| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-20210 | Cisco Catalyst SD-WAN Manager Privilege Escalation Vulnerability | Cisco | Cisco Catalyst SD-WAN Manager | Medium | 5.4 | 2026-05-14 16:08:46 | Deep Dive |
| CVE-2026-20209 | Cisco Catalyst SD-WAN Manager Privilege Escalation Vulnerability | Cisco | Cisco Catalyst SD-WAN Manager | Medium | 5.4 | 2026-05-14 16:08:27 | Deep Dive |
| CVE-2026-20182KEV📌💣 | Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability EPSS 0.77 | Cisco | Cisco Catalyst SD-WAN Manager | Critical | 10.0 | 2026-05-14 16:08:26 | Deep Dive |
| CVE-2025-62313 | HCL AION is affected by a vulnerability where adequate protections against brute-force attempts are not enforced. | HCL | AION | Medium | 5.4 | 2026-05-14 16:07:54 | Deep Dive |
| CVE-2025-62311 | HCL AION is affected by a vulnerability where backend service details may be transmitted over insecure HTTP channels. | HCL | AION | Medium | 4.3 | 2026-05-14 16:06:57 | Deep Dive |
| CVE-2025-62310 | HCL AION is affected by a vulnerability where encryption is not enforced for certain data transmissions or operations | HCL | AION | Medium | 5.4 | 2026-05-14 16:05:43 | Deep Dive |
| CVE-2026-44503 | Kiota abstractions RedirectHandler leaks Cookie/Proxy-Authorization headers on cross-host redirect | microsoft | kiota-java | - | - | 2026-05-14 15:58:58 | Deep Dive |
| CVE-2026-44504 | Aegra: Cross-user run injection in /threads/{thread_id}/runs (IDOR) | aegra | aegra | - | - | 2026-05-14 15:52:31 | Deep Dive |
| CVE-2026-42281📌💣 | MagicMirror²: Unauthenticated SSRF via /cors endpoint | MagicMirrorOrg | MagicMirror | - | - | 2026-05-14 15:46:41 | Deep Dive |
| CVE-2026-42283 | DevSpace UI Server WebSocket CheckOrigin does not validate source | devspace-sh | devspace | High | 7.7 | 2026-05-14 15:44:22 | Deep Dive |
| CVE-2026-44501 | DataHub OIDC REDIRECT_URL Cookie Deserialization Vulnerability | datahub-project | datahub | Medium | 4.3 | 2026-05-14 15:41:44 | Deep Dive |
| CVE-2026-42159 | Flowsint: Stored XSS in description of node | reconurge | flowsint | - | - | 2026-05-14 15:39:22 | Deep Dive |
| CVE-2026-42590 | Gotenberg: ExifTool group-prefix syntax bypasses dangerous-tag blocklist | gotenberg | gotenberg | High | 8.2 | 2026-05-14 15:36:30 | Deep Dive |
| CVE-2026-42597 | Gotenberg: Chromium URL conversion routes read arbitrary files under /tmp via file:// scheme | gotenberg | gotenberg | Medium | 5.9 | 2026-05-14 15:34:07 | Deep Dive |
| CVE-2026-42595 | Gotenberg: Server-Side Request Forgery via Chromium URL Endpoint with Redirect-Based Deny-List Bypass | gotenberg | gotenberg | High | 8.6 | 2026-05-14 15:33:29 | Deep Dive |
| CVE-2026-42594 | Gotenberg: Unauthenticated denial of service via echo.Context pool reuse in webhook async goroutine | gotenberg | gotenberg | High | 7.5 | 2026-05-14 15:32:32 | Deep Dive |
| CVE-2026-42593 | Gotenberg: Arbitrary PDF read via stampExpression and watermarkExpression in merge, split, and convert routes | gotenberg | gotenberg | Medium | 5.3 | 2026-05-14 15:31:27 | Deep Dive |
| CVE-2026-42592 | Gotenberg: DNS rebinding bypasses SSRF validation on Chromium URL conversion routes | gotenberg | gotenberg | Medium | 5.3 | 2026-05-14 15:30:34 | Deep Dive |
| CVE-2026-42591 | Gotenberg: Server-Side Request Forgery (SSRF) in github.com/gotenberg/gotenberg/v8 | gotenberg | gotenberg | High | 8.2 | 2026-05-14 15:20:44 | Deep Dive |
| CVE-2026-42596 | Gotenberg: Unauthenticated SSRF via default deny-list bypass in downloadFrom and webhook | gotenberg | gotenberg | Critical | 9.4 | 2026-05-14 15:19:35 | Deep Dive |