| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-31700 | net/packet: fix TOCTOU race on mmap'd vnet_hdr in tpacket_snd() | Linux | Linux | High | 7.8 | 2026-05-01 13:56:00 | Deep Dive |
| CVE-2026-31699 | crypto: ccp: Don't attempt to copy CSR to userspace if PSP command failed | Linux | Linux | High | 7.1 | 2026-05-01 13:56:00 | Deep Dive |
| CVE-2026-31698 | crypto: ccp: Don't attempt to copy PDH cert to userspace if PSP command failed | Linux | Linux | High | 7.1 | 2026-05-01 13:55:59 | Deep Dive |
| CVE-2026-31697 | crypto: ccp: Don't attempt to copy ID to userspace if PSP command failed | Linux | Linux | High | 7.1 | 2026-05-01 13:55:58 | Deep Dive |
| CVE-2026-31696 | rxrpc: Fix missing validation of ticket length in non-XDR key preparsing | Linux | Linux | 中危 | - | 2026-05-01 13:55:57 | Deep Dive |
| CVE-2026-31695 | wifi: virt_wifi: remove SET_NETDEV_DEV to avoid use-after-free | Linux | Linux | High | 7.8 | 2026-05-01 13:53:37 | Deep Dive |
| CVE-2026-31694 | fuse: reject oversized dirents in page cache | Linux | Linux | High | 7.8 | 2026-05-01 13:53:36 | Deep Dive |
| CVE-2026-7582 | AcademySoftwareFoundation OpenImageIO DDS Image ddsinput.cpp out-of-bounds write | AcademySoftwareFoundation | OpenImageIO | Medium | 5.3 | 2026-05-01 13:45:12 | Deep Dive |
| CVE-2026-3143 | Total Upkeep <= 1.17.1 - Missing Authorization to Unauthenticated Rollback Cancellation | boldgrid | Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid | Medium | 5.3 | 2026-05-01 13:28:43 | Deep Dive |
| CVE-2026-7581 | alexta69 MeTube CORS Policy main.py on_prepare cross-domain policy | alexta69 | MeTube | Medium | 4.3 | 2026-05-01 13:00:21 | Deep Dive |
| CVE-2026-7580 | Exiftool JPEG/QuickTime/MOV/MP4 GM.pm Process_mrld code injection | - | Exiftool | Medium | 5.3 | 2026-05-01 12:00:16 | Deep Dive |
| CVE-2026-7579 | AstrBotDevs AstrBot Dashboard auth.py hard-coded credentials | AstrBotDevs | AstrBot | High | 7.3 | 2026-05-01 11:30:15 | Deep Dive |
| CVE-2026-3772 | WP Editor <= 1.2.9.2 - Cross-Site Request Forgery to Remote Code Execution via Plugin and Theme File Editor | benjaminprojas | WP Editor | High | 8.8 | 2026-05-01 11:18:48 | Deep Dive |
| CVE-2026-3140 | Ultimate Dashboard <= 3.8.14 - Cross-Site Request Forgery to Module Activation/Deactivation | davidvongries | Ultimate Dashboard – Custom WordPress Dashboard | Medium | 4.3 | 2026-05-01 11:18:48 | Deep Dive |
| CVE-2026-7578 | MacCMS Pro Plugin Installation add.html install unrestricted upload | - | MacCMS Pro | Medium | 4.7 | 2026-05-01 10:45:11 | Deep Dive |
| CVE-2026-42778 | Apache MINA: CWE-502 Deserialization of Untrusted Data (take 2) | Apache Software Foundation | Apache MINA | Critical | 9.8 | 2026-05-01 10:01:10 | Deep Dive |
| CVE-2026-42779 | Apache MINA: AbstractIoBuffer.resolveClass() null-clazz Branch Skips acceptMatchers Filter — Full Object Deserialization RCE (take 2) | Apache Software Foundation | Apache MINA | Critical | 9.8 | 2026-05-01 10:00:44 | Deep Dive |
| CVE-2026-42404 | Apache Neethi: Unrestricted HTTP Redirect Following in Policy References | Apache Software Foundation | Apache Neethi | Medium | 6.5 | 2026-05-01 09:46:50 | Deep Dive |
| CVE-2026-7567 | Temporary Login <= 1.0.0 - Authentication Bypass to Account Takeover | elemntor | Temporary Login | Critical | 9.8 | 2026-05-01 09:26:07 | Deep Dive |
| CVE-2026-42402 | Apache Neethi: Policy Normalization Unbounded Resource Allocation DoS | Apache Software Foundation | Apache Neethi | High | 7.5 | 2026-05-01 08:54:41 | Deep Dive |