| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-39052 | oinone-pamirs 代码注入漏洞 | - | - | - | - | 2026-05-15 00:00:00 | Deep Dive |
| CVE-2026-34253 | vorbis-tools 安全漏洞 | - | - | - | - | 2026-05-15 00:00:00 | Deep Dive |
| CVE-2025-67437 | Medical Management System 访问控制错误漏洞 | - | - | - | - | 2026-05-15 00:00:00 | Deep Dive |
| CVE-2025-67031 | Online Recruitment System for Economic Experiments 安全漏洞 | - | - | - | - | 2026-05-15 00:00:00 | Deep Dive |
| CVE-2026-45248 | Hedera Guardian Authentication Bypass Information Disclosure | hashgraph | guardian | Medium | 5.3 | 2026-05-14 21:36:23 | Deep Dive |
| CVE-2026-6811 | PHP Stack Exhaustion | MongoDB Inc. | PHP Driver | Medium | 5.9 | 2026-05-14 21:27:04 | Deep Dive |
| CVE-2026-44671🧪 | ZITADEL: LDAP Filter Injection in Login Flow | zitadel | zitadel | High | 7.5 | 2026-05-14 21:13:03 | Deep Dive |
| CVE-2026-44428 | MCP Registry: GitHub OIDC tokens replayable across registry deployments due to shared audience | modelcontextprotocol | registry | - | - | 2026-05-14 21:09:10 | Deep Dive |
| CVE-2026-44427 | MCP Registry: Open Redirect | modelcontextprotocol | registry | - | - | 2026-05-14 21:07:34 | Deep Dive |
| CVE-2026-44429 | MCP Registry: Stored XSS in catalogue UI via attribute-quote breakout in publisher-controlled `websiteUrl` | modelcontextprotocol | registry | - | - | 2026-05-14 21:05:56 | Deep Dive |
| CVE-2026-44430 | MCP Registry: Unauthenticated SSRF: HTTP namespace verification dials 6to4 / NAT64 / site-local IPv6 addresses, bypassing private-address allowlist | modelcontextprotocol | registry | - | - | 2026-05-14 21:02:41 | Deep Dive |
| CVE-2026-45781 | MCP Registry: OCI ownership validation fails open on upstream rate limits, allowing attacker-controlled package claims | modelcontextprotocol | registry | Low | 3.5 | 2026-05-14 21:00:50 | Deep Dive |
| CVE-2026-44700 | Elixir WebRTC: Missing DTLS peer fingerprint validation in ex_webrtc client-role handshake | elixir-webrtc | ex_webrtc | - | - | 2026-05-14 20:51:04 | Deep Dive |
| CVE-2026-42847 | ClipBucket: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | MacWarrior | clipbucket-v5 | - | - | 2026-05-14 20:45:54 | Deep Dive |
| CVE-2026-44212 | PrestaShop: Stored XSS executable in customer service view | PrestaShop | PrestaShop | Critical | 9.3 | 2026-05-14 20:44:08 | Deep Dive |
| CVE-2026-44678 | Tuist: IDOR in preview deletion API allows cross-tenant deletion of any preview by UUID | tuist | tuist | - | - | 2026-05-14 20:41:41 | Deep Dive |
| CVE-2026-44679 | Tuist: Forgot password flow lacks throttling for reset email delivery | tuist | tuist | - | - | 2026-05-14 20:40:08 | Deep Dive |
| CVE-2026-44673 | libyang: lyb_read_string() integer overflow → heap buffer overflow | CESNET | libyang | High | 7.5 | 2026-05-14 20:35:14 | Deep Dive |
| CVE-2026-44666 | HRConvert2: Missing Sanitization enables Unauthenticated Remote Command Execution | zelon88 | HRConvert2 | - | - | 2026-05-14 20:32:43 | Deep Dive |
| CVE-2026-44662 | rust-openssl: Heap buffer overflow when encrypting with AES key-wrap-with-padding | rust-openssl | rust-openssl | - | - | 2026-05-14 20:18:44 | Deep Dive |