| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-47169 | Quest Bot: Manage Server users can configure AutoRole to grant Administrator to controlled joining accounts | duck-organization | quest-bot | - | - | 2026-06-11 18:25:33 | Deep Dive |
| CVE-2026-45178 | Idira Secrets Manager Self-Hosted: Improper Access Control in Internal Cluster Endpoints | CyberArk Software, a Palo Alto Networks Company | Conjur Enterprise | - | - | 2026-06-11 18:19:08 | Deep Dive |
| CVE-2026-53702 | Gstreamer1-plugins-bad-free: gstreamer: stack buffer overflow in h.265 buffering period sei parser | Red Hat | Red Hat Enterprise Linux 10 | Medium | 6.5 | 2026-06-11 18:15:39 | Deep Dive |
| CVE-2026-53701 | Gstreamer1-plugins-bad-free: gstreamer: out-of-bounds write in h.266/vvc pps picture partition parser | Red Hat | Red Hat Enterprise Linux 10 | Medium | 6.5 | 2026-06-11 18:15:30 | Deep Dive |
| CVE-2026-11774 | 389-ds-base: 389-ds-base: integer overflow in sasl packet length bypasses size limit leading to heap buffer overflow | Red Hat | Red Hat Directory Server 11 | High | 7.6 | 2026-06-11 17:54:35 | Deep Dive |
| CVE-2026-48546🧪 | KanaDojo < 0.1.18 Sandbox Escape RCE via messages.cjs | lingdojo | kana-dojo | High | 7.3 | 2026-06-11 17:53:32 | Deep Dive |
| CVE-2026-47157 | aiograpi: Unsafe signup challenge path handling | subzeroid | aiograpi | Medium | 6.5 | 2026-06-11 17:18:21 | Deep Dive |
| CVE-2026-46697🧪 | Fediverse Embeds: Unauthenticated SSRF / open proxy via REST media-proxy endpoint | stefanbohacek | fediverse-embeds-wordpress-plugin | High | 7.5 | 2026-06-11 17:16:04 | Deep Dive |
| CVE-2026-46698 | Fediverse Embeds: Public-nonce SSRF via ftf_get_site_info AJAX action | stefanbohacek | fediverse-embeds-wordpress-plugin | Medium | 5.3 | 2026-06-11 17:15:53 | Deep Dive |
| CVE-2026-49261 | MariaDB server has unsafe parameter handling in `wsrep_notify_cmd` | MariaDB | server | Critical | 10.0 | 2026-06-11 17:13:21 | Deep Dive |
| CVE-2026-3329 | Nexus Repository Manager - Improper Restriction of Excessive Authentication Attempts | Sonatype | Nexus Repository Manager | - | - | 2026-06-11 17:00:12 | Deep Dive |
| CVE-2026-11986 | Keycloak-rest-admin-ui-ext: authorization bypass vulnerability in the admin-ui-ext bulk role-mapping-delete endpoints of keycloak | Red Hat | Red Hat Build of Keycloak | Medium | 4.9 | 2026-06-11 16:47:12 | Deep Dive |
| CVE-2026-11945 | PostgreSQL Anonymizer: SQL injection in the rules import functions | DALIBO | PostgreSQL Anonymizer | Medium | 6.4 | 2026-06-11 15:53:24 | Deep Dive |
| CVE-2026-49982🧪 | tmp: Type-confusion bypass of _assertPath in tmp@0.2.6 allows path traversal via non-string prefix/postfix/template | raszi | node-tmp | High | 8.2 | 2026-06-11 15:45:01 | Deep Dive |
| CVE-2026-44705 | tmp: Path Traversal via unsanitized prefix/postfix enables directory escape | raszi | node-tmp | - | - | 2026-06-11 15:42:47 | Deep Dive |
| CVE-2026-44486🧪 | Axios: Proxy-Authorization header leaks to redirect target when proxy is re-evaluated to direct connection | axios | axios | High | 7.5 | 2026-06-11 15:39:08 | Deep Dive |
| CVE-2026-44487 | Axios: Proxy-Authorization Credential Leak to Origin Server Across HTTP-to-HTTPS Redirect in Axios Node.js HTTP Adapter | axios | axios | 高危 | - | 2026-06-11 15:38:25 | Deep Dive |
| CVE-2026-44488🧪 | Axios: Allocation of Resources Without Limits or Throttling in axios | axios | axios | High | 7.5 | 2026-06-11 15:37:38 | Deep Dive |
| CVE-2026-44490 | Axios: DoS & Header Injection via Prototype Pollution Read-Side Gadgets in axios merge functions | axios | axios | Medium | 4.8 | 2026-06-11 15:36:13 | Deep Dive |
| CVE-2026-44496🧪 | Axios: Regular Expression Denial of Service (ReDoS) via Cookie Name Injection | axios | axios | High | 7.5 | 2026-06-11 15:34:28 | Deep Dive |