| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-5076 | ARMember Premium <= 7.3.1 - Insecure Password Reset Mechanism to Unauthenticated Privilege Escalation | armember | ARMember Premium – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup | Critical | 9.8 | 2026-06-02 18:30:46 | Deep Dive |
| CVE-2026-10616 | nextlevelbuilder GoClaw Team Task Completion team_tasks_lifecycle.go TeamTasksTool.executeComplete authorization | nextlevelbuilder | GoClaw | Medium | 4.3 | 2026-06-02 18:30:09 | Deep Dive |
| CVE-2026-34993 | AIOHTTP Vulnerable to Deserialization of Untrusted Data | aio-libs | aiohttp | Medium | 6.4 | 2026-06-02 18:29:16 | Deep Dive |
| CVE-2026-42342🧪 | React Router vulnerable to DoS via unbounded path expansion in __manifest endpoint | remix-run | react-router | High | 7.5 | 2026-06-02 18:23:03 | Deep Dive |
| CVE-2025-64390 | PS4固件13.00-13.02特权提升漏洞 | Sony | PS4 | - | - | 2026-06-02 18:20:59 | Deep Dive |
| CVE-2026-42211🧪 | React Router's vendored turbo-stream v2 allows arbitrary constructor invocation via TYPE_ERROR deserialization leading to Unauth RCE | remix-run | react-router | High | 8.1 | 2026-06-02 18:18:47 | Deep Dive |
| CVE-2026-49120🧪 | Medplum < 5.1.14 SSRF via FHIR Subscription Endpoint | medplum | medplum | High | 8.5 | 2026-06-02 18:05:10 | Deep Dive |
| CVE-2026-10608 | DedeCMS carbuyaction.php RemoveXSS sql injection | - | DedeCMS | High | 7.3 | 2026-06-02 18:00:11 | Deep Dive |
| CVE-2026-40181 | React Router's same-origin redirect with path starting // causes open redirect via protocol-relative URL reinterpretation | remix-run | react-router | - | - | 2026-06-02 17:55:10 | Deep Dive |
| CVE-2026-10607🧪 | DedeCMS flink.php dede_htmlspecialchars sql injection | - | DedeCMS | High | 7.3 | 2026-06-02 17:45:05 | Deep Dive |
| CVE-2026-34077🧪 | React Router vulnerable to Denial of Service via reflected user input in single-fetch | remix-run | react-router | High | 7.5 | 2026-06-02 17:31:36 | Deep Dive |
| CVE-2019-25721 | Dräger Infinity M300 VG2.3.1 Network-Based Denial of Service | Dräger | Infinity M300 | Medium | 6.5 | 2026-06-02 17:29:09 | Deep Dive |
| CVE-2026-1829 | Content Visibility for Divi Builder <= 4.02 - Authenticated (Contributor+) Remote Code Execution | jhorowitz | Content Visibility for Divi Builder | High | 8.8 | 2026-06-02 17:28:25 | Deep Dive |
| CVE-2026-8036 | Local privilege escalation in NI-PAL | NI | NI-PAL | High | 7.1 | 2026-06-02 17:26:19 | Deep Dive |
| CVE-2026-8035 | NULL pointer dereference in NI-PAL | NI | NI-PAL | High | 7.1 | 2026-06-02 17:22:08 | Deep Dive |
| CVE-2026-10702 | JIT miscompilation in the JavaScript Engine: JIT component | Mozilla | Firefox | - | - | 2026-06-02 17:16:01 | Deep Dive |
| CVE-2026-10701 | Incorrect boundary conditions in the Graphics: Text component | Mozilla | Firefox | - | - | 2026-06-02 17:16:00 | Deep Dive |
| CVE-2026-33245🧪 | React Router vulnerable to XSS in unstable RSC redirect handling via javascript: redirect targets | remix-run | react-router | High | 8.0 | 2026-06-02 17:14:50 | Deep Dive |
| CVE-2026-41577 | authentik: SAML source does not validate Conditions, timing, or audience on assertions | goauthentik | authentik | - | - | 2026-06-02 17:12:27 | Deep Dive |
| CVE-2026-33244 | React Router has stored XSS via unescaped Location header in prerendered redirect HTML | remix-run | react-router | Medium | 5.4 | 2026-06-02 16:59:31 | Deep Dive |