| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-44774 | Traefik: Gateway API TraefikService backend accepts rest@internal, allowing unauthorized exposure of the REST provider despite providers.rest.insecure=false | traefik | traefik | - | - | 2026-05-15 16:30:43 | Deep Dive |
| CVE-2026-41181 | Traefik: Errors middleware forwards Authorization and Cookie headers to separate error page service | traefik | traefik | - | - | 2026-05-15 16:27:15 | Deep Dive |
| CVE-2026-44309 | gitsign verify accepts signatures over go-git-normalized bytes, enabling trust confusion on malformed commits | sigstore | gitsign | Medium | 5.3 | 2026-05-15 16:22:51 | Deep Dive |
| CVE-2026-44310 | gitsign --verify panics on empty-certificate PKCS7 and exits 0, bypassing exit-code callers | sigstore | gitsign | Medium | 5.4 | 2026-05-15 16:17:54 | Deep Dive |
| CVE-2026-41258 | OpenMRS: Stored Velocity SSTI to RCE via ConceptReferenceRange | openmrs | openmrs-core | Critical | 9.1 | 2026-05-15 16:13:18 | Deep Dive |
| CVE-2026-44699 | LibJWT: Algorithm confusion allows JWT forgery with RSA JWK as empty-key HMAC | benmcollins | libjwt | - | - | 2026-05-15 16:08:34 | Deep Dive |
| CVE-2026-46383 | Microsoft APM: Windows absolute-path tar member overwrite during legacy-bundle probing in `apm install` | microsoft | apm | Medium | 5.5 | 2026-05-15 16:04:24 | Deep Dive |
| CVE-2026-45539 | Microsoft APM: Symlinks under `.apm/prompts/` and `.apm/agents/` are dereferenced during `apm install`, copying host-local file contents into the project tree | microsoft | apm | High | 7.4 | 2026-05-15 16:02:38 | Deep Dive |
| CVE-2026-44641 | Microsoft APM: plugin.json component paths escape plugin root and copy arbitrary host files during install | microsoft | apm | High | 7.1 | 2026-05-15 16:00:23 | Deep Dive |
| CVE-2026-45773 | Turborepo: Login callback CSRF/session fixation | vercel | turborepo | - | - | 2026-05-15 15:51:38 | Deep Dive |
| CVE-2026-46508 | Turborepo: VSCode Extension command injection | vercel | turborepo | - | - | 2026-05-15 15:50:25 | Deep Dive |
| CVE-2026-45772 | Turborepo: Unexpected local code execution during Yarn Berry detection | vercel | turborepo | - | - | 2026-05-15 15:45:45 | Deep Dive |
| CVE-2026-2031 | Google Cloud Application Integration: Exposed internal APIs allow Information Disclosure and Remote Code Execution. | Google Cloud | Internal Integration Platform APIs | - | - | 2026-05-15 15:38:25 | Deep Dive |
| CVE-2026-35194 | Apache Flink: Remote code execution via SQL injection in code generation | Apache Software Foundation | Apache Flink | - | - | 2026-05-15 15:27:27 | Deep Dive |
| CVE-2026-45803 | gh: GitHub Actions log output in `gh run view` allows terminal escape sequence injection | cli | cli | Low | 3.5 | 2026-05-15 15:26:57 | Deep Dive |
| CVE-2026-46483 | Vim: Command injection in tar#Vimuntar via missing shellescape {special} flag | vim | vim | Low | 3.6 | 2026-05-15 14:57:32 | Deep Dive |
| CVE-2026-45736 | ws: Uninitialized memory disclosure | websockets | ws | Medium | 4.4 | 2026-05-15 14:53:57 | Deep Dive |
| CVE-2025-14972 | Insufficient DPA countermeasure reseeding | silabs.com | Simplicity SDK | - | - | 2026-05-15 14:35:09 | Deep Dive |
| CVE-2026-8669 | Imager versions through 1.030 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files | TONYC | Imager | - | - | 2026-05-15 13:31:14 | Deep Dive |
| CVE-2026-46333 | ptrace: slightly saner 'get_dumpable()' logic | Linux | Linux | High | 7.1 | 2026-05-15 12:58:45 | Deep Dive |