| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-47744 | Shopper: Authorization bypass and RBAC privilege escalation in team settings | shopperlabs | shopper | Critical | 9.9 | 2026-05-29 17:58:21 | Deep Dive |
| CVE-2026-47745 | Shopper: Missing per-action authorization on PaymentMethods, Currencies and Carriers admin tables | shopperlabs | shopper | Medium | 6.5 | 2026-05-29 17:55:39 | Deep Dive |
| CVE-2026-44651 | SillyTavern: Reflected XSS vulnerability in the CORS proxy middleware | SillyTavern | SillyTavern | - | - | 2026-05-29 17:49:19 | Deep Dive |
| CVE-2026-44650 | SillyTavern: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | SillyTavern | SillyTavern | Critical | 9.1 | 2026-05-29 17:48:03 | Deep Dive |
| CVE-2026-40425 | MacGregor Voyage Data Recorder (VDR) G4e Files or Directories Accessible to External Parties | Danelec | MacGregor Voyage Data Recorder (VDR) G4e | Medium | 5.7 | 2026-05-29 17:47:18 | Deep Dive |
| CVE-2026-44648 | SillyTavern: Existing sessions are not invalidated after password change, allowing session reuse and account takeover | SillyTavern | SillyTavern | High | 7.5 | 2026-05-29 17:46:28 | Deep Dive |
| CVE-2026-44649 | SillyTavern: Authentication Bypass via SSO Header Injection | SillyTavern | SillyTavern | Critical | 9.8 | 2026-05-29 17:45:26 | Deep Dive |
| CVE-2026-42929 | MacGregor Voyage Data Recorder (VDR) G4e Use of Hard-coded Credentials | Danelec | MacGregor Voyage Data Recorder (VDR) G4e | High | 8.3 | 2026-05-29 17:44:49 | Deep Dive |
| CVE-2026-44652 | SillyTavern: SSRF vulnerability in the CORS proxy middleware | SillyTavern | SillyTavern | - | - | 2026-05-29 17:43:07 | Deep Dive |
| CVE-2026-44611 | MacGregor Voyage Data Recorder (VDR) G4e Use of Password Hash With Insufficient Computational Effort | Danelec | MacGregor Voyage Data Recorder (VDR) G4e | Medium | 5.4 | 2026-05-29 17:42:16 | Deep Dive |
| CVE-2026-46372📌💣 | SillyTavern: SSRF in SearXNG Search Proxy via Unvalidated baseUrl | SillyTavern | SillyTavern | High | 8.5 | 2026-05-29 17:41:58 | Deep Dive |
| CVE-2026-42951 | MacGregor Voyage Data Recorder (VDR) G4e Insufficiently Protected Credentials | Danelec | MacGregor Voyage Data Recorder (VDR) G4e | Medium | 5.4 | 2026-05-29 17:32:11 | Deep Dive |
| CVE-2026-42941 | MacGregor Voyage Data Recorder (VDR) G4e Use of Default Credentials | Danelec | MacGregor Voyage Data Recorder (VDR) G4e | High | 8.3 | 2026-05-29 17:27:29 | Deep Dive |
| CVE-2026-45668 | Trilium Notes : Note Import to RCE via #docName Path Traversal (Safe Import Enabled) | TriliumNext | Trilium | - | - | 2026-05-29 17:18:29 | Deep Dive |
| CVE-2026-44697 | Klever-Go MultiDataInterceptor: remote OOM via crafted compressed P2P payload | klever-io | klever-go | High | 8.6 | 2026-05-29 17:14:43 | Deep Dive |
| CVE-2026-7786 | Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter Use of Hard-coded Credentials | Jinan USR IOT Technology Limited (PUSR) | USR-W610 RS232/485 to Wi-Fi/Ethernet Converter | Critical | 9.8 | 2026-05-29 17:11:33 | Deep Dive |
| CVE-2026-45625 | Arcane: Missing admin authorization on git repository endpoints allows non-admin users to exfiltrate stored Git credentials and tamper with GitOps configs | getarcaneapp | arcane | Critical | 9.9 | 2026-05-29 17:10:57 | Deep Dive |
| CVE-2026-45626 | Arcane: OS Command Injection in Volume Browser ListDirectory via path query parameter | getarcaneapp | arcane | Medium | 6.3 | 2026-05-29 17:10:23 | Deep Dive |
| CVE-2026-45627 | Arcane: Unauthenticated reflected XSS via SVG color parameter in /api/app-images/logo enables admin account takeover | getarcaneapp | arcane | High | 8.2 | 2026-05-29 17:08:54 | Deep Dive |
| CVE-2026-47125 | Arcane: Missing admin authorization on global variables endpoint | getarcaneapp | arcane | High | 8.8 | 2026-05-29 17:07:22 | Deep Dive |