| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-10069 | Shibby Tomato miniupnpd resource consumption | Shibby | Tomato | High | 7.5 | 2026-05-29 16:00:12 | Deep Dive |
| CVE-2026-10099 | XX-Net V5.16.6 WebSocket Frame Parsing Data Corruption via simple_http_server.py | XX-net | XX-Net | Medium | 4.0 | 2026-05-29 15:58:24 | Deep Dive |
| CVE-2026-10068 | Shibby Tomato SUBSCRIBE Call miniupnpd send server-side request forgery | Shibby | Tomato | High | 7.3 | 2026-05-29 15:45:11 | Deep Dive |
| CVE-2026-44962 | Plesk 安全漏洞 | WebPros | Plesk | Critical | 9.9 | 2026-05-29 15:41:24 | Deep Dive |
| CVE-2026-10067 | Shibby Tomato multimon.cgi sub_90F0 stack-based overflow | Shibby | Tomato | High | 8.8 | 2026-05-29 15:30:15 | Deep Dive |
| CVE-2026-10101 | Assisted-service: assisted-service: infraenv status leaks referenced pull-secret contents to namespace view users | Red Hat | Multicluster Engine for Kubernetes | Medium | 6.3 | 2026-05-29 15:23:01 | Deep Dive |
| CVE-2026-10066 | Shibby Tomato UPS Service tomatoups.cgi sub_9068 stack-based overflow | Shibby | Tomato | High | 8.8 | 2026-05-29 15:15:12 | Deep Dive |
| CVE-2026-48501 | GitHub CLI tokens leak via `gh attestation` commands | cli | cli | High | 7.4 | 2026-05-29 15:14:55 | Deep Dive |
| CVE-2026-33386 | XSS in QuickCMS | OpenSolution | QuickCMS | - | - | 2026-05-29 15:12:21 | Deep Dive |
| CVE-2026-33384 | Session Fixation in QuickCMS | OpenSolution | QuickCMS | - | - | 2026-05-29 15:12:14 | Deep Dive |
| CVE-2026-35674 | OpenClaw < 2026.5.18 - Scope Bypass via Inherited chat.send Route | OpenClaw | OpenClaw | High | 8.8 | 2026-05-29 15:11:30 | Deep Dive |
| CVE-2026-35673 | OpenClaw < 2026.4.29 - SSRF Policy Bypass via Browser Debug/Export Routes | OpenClaw | OpenClaw | Medium | 6.5 | 2026-05-29 15:11:04 | Deep Dive |
| CVE-2026-35630 | OpenClaw < 2026.5.18 - QQBot Missing Approver Identity Enforcement in Native Approval Buttons | OpenClaw | OpenClaw | High | 8.0 | 2026-05-29 15:10:31 | Deep Dive |
| CVE-2026-34507 | OpenClaw < 2026.4.29 - Policy Bypass in QQBot Admin Commands via DM-only and allowFrom Checks | OpenClaw | OpenClaw | Medium | 5.4 | 2026-05-29 15:09:57 | Deep Dive |
| CVE-2026-32906 | OpenClaw < 2026.5.12 - Privilege Escalation in Slack Plugin Approvals via Exec Approver Gate | OpenClaw | OpenClaw | Medium | 4.3 | 2026-05-29 15:09:31 | Deep Dive |
| CVE-2026-32905 | OpenClaw < 2026.5.4 - Unauthorized Device-Pairing Bootstrap Code Issuance via Chat Command | OpenClaw | OpenClaw | High | 8.3 | 2026-05-29 15:09:03 | Deep Dive |
| CVE-2026-10065 | Shibby Tomato tomatodata.cgi get_ups_field stack-based overflow | Shibby | Tomato | High | 8.8 | 2026-05-29 15:00:18 | Deep Dive |
| CVE-2018-25404 | The Open ISES Project 3.30A SQL Injection via add_facnote.php | Open ISES | Open ISES Project | High | 8.2 | 2026-05-29 14:46:44 | Deep Dive |
| CVE-2018-25402 | The Open ISES Project 3.30A SQL Injection via inc_types_graph.php | Open ISES | Open ISES Project | High | 8.2 | 2026-05-29 14:46:43 | Deep Dive |
| CVE-2018-25403 | The Open ISES Project 3.30A SQL Injection via city_graph.php | Open ISES | Open ISES Project | High | 8.2 | 2026-05-29 14:46:43 | Deep Dive |