| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-12129 | CodeAstro Human Resource Management System Dashboard add_tod cross site scripting | CodeAstro | Human Resource Management System | Low | 3.5 | 2026-06-12 20:30:09 | Deep Dive |
| CVE-2026-47264 | Discourse: Don't leak restricted tag group names via tag info | discourse | discourse | Medium | 5.3 | 2026-06-12 20:26:39 | Deep Dive |
| CVE-2026-47263 | Discourse: Prevent webhook payload disclosure on event redelivery | discourse | discourse | Medium | 4.3 | 2026-06-12 20:26:20 | Deep Dive |
| CVE-2026-45775 | Discourse: Cross-site backup access via path traversal in multisite local backups | discourse | discourse | Medium | 6.8 | 2026-06-12 20:25:34 | Deep Dive |
| CVE-2026-45085 | Discourse: Chat misauthorization and information disclosure | discourse | discourse | Medium | 5.3 | 2026-06-12 20:25:09 | Deep Dive |
| CVE-2026-44785 | Discourse: Hidden reply-to post raw can be disclosed through AI explain prompts | discourse | discourse | Medium | 4.3 | 2026-06-12 20:24:39 | Deep Dive |
| CVE-2026-44784 | Discourse: Non-staff group owners can see email password in plaintext through group history | discourse | discourse | Medium | 6.5 | 2026-06-12 20:23:52 | Deep Dive |
| CVE-2026-44783 | Discourse: Replying to a whisper lets non-whisperers create staff-only whisper posts | discourse | discourse | Medium | 5.4 | 2026-06-12 20:23:15 | Deep Dive |
| CVE-2026-44782 | Discourse: GroupPostSerializer leaks hidden full names through reaction post association | discourse | discourse | Medium | 4.3 | 2026-06-12 20:23:01 | Deep Dive |
| CVE-2026-44780 | Discourse: Category queue reviewers can read raw incoming emails from queued posts | discourse | discourse | Medium | 4.3 | 2026-06-12 20:22:45 | Deep Dive |
| CVE-2026-44779 | Discourse: Bot debug endpoints disclose whisper translation audit logs | discourse | discourse | Medium | 4.3 | 2026-06-12 20:22:30 | Deep Dive |
| CVE-2026-44786 | Discourse: Public chat MessageBus broadcasts are not restricted to chat-eligible users | discourse | discourse | High | 7.5 | 2026-06-12 20:22:06 | Deep Dive |
| CVE-2026-54393 | MISP Overmind theme stored XSS via unvalidated homepage setting | misp | misp | 中危 | - | 2026-06-12 20:21:48 | Deep Dive |
| CVE-2026-54362 | MISP template builder exposes non-visible custom galaxies across organisations | misp | misp | 中危 | - | 2026-06-12 20:08:55 | Deep Dive |
| CVE-2026-54057 | Kitty vulnerable to command injection via unsanitized OSC 21 query reply | kovidgoyal | kitty | 高危 | - | 2026-06-12 20:07:00 | Deep Dive |
| CVE-2026-54056🧪 | Kitty has an arbitrary file overwrite via symlink following in `kitten dnd` remote drop staging | kovidgoyal | kitty | High | 7.6 | 2026-06-12 20:06:06 | Deep Dive |
| CVE-2026-54055 | Kitty has an Arbitrary File Write via Symlink Race Condition in File Transmission Protocol | kovidgoyal | kitty | Medium | 5.0 | 2026-06-12 20:03:18 | Deep Dive |
| CVE-2026-42851🧪 | @kitty-edit DCS + --color=geninclude vulnerable to Unauthenticated in-process RCE | kovidgoyal | kitty | High | 7.8 | 2026-06-12 20:00:23 | Deep Dive |
| CVE-2026-54361 | MISP mass assignment vulnerabilities allow unauthorized modification of ownership and delegation records | misp | misp | 高危 | - | 2026-06-12 19:59:59 | Deep Dive |
| CVE-2026-42850 | Kitty has a shell command injection | kovidgoyal | kitty | 高危 | - | 2026-06-12 19:59:14 | Deep Dive |