| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-22872 | Capsule TenantResource RawItems Cluster-Scoped Resource Creation Vulnerability | projectcapsule | capsule | - | - | 2026-06-01 17:42:38 | Deep Dive |
| CVE-2026-0072 | Android InputMethodManagerService权限检查缺失致提权 | Android XR | - | - | 2026-06-01 17:38:48 | Deep Dive | |
| CVE-2026-41013 | Tenant-controlled comma smuggles arbitrary CIFS mount options | CloudFoundry Foundation | smb-volume-release | - | - | 2026-06-01 17:36:48 | Deep Dive |
| CVE-2026-43958 | Rrdtool: rrdtool: stack buffer overflow allows local code execution or denial of service | Red Hat | Red Hat Enterprise Linux 10 | High | 7.8 | 2026-06-01 17:34:17 | Deep Dive |
| CVE-2026-10278 | ishayoyo excel-mcp read_file/write_file index.ts path traversal | ishayoyo | excel-mcp | Medium | 6.3 | 2026-06-01 17:30:10 | Deep Dive |
| CVE-2026-45727 | CloakBrowser: Unauthenticated path traversal via fingerprint parameter in cloakserve leads to arbitrary directory deletion | CloakHQ | CloakBrowser | - | - | 2026-06-01 17:23:50 | Deep Dive |
| CVE-2026-45302🧪 | Prototype Pollution in parse-nested-form-data via `__proto__` in FormData field names | milamer | parse-nested-form-data | High | 8.2 | 2026-06-01 17:20:35 | Deep Dive |
| CVE-2026-45729 | ThorVG: Null pointer dereference in SVG loader causes crash via 6-byte malformed input | thorvg | thorvg | Medium | 4.3 | 2026-06-01 17:18:36 | Deep Dive |
| CVE-2024-52011 | launch-editor vulnerable to command injection via the crafted request on Windows | vitejs | launch-editor | - | - | 2026-06-01 17:17:44 | Deep Dive |
| CVE-2026-10277 | j3k0 mcp-google-workspace MCP Gmail Tool gmail.ts saveToDisk access control | j3k0 | mcp-google-workspace | Medium | 6.3 | 2026-06-01 17:15:10 | Deep Dive |
| CVE-2026-45810 | Nextcloud: Propfind requests for file comments allowed to load comments for other files | nextcloud | security-advisories | Medium | 6.8 | 2026-06-01 17:13:22 | Deep Dive |
| CVE-2026-45722🧪 | Nextcloud: Tables app allows limited SQLi in ORDER BY with malicious sort order argument for Table Views | nextcloud | security-advisories | High | 7.1 | 2026-06-01 17:11:15 | Deep Dive |
| CVE-2026-45691 | Nextcloud: Bypass of second factor authentication on DAV endpoints | nextcloud | security-advisories | Medium | 5.9 | 2026-06-01 17:09:48 | Deep Dive |
| CVE-2026-49121🧪 | AI Tensor Engine for ROCm (AITER) 0.1.14 Unauthenticated RCE via MessageQueue.recv() Pickle Deserialization | ROCm | aiter | High | 8.1 | 2026-06-01 17:09:19 | Deep Dive |
| CVE-2026-45690 | Nextcloud: Two-Factor Authentication Bypass via Pending Session Token Replay | nextcloud | security-advisories | Medium | 5.9 | 2026-06-01 17:08:05 | Deep Dive |
| CVE-2026-45545🧪 | Nextcloud: SQL Injection in Column Type Parameter Allows Arbitrary SQL Execution | nextcloud | security-advisories | High | 8.2 | 2026-06-01 17:05:18 | Deep Dive |
| CVE-2026-45544 | Nextcloud: Information Disclosure of view filter metdata via Broken Sensitive Data Masking in ViewService | nextcloud | security-advisories | Medium | 4.3 | 2026-06-01 17:03:07 | Deep Dive |
| CVE-2026-45543 | Nextcloud: Deleting a Forms collaborator share leaves uploaded response files accessible through a lingering Files share | nextcloud | security-advisories | Medium | 5.3 | 2026-06-01 17:00:49 | Deep Dive |
| CVE-2026-10276 | hekmon8 Jenkins-server-mcp get_build_status/get_build_log/trigger_build index.ts jobPath server-side request forgery | hekmon8 | Jenkins-server-mcp | Medium | 6.3 | 2026-06-01 17:00:11 | Deep Dive |
| CVE-2026-45286 | Nextcloud: Calendar app leaked user identifiers via attendee suggestion endpoint | nextcloud | security-advisories | Medium | 4.3 | 2026-06-01 16:59:37 | Deep Dive |