| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-47179 | Arcane: Authenticated Arbitrary Host File Read via Docker Compose Include Directives in Arcane | getarcaneapp | arcane | High | 7.7 | 2026-05-29 17:06:34 | Deep Dive |
| CVE-2026-5768 | Fourth Frontier Frontier X Mobile Application, Frontier X2 Missing Authentication for Critical Function | Fourth Frontier | Frontier X Android application | High | 8.8 | 2026-05-29 16:58:02 | Deep Dive |
| CVE-2026-45577 | Neotoma: Unauthenticated Inspector/API access via reverse-proxy loopback auth bypass | markmhendrickson | neotoma | - | - | 2026-05-29 16:53:33 | Deep Dive |
| CVE-2026-10108 | xiaomusic 0.5.7 Path Traversal via GET /music endpoint | hanxi | xiaomusic | High | 7.5 | 2026-05-29 16:51:41 | Deep Dive |
| CVE-2026-45660 | Statamic: Server-Side Request Forgery via Glide | statamic | cms | Medium | 5.4 | 2026-05-29 16:43:34 | Deep Dive |
| CVE-2026-10107 | MoviePilot v2 SSRF via /api/v1/system/img/{proxy} Endpoint | jxxghp | MoviePilot | High | 7.7 | 2026-05-29 16:41:25 | Deep Dive |
| CVE-2026-6824 | CP Plus 8 Ch. Network Video Recorder Cross-site Scripting | CP Plus | CP-UNR-108F1 Hardware | High | 8.4 | 2026-05-29 16:41:05 | Deep Dive |
| CVE-2026-45629 | Dokploy: Authenticated Remote Code Execution via Command Injection in /listen-deployment WebSocket Endpoint | Dokploy | dokploy | Critical | 9.9 | 2026-05-29 16:41:00 | Deep Dive |
| CVE-2026-43917 | Dokploy: Cross-Organization IDOR - Multiple tRPC endpoints missing activeOrganizationId validation | Dokploy | dokploy | - | - | 2026-05-29 16:40:06 | Deep Dive |
| CVE-2026-45628 | Dokploy: Command Injection via Unescaped Branch Fields in Deployment Pipeline | Dokploy | dokploy | Critical | 9.6 | 2026-05-29 16:33:24 | Deep Dive |
| CVE-2026-5386 | KMW CCTV Security Cameras Unverified Password Change | KMW | KM-IP521 | Critical | 9.1 | 2026-05-29 16:25:17 | Deep Dive |
| CVE-2026-10105 | agno 2.6.5 SQL Injection via ClickHouse delete_by_metadata() | agno-agi | agno | High | 8.3 | 2026-05-29 16:18:20 | Deep Dive |
| CVE-2026-45630 | Dokploy: Authenticated Remote Code Execution via Command Injection in updateTraefikConfig Echo Statement | Dokploy | dokploy | Critical | 9.0 | 2026-05-29 16:15:36 | Deep Dive |
| CVE-2026-10070 | macrozheng mall Super Admin Password update improper authorization | macrozheng | mall | Medium | 4.7 | 2026-05-29 16:15:07 | Deep Dive |
| CVE-2026-45631 | Dokploy: Pre-Auth Admin Takeover via Hardcoded Authentication Secret | Dokploy | dokploy | Critical | 10.0 | 2026-05-29 16:14:00 | Deep Dive |
| CVE-2026-45632 | Dokploy: Schedule Authorization Bypass Enables Host/Server Command Execution | Dokploy | dokploy | Critical | 9.9 | 2026-05-29 16:11:19 | Deep Dive |
| CVE-2026-45633 | Dokploy: Command Injection in /docker-container-logs Endpoint | Dokploy | dokploy | Critical | 9.9 | 2026-05-29 16:10:20 | Deep Dive |
| CVE-2026-45661 | Dokploy: Remote Code Execution through Path Traversal | Dokploy | dokploy | Critical | 9.9 | 2026-05-29 16:07:54 | Deep Dive |
| CVE-2026-45662 | Dokploy: Command Injection via incomplete shell escaping in docker logout (registry deletion) | Dokploy | dokploy | High | 8.8 | 2026-05-29 16:04:51 | Deep Dive |
| CVE-2026-45663 | Dokploy: Remote Code Execution via destinationPath in Container File Upload | Dokploy | dokploy | Critical | 9.9 | 2026-05-29 16:03:23 | Deep Dive |