| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-45225🧪 | Heym < 0.0.21 Path Traversal File Upload via upload_file() | heymrun | heym | High | 7.6 | 2026-05-12 21:09:28 | Deep Dive |
| CVE-2026-44259 | efw4.X: Stored XSS via previewServlet | efwGrp | efw4.X | Medium | 4.6 | 2026-05-12 21:08:28 | Deep Dive |
| CVE-2026-44257 | efw4.X: RCE via zipslip | efwGrp | efw4.X | - | - | 2026-05-12 21:06:42 | Deep Dive |
| CVE-2026-44871 | Authenticated Command Injection Vulnerabilities in Command Line Interface (CLI) Service Accessed by PAPI Protocol of AOS-8 and AOS-10 Operating Systems | Hewlett Packard Enterprise (HPE) | HPE Aruba Networking Wireless Operating System (AOS) | High | 7.2 | 2026-05-12 21:06:12 | Deep Dive |
| CVE-2026-44258 | efw4.X: Path Traversal via Unchecked dst Parameter leads to Remote Code Execution | efwGrp | efw4.X | - | - | 2026-05-12 21:05:07 | Deep Dive |
| CVE-2026-26289 | Subnet Solutions PowerSYSTEM Center Incorrect Authorization | Subnet Solutions | PowerSYSTEM Center 2020 | High | 8.2 | 2026-05-12 21:02:43 | Deep Dive |
| CVE-2026-33570 | Subnet Solutions PowerSYSTEM Center Incorrect Authorization | Subnet Solutions | PowerSYSTEM Center 2020 | Medium | 5.7 | 2026-05-12 20:59:26 | Deep Dive |
| CVE-2026-42196 | django-s3file: Relative path traversal | codingjoe | django-s3file | - | - | 2026-05-12 20:58:03 | Deep Dive |
| CVE-2026-44262🧪 | Scramble: Remote code execution via evaluation of user-controlled input in validation rules | dedoc | scramble | Critical | 9.4 | 2026-05-12 20:56:01 | Deep Dive |
| CVE-2026-44296🧪 | Deskflow: TLS multiplexer DoS on failed `SSL_accept` | deskflow | deskflow | High | 7.5 | 2026-05-12 20:53:00 | Deep Dive |
| CVE-2026-44015 | Nginx UI: Server-Side Request Forgery (SSRF) via Cluster Proxy Middleware Allows Access to Internal Services | 0xJacky | nginx-ui | High | 8.5 | 2026-05-12 20:49:16 | Deep Dive |
| CVE-2026-35555 | Subnet Solutions PowerSYSTEM Center Incorrect Authorization | Subnet Solutions | PowerSYSTEM Center 2024 | Medium | 6.3 | 2026-05-12 20:48:13 | Deep Dive |
| CVE-2026-43948 | wger: cross-tenant password reset and plaintext disclosure via gym=None bypass | wger-project | wger | Critical | 9.9 | 2026-05-12 20:47:24 | Deep Dive |
| CVE-2026-44403 | Wing FTP Server < 8.1.3 Authenticated Remote Code Execution via Session Serialization | Wing FTP Server | Wing FTP Server | High | 7.2 | 2026-05-12 20:43:42 | Deep Dive |
| CVE-2026-44246 | nnU-Net: Agentic workflow injection in `.github/workflows/issue-triage.yml` of `MIC-DKFZ/nnUNet` | MIC-DKFZ | nnUNet | High | 7.2 | 2026-05-12 20:41:32 | Deep Dive |
| CVE-2026-44240 | basic-ftp allows a malicious FTP server to cause client-side denial of service via unbounded multiline control response buffering | patrickjuchli | basic-ftp | High | 7.5 | 2026-05-12 20:37:43 | Deep Dive |
| CVE-2026-44224 | Wiki.js: Privilege Escalation via Missing Group Validation in users.update | requarks | wiki | - | - | 2026-05-12 20:33:53 | Deep Dive |
| CVE-2026-44232 | dssrf: every IPv6 category bypasses is_url_safe | HackingRepo | dssrf-js | - | - | 2026-05-12 20:28:57 | Deep Dive |
| CVE-2025-65088 | Out-of-bounds read in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, Cobalt Share | Ashlar-Vellum | Cobalt | - | - | 2026-05-12 20:27:39 | Deep Dive |
| CVE-2025-65087 | Out-of-bounds read in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, Cobalt Share | Ashlar-Vellum | Cobalt | - | - | 2026-05-12 20:25:09 | Deep Dive |