| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-42150 | wlc: print_html outputs API data without HTML escaping, enabling stored XSS | WeblateOrg | wlc | Medium | 5.1 | 2026-05-08 03:23:12 | Deep Dive |
| CVE-2026-42264 | Axios: Prototype pollution read-side gadgets in HTTP adapter allow credential injection and request hijacking | axios | axios | High | 7.4 | 2026-05-08 03:20:24 | Deep Dive |
| CVE-2026-41645 | Nuclei: Environment variable disclosure via Response-Derived DSL Expressions | projectdiscovery | nuclei | Medium | 5.3 | 2026-05-08 03:17:19 | Deep Dive |
| CVE-2026-8132 | CodeAstro Leave Management System login.php sql injection | CodeAstro | Leave Management System | High | 7.3 | 2026-05-08 03:15:09 | Deep Dive |
| CVE-2026-41646 | Nuclei: Local File Read via require() Module Loader Bypass | projectdiscovery | nuclei | Medium | 5.5 | 2026-05-08 03:14:50 | Deep Dive |
| CVE-2026-42261 | PromptHub: Authenticated SSRF via IPv6 filter bypass in `POST /api/skills/fetch-remote` | legeling | PromptHub | High | 7.1 | 2026-05-08 03:11:25 | Deep Dive |
| CVE-2026-43944 | electerm: dangerous code can be run through links or command line | electerm | electerm | - | - | 2026-05-08 03:08:09 | Deep Dive |
| CVE-2026-43942 | electerm: Full process.env exposed to renderer via window.pre.env in electerm | electerm | electerm | Medium | 5.5 | 2026-05-08 03:03:55 | Deep Dive |
| CVE-2026-43941 | Unvalidated shell.openExternal in electerm allows arbitrary protocol execution via terminal link click | electerm | electerm | Critical | 9.6 | 2026-05-08 03:01:12 | Deep Dive |
| CVE-2026-8131 | SourceCodester SUP Online Shopping replymsg.php sql injection | SourceCodester | SUP Online Shopping | High | 7.3 | 2026-05-08 03:00:19 | Deep Dive |
| CVE-2026-43940 | electerm: Path traversal in electerm runWidget leads to arbitrary code execution | electerm | electerm | High | 8.4 | 2026-05-08 02:58:06 | Deep Dive |
| CVE-2026-43943 | electerm: RCE via malicious SSH server filename in openFileWithEditor | electerm | electerm | High | 7.8 | 2026-05-08 02:55:51 | Deep Dive |
| CVE-2026-41500 | electerm has Command Injection Vulnerability via runMac function | electerm | electerm | Critical | 9.8 | 2026-05-08 02:53:44 | Deep Dive |
| CVE-2026-41501 | electerm has Command Injection Vulnerability via runLinux function | electerm | electerm | Critical | 9.8 | 2026-05-08 02:51:10 | Deep Dive |
| CVE-2026-8130 | SourceCodester SUP Online Shopping message.php sql injection | SourceCodester | SUP Online Shopping | High | 7.3 | 2026-05-08 02:45:10 | Deep Dive |
| CVE-2026-8129 | SourceCodester SUP Online Shopping wishlist.php sql injection | SourceCodester | SUP Online Shopping | High | 7.3 | 2026-05-08 02:30:11 | Deep Dive |
| CVE-2026-8128 | SourceCodester SUP Online Shopping viewmsg.php sql injection | SourceCodester | SUP Online Shopping | High | 7.3 | 2026-05-08 02:15:10 | Deep Dive |
| CVE-2026-3508 | ASUS MyASUS版本漏洞:IOCTL越界读取致系统崩溃 | ASUS | ASUS System Control Interface | - | - | 2026-05-08 02:00:54 | Deep Dive |
| CVE-2026-6737 | 华硕Precision Touchpad驱动本地提权及可用性问题 | ASUS | AsusPTPFilter | - | - | 2026-05-08 02:00:26 | Deep Dive |
| CVE-2026-8127 | eladmin Users API Endpoint UserController.java checkLevel access control | - | eladmin | Medium | 6.3 | 2026-05-08 02:00:14 | Deep Dive |