| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-48250 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | Adobe | Adobe Experience Manager | Medium | 5.4 | 2026-06-09 16:48:10 | Deep Dive |
| CVE-2026-48271 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | Adobe | Adobe Experience Manager | Medium | 5.4 | 2026-06-09 16:48:09 | Deep Dive |
| CVE-2026-47978 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | Adobe | Adobe Experience Manager | Medium | 5.4 | 2026-06-09 16:48:08 | Deep Dive |
| CVE-2026-47949 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | Adobe | Adobe Experience Manager | Medium | 5.4 | 2026-06-09 16:48:07 | Deep Dive |
| CVE-2026-48299 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | Adobe | Adobe Experience Manager | Medium | 5.4 | 2026-06-09 16:48:05 | Deep Dive |
| CVE-2026-48266 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | Adobe | Adobe Experience Manager | Medium | 5.4 | 2026-06-09 16:48:04 | Deep Dive |
| CVE-2026-49959🧪 | Hermes WebUI < 0.51.311 RCE via Git Configuration Injection | nesquena | hermes-webui | High | 8.8 | 2026-06-09 16:46:04 | Deep Dive |
| CVE-2026-49958 | Hermes WebUI < 0.51.303 TOCTOU Race Condition via git_discard | nesquena | hermes-webui | Medium | 5.0 | 2026-06-09 16:35:42 | Deep Dive |
| CVE-2026-22926 | Omnissa Workspace ONE Assist for macOS 路径遍历漏洞 | Omnissa | Omnissa Workspace ONE® Assist for macOS | High | 7.8 | 2026-06-09 16:34:24 | Deep Dive |
| CVE-2026-49957🧪 | Hermes WebUI < 0.51.296 Workspace Boundary Bypass via api/workspace.py | nesquena | hermes-webui | High | 7.7 | 2026-06-09 16:25:11 | Deep Dive |
| CVE-2026-42599 | Cross-site scripting via spread attributes in Svelte SSR | sveltejs | svelte | - | - | 2026-06-09 16:22:47 | Deep Dive |
| CVE-2026-42567 | Svelte: ReDoS in `<svelte:element>` Tag Validation | sveltejs | svelte | - | - | 2026-06-09 16:22:23 | Deep Dive |
| CVE-2026-42573 | Svelte: XSS via DOM Clobbering of Internal Framework State | sveltejs | svelte | - | - | 2026-06-09 16:21:29 | Deep Dive |
| CVE-2026-42570🧪 | Svelte devalue: DoS via sparse array deserialization | sveltejs | devalue | High | 7.5 | 2026-06-09 16:12:26 | Deep Dive |
| CVE-2026-24180 | NVIDIA DALI 安全漏洞 | NVIDIA | DALI | High | 7.3 | 2026-06-09 16:11:40 | Deep Dive |
| CVE-2026-24181 | NVIDIA DALI 输入验证错误漏洞 | NVIDIA | DALI | High | 7.3 | 2026-06-09 16:11:00 | Deep Dive |
| CVE-2026-49956 | Hermes WebUI < 0.51.269 Profile Isolation Bypass via sessions search | nesquena | hermes-webui | Medium | 6.5 | 2026-06-09 16:10:34 | Deep Dive |
| CVE-2026-46492🧪 | md-fileserver: Stored/Reflected XSS when viewing Markdown (raw HTML allowed) | commenthol | md-fileserver | High | 7.2 | 2026-06-09 16:09:29 | Deep Dive |
| CVE-2026-49848 | FreeSWITCH: Pre-authentication `userVariables` injection in `mod_verto` | signalwire | freeswitch | Medium | 4.3 | 2026-06-09 16:05:42 | Deep Dive |
| CVE-2026-49955 | Hermes WebUI < 0.51.270 Resource Exhaustion via passkey/options | nesquena | hermes-webui | Medium | 5.3 | 2026-06-09 16:05:33 | Deep Dive |