| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-41699 | Unsafe Deserialization in Spring GraphQL | Spring | Spring for GraphQL | High | 8.1 | 2026-06-11 05:04:43 | Deep Dive |
| CVE-2026-41001 | Predictable Temp Directory in Artemis Auto-configuration | Spring | Spring Boot | Medium | 5.3 | 2026-06-11 05:04:29 | Deep Dive |
| CVE-2026-41000 | WSS4J validation does not use configured replay cache | Spring | Spring Web Services | Low | 3.7 | 2026-06-11 05:04:24 | Deep Dive |
| CVE-2026-40999 | Spring WS SSRF via unvalidated WS-Addressing reply destinations | Spring | Spring Web Services | High | 8.6 | 2026-06-11 05:04:17 | Deep Dive |
| CVE-2026-40998 | Jaxp13 XPath XXE via StreamSource and SAXSource | Spring | Spring Web Services | High | 8.2 | 2026-06-11 05:04:13 | Deep Dive |
| CVE-2026-40997 | SOAP security faults leak Spring Security account state | Spring | Spring Web Services | Medium | 5.3 | 2026-06-11 05:04:09 | Deep Dive |
| CVE-2026-40996 | Inbound WS-Security allows RSA PKCS#1 v1.5 key transport by default | Spring | Spring Web Services | Medium | 4.8 | 2026-06-11 05:04:05 | Deep Dive |
| CVE-2026-40995 | X.509 authentication bypasses Spring Security account checks | Spring | Spring Web Services | Medium | 5.4 | 2026-06-11 05:04:02 | Deep Dive |
| CVE-2026-40994 | Wss4jSecurityInterceptor disables WS-I BSP validation by default | Spring | Spring Web Services | High | 8.2 | 2026-06-11 05:03:58 | Deep Dive |
| CVE-2026-40992 | Mail Auto-Configuration Does Not Enable SSL Hostname Verification | Spring | Spring Boot | Medium | 5.0 | 2026-06-11 05:03:54 | Deep Dive |
| CVE-2026-40987 | Remote-file synchronizer in Spring Integration writes server-supplied filename under localDirectory without canonicalization | Spring | Spring Integration | High | 7.1 | 2026-06-11 05:03:33 | Deep Dive |
| CVE-2026-40986 | Spring Web Flow JS RemotingHandler renders non-HTML Response as HTML | Spring | Spring Web Flow | Medium | 4.8 | 2026-06-11 05:03:26 | Deep Dive |
| CVE-2026-40985 | Data Binding Vulnerability in Spring Web Flow with Unified EL Parser | Spring | Spring Web Flow | Medium | 6.4 | 2026-06-11 05:02:54 | Deep Dive |
| CVE-2026-35273KEV | Oracle PeopleSoft Enterprise PeopleTools 访问控制错误漏洞 | Oracle Corporation | PeopleSoft Enterprise PeopleTools | Critical | 9.8 | 2026-06-11 02:25:15 | Deep Dive |
| CVE-2026-2827 | Open User Map PRO <= 1.4.31 - Unauthenticated Stored Cross-Site Scripting via 'oum_location_notification' | 100plugins | Open User Map PRO | Medium | 4.7 | 2026-06-11 01:27:56 | Deep Dive |
| CVE-2026-38581 | Thai Palliative SQL注入漏洞 | - | - | - | - | 2026-06-11 00:00:00 | Deep Dive |
| CVE-2026-47342 | Apache OFBiz: Privilege Escalation via updateOrRemove Authorization Bypass | Apache Software Foundation | Apache OFBiz | - | - | 2026-06-10 22:29:07 | Deep Dive |
| CVE-2026-46645 | SQLAdmin: Authorization Bypass on `ajax_lookup` | smithyhq | sqladmin | Medium | 4.3 | 2026-06-10 22:23:57 | Deep Dive |
| CVE-2026-50223 | Apache OFBiz: DataResource Low-Privileged Authenticated FreeMarker Template Injection Leads to Remote Code Execution | Apache Software Foundation | Apache OFBiz | - | - | 2026-06-10 22:23:50 | Deep Dive |
| CVE-2026-46695🧪 | BoxLite: Permission Bypass in boxlite Allows Modification of Read-Only Files | boxlite-ai | boxlite | Critical | 10.0 | 2026-06-10 22:20:45 | Deep Dive |