| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-45610 | WWBN AVideo plugin/LoginControl/set.json.php: 2FA toggle endpoint has no CSRF protection, letting an attacker page silently disable a logged-in victim's 2FA | WWBN | AVideo | Medium | 5.7 | 2026-05-29 13:13:09 | Deep Dive |
| CVE-2026-45619 | AVideo CVE-2026-43884 incomplete fix - `isSSRFSafeURL()` call sites still discard the `$resolvedIP` out-param at master HEAD post | WWBN | AVideo | Medium | 6.5 | 2026-05-29 13:11:37 | Deep Dive |
| CVE-2026-45620 | AVideo CVE-2026-43881 incomplete fix - `objects/mention.json.php:17` is an unauthenticated user enumeration | WWBN | AVideo | Medium | 5.3 | 2026-05-29 13:07:20 | Deep Dive |
| CVE-2026-45731 | WWBN AVideo: Authenticated Arbitrary File Read in view/update.php | WWBN | AVideo | - | - | 2026-05-29 13:05:03 | Deep Dive |
| CVE-2026-46337 | WWBN AVideo: Unauthenticated Arbitrary Image Read via Path Traversal in `view/img/image404Raw.php` | WWBN | AVideo | - | - | 2026-05-29 13:03:02 | Deep Dive |
| CVE-2026-47694 | WWBN AVideo: Stored XSS via unescaped Gallery category description | WWBN | AVideo | Medium | 5.4 | 2026-05-29 13:00:37 | Deep Dive |
| CVE-2026-47696 | WWBN AVideo: Authenticated wallet credit bypass in AuthorizeNet processPayment endpoint | WWBN | AVideo | - | - | 2026-05-29 12:59:30 | Deep Dive |
| CVE-2026-45555 | Roslyn CodeLens MCP Server: Untrusted Roslyn Analyzer Execution via get_diagnostics Leads to Arbitrary Code Execution | MarcelRoozekrans | roslyn-codelens-mcp | High | 7.8 | 2026-05-29 12:55:00 | Deep Dive |
| CVE-2026-10075 | Interinfo|DreamMaker - Path Traversal | Interinfo | DreamMaker | Medium | 5.3 | 2026-05-29 12:53:18 | Deep Dive |
| CVE-2026-44237 | FreePBX: Authenticated Access can lead to Subsequent OAuth2 Authentication Bypass in API Module | FreePBX | security-reporting | - | - | 2026-05-29 12:46:23 | Deep Dive |
| CVE-2026-10074 | Interinfo|DreamMaker - Arbitrary File Read | Interinfo | DreamMaker | Medium | 4.9 | 2026-05-29 12:45:46 | Deep Dive |
| CVE-2026-44238 | FreePBX: Authenticated SQL Injection via ORDER BY in CDR Reports | FreePBX | security-reporting | - | - | 2026-05-29 12:44:27 | Deep Dive |
| CVE-2026-44239 | FreePBX: Authenticated Local File Inclusion in Dashboard Module | FreePBX | security-reporting | - | - | 2026-05-29 12:42:32 | Deep Dive |
| CVE-2026-49317 | Indian Scout Bobber 2025 Infotainment Digital Round skips PIN entry when WCM is silent at boot | Indian Motorcycle (Polaris Inc.) | Scout Bobber + Tech | Low | 2.4 | 2026-05-29 12:42:28 | Deep Dive |
| CVE-2026-46376 | FreePBX: Unauthenticated Use of Hard-Coded Credentials Vulnerability in FreePBX UCP Interface | FreePBX | security-reporting | - | - | 2026-05-29 12:39:58 | Deep Dive |
| CVE-2026-10073 | Interinfo|DreamMaker - Arbitrary File Read | Interinfo | DreamMaker | High | 7.5 | 2026-05-29 12:39:32 | Deep Dive |
| CVE-2026-49316 | Indian Scout Bobber 2025 WCM CAN bus-off attack silently bypasses anti-theft shutdown | Indian Motorcycle (Polaris Inc.) | Scout Bobber + Tech | Medium | 4.6 | 2026-05-29 12:39:23 | Deep Dive |
| CVE-2026-49325 | Indian Scout Bobber 2025 WCM voltage-based shutdown | Indian Motorcycle (Polaris Inc.) | Scout Bobber + Tech | Medium | 4.6 | 2026-05-29 12:37:42 | Deep Dive |
| CVE-2026-10072 | Interinfo|DreamMaker - Arbitrary File Upload | Interinfo | DreamMaker | High | 7.2 | 2026-05-29 12:36:10 | Deep Dive |
| CVE-2026-45551 | Group-Office: Authenticated Stored XSS in Administrator Context via Arbitrary Cross-User Setting Write | Intermesh | groupoffice | - | - | 2026-05-29 12:34:23 | Deep Dive |