| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-24751🧪 | Kiteworks Secure Data Forms Vulnerable to Cross-site Scripting | kiteworks | Secure Data Forms | High | 8.2 | 2026-06-01 18:50:08 | Deep Dive |
| CVE-2026-43625 | CodexBar < 0.32.0 Session Cookie Exposure via HTTP Redirect | steipete | CodexBar | Medium | 5.9 | 2026-06-01 18:46:09 | Deep Dive |
| CVE-2026-10283 | Bottelet DaybydayCRM Setting missing authentication | Bottelet | DaybydayCRM | Medium | 6.3 | 2026-06-01 18:45:13 | Deep Dive |
| CVE-2026-10282 | Bottelet DaybydayCRM DocumentsController.php view improper authorization | Bottelet | DaybydayCRM | Medium | 4.3 | 2026-06-01 18:30:13 | Deep Dive |
| CVE-2026-47294 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Microsoft | Microsoft SharePoint Enterprise Server 2016 | High | 8.0 | 2026-06-01 18:26:43 | Deep Dive |
| CVE-2026-43624 | F5-TTS 1.1.20 Path Traversal via finetune_gradio.py create_data_project() | SWivid | F5-TTS | High | 8.2 | 2026-06-01 18:16:10 | Deep Dive |
| CVE-2026-10281🧪 | Enderfga claw-orchestrator API Endpoint embedded-server.ts EmbeddedServer missing authentication | Enderfga | claw-orchestrator | High | 7.3 | 2026-06-01 18:15:11 | Deep Dive |
| CVE-2026-23638 | Kiteworks Secure Data Forms is vulnerable to Authorization Bypass Through User-Controlled Key | kiteworks | Secure Data Forms | Medium | 6.5 | 2026-06-01 18:11:36 | Deep Dive |
| CVE-2026-43623🧪 | microtar 0.1.0 Stack-Based Buffer Overflow via raw_to_header() | rxi | microtar | High | 8.8 | 2026-06-01 18:04:14 | Deep Dive |
| CVE-2026-9330 | IBM WebSphere Application Server is affected by remote code execution | IBM | WebSphere Application Server | High | 8.5 | 2026-06-01 18:01:06 | Deep Dive |
| CVE-2026-30963 | Capsule Namespace Hijacking via subresource | projectcapsule | capsule | Low | 3.9 | 2026-06-01 18:00:44 | Deep Dive |
| CVE-2026-10280🧪 | horizon921 mcpilot MCP API Call Endpoint route.ts server-side request forgery | horizon921 | mcpilot | High | 7.3 | 2026-06-01 18:00:12 | Deep Dive |
| CVE-2026-9319 | IBM WebSphere Application Server is affected by a remote code execution vulnerability | IBM | WebSphere Application Server | Critical | 9.0 | 2026-06-01 17:59:44 | Deep Dive |
| CVE-2026-9614 | Ivanti Neurons for ITSM权限控制漏洞 | Ivanti | Neurons for ITSM (On-Premises) | High | 8.8 | 2026-06-01 17:50:03 | Deep Dive |
| CVE-2026-9311 | IBM WebSphere Application Server is affected by remote code execution | IBM | WebSphere Application Server | Critical | 9.0 | 2026-06-01 17:49:42 | Deep Dive |
| CVE-2026-40990 | Unbounded cache for function definitions | Spring | Spring Cloud Function | Medium | 5.7 | 2026-06-01 17:49:16 | Deep Dive |
| CVE-2026-40989 | Self Routing guard bypassed via function composition | Spring | Spring Cloud Function | Medium | 5.7 | 2026-06-01 17:49:14 | Deep Dive |
| CVE-2026-8644 | IBM WebSphere Application Server is affected by an identity spoofing vulnerability | IBM | WebSphere Application Server | Critical | 9.1 | 2026-06-01 17:46:05 | Deep Dive |
| CVE-2026-10279 | hiraishikentaro wezterm-mcp switch_pane/write_to_specific_pane wezterm_executor.ts os command injection | hiraishikentaro | wezterm-mcp | Medium | 6.3 | 2026-06-01 17:45:07 | Deep Dive |
| CVE-2026-7770 | IBM i Access Client Solutions (ACS) is vulnerable to remote code execution when configured to listen for requests from IBM i Navigator | IBM | i Access Family | High | 8.8 | 2026-06-01 17:45:01 | Deep Dive |