| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-9024 | Stored Cross-site Scripting (XSS) vulnerability affecting Process Experience Studio in DELMIA Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2026x | Dassault Systèmes | DELMIA Service Process Engineer | High | 8.7 | 2026-06-01 08:21:07 | Deep Dive |
| CVE-2026-10240 | JeecgBoot test server-side request forgery | - | JeecgBoot | Medium | 6.3 | 2026-06-01 08:15:09 | Deep Dive |
| CVE-2026-44825 | Apache Solr: Enabling BasicAuth using bin/solr CLI configures additional insecure users | Apache Software Foundation | Apache Solr | High | 8.1 | 2026-06-01 08:02:15 | Deep Dive |
| CVE-2026-10239 | JeecgBoot edit WordUtil.addImage server-side request forgery | - | JeecgBoot | Medium | 6.3 | 2026-06-01 08:00:17 | Deep Dive |
| CVE-2026-49361 | Apache Fluss Netty Frame Decoder Memory Exhaustion Vulnerability | Apache Software Foundation | Apache Fluss (incubating) | - | - | 2026-06-01 07:57:27 | Deep Dive |
| CVE-2026-10517 | Clair: clair: unauthenticated ssrf via manifest layer uri enables internal network reconnaissance | Red Hat | Red Hat Quay 3 | Medium | 5.8 | 2026-06-01 07:56:09 | Deep Dive |
| CVE-2026-40861 | Apache Airflow: Arbitrary File Read via Log Symlink following in FileTaskHandler | Apache Software Foundation | Apache Airflow | - | - | 2026-06-01 07:55:38 | Deep Dive |
| CVE-2026-40961 | Apache Airflow: Open Redirect Bypass Vulnerability | Apache Software Foundation | Apache Airflow | - | - | 2026-06-01 07:55:05 | Deep Dive |
| CVE-2026-40963 | Apache Airflow: DAG authorization bypass on /ui/structure/structure_data | Apache Software Foundation | Apache Airflow | - | - | 2026-06-01 07:54:34 | Deep Dive |
| CVE-2026-41014 | Apache Airflow: per-DAG RBAC bypass on /ui/partitioned_dag_runs endpoints | Apache Software Foundation | Apache Airflow | - | - | 2026-06-01 07:53:52 | Deep Dive |
| CVE-2026-49267 | Apache Airflow: No certificate validation on SMTP STARTTLS connections | Apache Software Foundation | Apache Airflow | - | - | 2026-06-01 07:53:13 | Deep Dive |
| CVE-2026-41017 | Apache Airflow: JWT cookie missing Secure flag in JWTRefreshMiddleware behind HTTPS-terminating proxy | Apache Software Foundation | Apache Airflow | - | - | 2026-06-01 07:52:34 | Deep Dive |
| CVE-2026-41084 | Apache Airflow: API authorization bypass: bulk TaskInstances allows cross-DAG mutation | Apache Software Foundation | Apache Airflow | - | - | 2026-06-01 07:51:57 | Deep Dive |
| CVE-2026-42252 | Apache Airflow: BashOperator Jinja2 injection via dag_run.conf — low-privilege user pattern | Apache Software Foundation | Apache Airflow | - | - | 2026-06-01 07:51:19 | Deep Dive |
| CVE-2026-42360 | Apache Airflow: Rendered template truncation bypasses nested sensitive-key masking | Apache Software Foundation | Apache Airflow | - | - | 2026-06-01 07:50:38 | Deep Dive |
| CVE-2026-42358 | Apache Airflow: Variable masker depth-limit bypass returns cleartext nested secrets | Apache Software Foundation | Apache Airflow | - | - | 2026-06-01 07:49:58 | Deep Dive |
| CVE-2026-42359 | Apache Airflow: Authenticated RCE via XCom PATCH endpoint — XComUpdateBody missing FORBIDDEN_XCOM_KEYS validator | Apache Software Foundation | Apache Airflow | - | - | 2026-06-01 07:49:17 | Deep Dive |
| CVE-2026-45360 | Apache Airflow: Arbitrary import in custom deadline-reference deserialization | Apache Software Foundation | Apache Airflow | - | - | 2026-06-01 07:48:13 | Deep Dive |
| CVE-2026-8474 | Possible to run a Cross Site Scripting request on the login API available on Stormshield SNS appliances. | StormShield | StormShield Network Security | Medium | 5.3 | 2026-06-01 07:47:55 | Deep Dive |
| CVE-2026-45426 | Apache Airflow: Log server JWT authorization bypass via Python lstrip() character stripping allows cross-Dag log access | Apache Software Foundation | Apache Airflow | - | - | 2026-06-01 07:47:17 | Deep Dive |