Browse 337,446+ CVEs from NVD & CNNVD with AI-powered analysis, AI-generated PoCs, KEV/EPSS tracking, and daily security intelligence. Filter by vendor, product, severity, or CWE.
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-10692 | johnhuang316 code-index-mcp search_code_advanced is_safe_regex_pattern redos | johnhuang316 | code-index-mcp | Medium | 4.3 | 2026-06-02 23:45:12 | Deep Dive |
| CVE-2026-10691 | wonderwhy-er DesktopCommanderMCP start_search search-manager.ts redos | wonderwhy-er | DesktopCommanderMCP | Medium | 4.3 | 2026-06-02 23:30:15 | Deep Dive |
| CVE-2026-9732 | EmergencyWP <= 1.4.2 - Cross-Site Request Forgery to Plugin Settings Update | planetshaker | EmergencyWP – Dead Man's switch & legacy deliverance | Medium | 4.3 | 2026-06-02 23:27:49 | Deep Dive |
| CVE-2026-7421 | Passeum Ticketing <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'shop_name' Setting | passeum | Passeum Ticketing | Medium | 4.4 | 2026-06-02 23:27:48 | Deep Dive |
| CVE-2026-10690 | wonderwhy-er DesktopCommanderMCP read_file filesystem.ts readFileFromUrl server-side request forgery | wonderwhy-er | DesktopCommanderMCP | Medium | 6.3 | 2026-06-02 23:15:09 | Deep Dive |
| CVE-2026-40108 | GLPI Vulnerable to Stored XSS in ITIL Costs | glpi-project | glpi | - | - | 2026-06-02 23:02:35 | Deep Dive |
| CVE-2026-41412 | alf.io vulnerable to Arbitrary File Read and Exfil via simpleHttpClient Extension Script | alfio-event | alf.io | Medium | 4.9 | 2026-06-02 22:51:36 | Deep Dive |
| CVE-2026-35482🧪 | alf.io has an Authenticated RCE via Extension Script Sandbox Escape | alfio-event | alf.io | High | 8.0 | 2026-06-02 22:50:40 | Deep Dive |
| CVE-2026-44654 | LibreChat: Shared-agent editor can globally delete owner's file records — breaks owner's other private agents | danny-avila | LibreChat | - | - | 2026-06-02 22:47:29 | Deep Dive |
| CVE-2026-10688 | ahujasid blender-mcp server.py execute_blender_code code injection | ahujasid | blender-mcp | Medium | 5.5 | 2026-06-02 22:45:11 | Deep Dive |
| CVE-2026-44653 | LibreChat Shared MCP Server View Leaks Decrypted Admin Secrets | danny-avila | LibreChat | Medium | 6.5 | 2026-06-02 22:40:21 | Deep Dive |
| CVE-2026-32625🧪 | LibreChat Exfiltrates Server Secrets via MCP Server URL Injection | danny-avila | LibreChat | Critical | 9.6 | 2026-06-02 22:35:01 | Deep Dive |
| CVE-2026-10719 | Open Seachest/Seachest NVMe show Format Descriptors Vulnerability | - | - | - | - | 2026-06-02 22:31:46 | Deep Dive |
| CVE-2026-31942🧪 | LibreChat has IDOR in API Keys Management that allows any authenticated user to overwrite other users' API keys | danny-avila | LibreChat | High | 7.1 | 2026-06-02 22:22:14 | Deep Dive |
| CVE-2026-10718 | Open Seachest/Seachest NVMe Trim (Deallocate) Vulnerability | - | - | - | - | 2026-06-02 22:19:41 | Deep Dive |
| CVE-2026-25861 | QloApps 1.7.0 Weak Password Hashing via MD5 in Tools.php | QloApps | QloApps | Medium | 5.9 | 2026-06-02 22:09:19 | Deep Dive |
| CVE-2026-10717 | Open-Seachest/Seachest show SCSI Defect List Vulnerability | - | - | - | - | 2026-06-02 22:06:35 | Deep Dive |
| CVE-2026-42504 | Quadratic complexity in WordDecoder.DecodeHeader in mime | Go standard library | mime | - | - | 2026-06-02 22:01:37 | Deep Dive |
| CVE-2026-42507 | Arbitrary inputs are included in errors without any escaping in net/textproto | Go standard library | net/textproto | - | - | 2026-06-02 22:01:37 | Deep Dive |
| CVE-2026-27145 | Inefficient candidate hostname parsing in crypto/x509 | Go standard library | crypto/x509 | - | - | 2026-06-02 22:01:37 | Deep Dive |