| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-8758 | Metasoft 美特软件 MetaCRM upload3.jsp unrestricted upload | Metasoft 美特软件 | MetaCRM | High | 7.3 | 2026-05-17 13:45:37 | Deep Dive |
| CVE-2026-8757 | adenhq hive Delete Request routes_sessions.py _read_events_tail path traversal | adenhq | hive | High | 7.3 | 2026-05-17 13:15:10 | Deep Dive |
| CVE-2026-8756 | fishaudio Bert-VITS2 Gradio webui_preprocess.py generate_config path traversal | fishaudio | Bert-VITS2 | High | 7.3 | 2026-05-17 13:00:17 | Deep Dive |
| CVE-2026-8755 | fishaudio Bert-VITS2 Model hiyoriUI.py _get_all_models path traversal | fishaudio | Bert-VITS2 | High | 7.3 | 2026-05-17 12:45:09 | Deep Dive |
| CVE-2026-8754 | AstrBotDevs AstrBot File Upload chat.py post_file path traversal | AstrBotDevs | AstrBot | Medium | 6.3 | 2026-05-17 12:15:10 | Deep Dive |
| CVE-2018-25334 | Zechat 1.5 Cross-Site Request Forgery (CSRF) via hashtag parameter | Bylancer | Zechat | Medium | 5.4 | 2026-05-17 12:12:25 | Deep Dive |
| CVE-2018-25339 | Zechat 1.5 SQL Injection via v parameter (time-based blind) | Bylancer | Zechat | High | 8.2 | 2026-05-17 12:11:43 | Deep Dive |
| CVE-2018-25338 | Zechat 1.5 SQL Injection via hashtag parameter | Bylancer | Zechat | High | 8.2 | 2026-05-17 12:11:42 | Deep Dive |
| CVE-2018-25337 | Joomla JoomOCShop 1.0 Cross-Site Request Forgery | Joomlaextensions | Joomla! extension JoomOCShop | Medium | 4.3 | 2026-05-17 12:11:41 | Deep Dive |
| CVE-2018-25336 | jCart for OpenCart 2.3.0.2 Cross-Site Request Forgery | jCart | jCart for OpenCart | Medium | 5.3 | 2026-05-17 12:11:40 | Deep Dive |
| CVE-2018-25335 | WordPress Plugin Peugeot Music 1.0 Arbitrary File Upload | peugeot-music-plugin | Peugeot Music | Critical | 9.8 | 2026-05-17 12:11:39 | Deep Dive |
| CVE-2018-25333 | Nordex N149/4.0-4.5 Wind Turbine Web Server SQL Injection | nordex-online | N149 Wind Turbine Web Server | High | 8.2 | 2026-05-17 12:11:38 | Deep Dive |
| CVE-2018-25332 | GitBucket 4.23.1 Unauthenticated Remote Code Execution | gitbucket | GitBucket | Critical | 9.8 | 2026-05-17 12:11:37 | Deep Dive |
| CVE-2018-25331 | Zenar Content Management System Cross-Site Scripting via ajax.php | zenar | Zenar Content Management System | Medium | 6.1 | 2026-05-17 12:11:36 | Deep Dive |
| CVE-2018-25329 | WordPress Plugin WP with Spritz 1.0 Remote File Inclusion | wp-with-spritz | WP with Spritz | High | 7.5 | 2026-05-17 12:11:35 | Deep Dive |
| CVE-2018-25330 | Joomla! EkRishta 2.10 Persistent XSS and SQL Injection | Joomlaextensions | Joomla! extension EkRishta | High | 8.2 | 2026-05-17 12:11:35 | Deep Dive |
| CVE-2018-25328 | VX Search 10.6.18 Local Buffer Overflow via Directory Field | vxsearch | VX Search | High | 8.4 | 2026-05-17 12:11:34 | Deep Dive |
| CVE-2018-25327 | Joomla! Component Js Jobs 1.2.0 Cross-Site Request Forgery | Joomsky | JS Jobs | Medium | 5.3 | 2026-05-17 12:11:33 | Deep Dive |
| CVE-2018-25325 | Woocommerce CSV Importer 3.3.6 Path Traversal File Deletion | woocommerce-csvimport | WooCommerce CSV-Importer | High | 7.5 | 2026-05-17 12:11:32 | Deep Dive |
| CVE-2018-25326 | Google Drive for WordPress 2.2 Path Traversal RCE via gdrive-ajaxs.php | wp-google-drive | Google Drive | High | 7.5 | 2026-05-17 12:11:32 | Deep Dive |