16:54:50 | Deep Dive |
| CVE-2026-41888 | Distribution: Tag deletion bypasses `storage.delete.enabled` configuration | distribution | distribution | - | - | 2026-05-14 16:53:38 | Deep Dive |
| CVE-2026-45448 | ntopng - CWE-601: URL Redirection to Untrusted Site ('Open Redirect') | ntop | ntopng | Medium | 4.3 | 2026-05-14 16:48:19 | Deep Dive |
| CVE-2026-44516 | Valtimo: Sensitive data exposure through HTTP request/response logging in LoggingRestClientCustomizer | valtimo-platform | valtimo | High | 7.6 | 2026-05-14 16:48:06 | Deep Dive |
| CVE-2026-42555 | Valtimo: SpEL injection via StandardEvaluationContext allows Remote Code Execution by admin users | valtimo-platform | valtimo | Critical | 9.1 | 2026-05-14 16:45:49 | Deep Dive |
| CVE-2026-44348 | PoDoFo: Double-free vulnerability in compute_hash_to_sign() | podofo | podofo | Low | 2.5 | 2026-05-14 16:38:46 | Deep Dive |
| CVE-2026-44515 | Nextcloud News: Authenticated blind SSRF via feed URL | nextcloud | news | - | - | 2026-05-14 16:36:12 | Deep Dive |
| CVE-2026-44827 | Diffusers: None.py Trust Remote Code Bypass | huggingface | diffusers | High | 8.8 | 2026-05-14 16:33:42 | Deep Dive |
| CVE-2026-44513 | Diffusers: `trust_remote_code` bypass via `custom_pipeline` and local custom components | huggingface | diffusers | High | 8.8 | 2026-05-14 16:26:04 | Deep Dive |
| CVE-2026-44514 | Kubetail: Cross-Site WebSocket Hijacking allows attacker to read Kubernetes logs from authenticated users | kubetail-org | kubetail | Medium | 6.5 | 2026-05-14 16:20:12 | Deep Dive |
| CVE-2025-62305 | HCL AION is affected by a vulnerability where certain operations may trigger out-of-band interactions | HCL | AION | Medium | 5.1 | 2026-05-14 16:17:33 | Deep Dive |
| CVE-2026-44511 | Katalyst Koi: Session cookies can be replayed after user logout | katalyst | koi | High | 7.4 | 2026-05-14 16:17:29 | Deep Dive |
| CVE-2026-44312 | css_parser allows to MITM included https css urls | premailer | css_parser | Medium | 5.8 | 2026-05-14 16:15:05 | Deep Dive |
| CVE-2026-6923 | Nuvoton - CWE-1300: Improper Protection of Physical Side Channels | Nuvoton | NPCT7xx | Low | 3.8 | 2026-05-14 16:14:34 | Deep Dive |
| CVE-2025-62317 | HCL AION is affected by a vulnerability where sensitive information may be included in URL parameters. | HCL | AION | Low | 2.6 | 2026-05-14 16:13:35 | Deep Dive |