| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-42287 | Emlog: SQL Injection Vulnerability in log_model.php within addLog() and updateLog() Functions | emlog | emlog | - | - | 2026-05-08 21:51:53 | Deep Dive |
| CVE-2026-42286 | Emlog: Cross-Site Request Forgery in Admin Functions | emlog | emlog | - | - | 2026-05-08 21:51:12 | Deep Dive |
| CVE-2026-41517 | Emlog: Remote Code Execution via Malicious Plugin Upload | emlog | emlog | - | - | 2026-05-08 21:50:27 | Deep Dive |
| CVE-2026-41486 | Ray: Remote Code Execution via Parquet Arrow Extension Type Deserialization | ray-project | ray | - | - | 2026-05-08 21:46:14 | Deep Dive |
| CVE-2026-42209 | FlashMQ: Division by zero crash when using non-default deferred retained message setting | halfgaar | FlashMQ | Medium | 6.5 | 2026-05-08 21:40:43 | Deep Dive |
| CVE-2026-42213 | SolidCAM-GPPL-IDE: Path traversal in `inc` directive enables file probing and NTLM-hash leak | anzory | SolidCAM-GPPL-IDE | - | - | 2026-05-08 21:38:41 | Deep Dive |
| CVE-2026-42212 | SolidCAM-GPPL-IDE: XML External Entity (XXE) and billion-laughs DoS in VMID parser | anzory | SolidCAM-GPPL-IDE | - | - | 2026-05-08 21:35:30 | Deep Dive |
| CVE-2026-42205 | Avo: Broken Access Control: Unauthorized Execution of Arbitrary Action Classes Across Resources | avo-hq | avo | High | 8.8 | 2026-05-08 21:26:45 | Deep Dive |
| CVE-2026-42195 | Unvalidated gitlab URL parameter redirects OAuth authorize step to attacker-controlled host | jgraph | drawio | Low | 3.4 | 2026-05-08 21:22:41 | Deep Dive |
| CVE-2026-42202 | nova-toggle-5: Improper authorization on toggle endpoint allowed non-Nova users to modify boolean fields | almirhodzic | nova-toggle-5 | Medium | 6.5 | 2026-05-08 21:18:59 | Deep Dive |
| CVE-2026-42199 | Grid: Integer Overflow in Grid::expand_rows Leads to Safe-API Undefined Behavior | becheran | grid | Medium | 6.2 | 2026-05-08 21:15:17 | Deep Dive |
| CVE-2026-42192 | Plunk: Stored XSS in campaign view | useplunk | plunk | Medium | 5.4 | 2026-05-08 21:13:25 | Deep Dive |
| CVE-2026-42193 | Plunk: SNS webhook forgery | useplunk | plunk | Critical | 9.1 | 2026-05-08 21:12:26 | Deep Dive |
| CVE-2026-44400 | MailEnable Enterprise Premium < 10.55 Authorization Bypass via WebAdmin | MailEnable | MailEnable Enterprise Premium | High | 8.1 | 2026-05-08 20:22:44 | Deep Dive |
| CVE-2026-7807 | SmarterTools SmarterMail < Build 9560 Server Local File Inclusion via the /api/v1/report/summary/{type} API | SmarterTools Inc. | SmarterMail | High | 8.1 | 2026-05-08 19:54:33 | Deep Dive |
| CVE-2026-42189 | Russh: Pre-auth DoS via unbounded allocation in keyboard-interactive auth | Eugeny | russh | High | 7.5 | 2026-05-08 19:49:51 | Deep Dive |
| CVE-2026-42160 | Data Space Portal: Incorrect Authorization and Client-Side Enforcement of Server-Side Security in ghcr.io/sovity/ds-portal-ce-backend | sovity | dataspace-portal | - | - | 2026-05-08 19:47:00 | Deep Dive |
| CVE-2026-42190 | RedwoodSDK: Same-site CSRF in in server actions | redwoodjs | sdk | Medium | 5.3 | 2026-05-08 19:35:18 | Deep Dive |
| CVE-2026-42180 | Lemmy: SSRF in /api/v3/post via Webmention dispatch | LemmyNet | lemmy | Medium | 6.3 | 2026-05-08 19:29:04 | Deep Dive |
| CVE-2026-42181 | Lemmy: SSRF and internal image disclosure in post link metadata via unvalidated og:image | LemmyNet | lemmy | Medium | 6.5 | 2026-05-08 19:26:08 | Deep Dive |