| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-46111 | Bluetooth: hci_conn: fix potential UAF in create_big_sync | Linux | Linux | High | 7.8 | 2026-05-28 09:35:20 | Deep Dive |
| CVE-2026-46110 | net: stmmac: Prevent NULL deref when RX memory exhausted | Linux | Linux | High | 7.5 | 2026-05-28 09:35:18 | Deep Dive |
| CVE-2026-46109 | usb: ulpi: fix memory leak on ulpi_register() error paths | Linux | Linux | - | - | 2026-05-28 09:35:16 | Deep Dive |
| CVE-2026-46108 | ipmi:si: Return state to normal if message allocation fails | Linux | Linux | - | - | 2026-05-28 09:35:15 | Deep Dive |
| CVE-2026-46107 | dm-thin: fix metadata refcount underflow | Linux | Linux | High | 7.8 | 2026-05-28 09:35:13 | Deep Dive |
| CVE-2026-46106 | eventfs: Hold eventfs_mutex and SRCU when remount walks events | Linux | Linux | - | - | 2026-05-28 09:35:11 | Deep Dive |
| CVE-2026-46105 | scsi: mpt3sas: Limit NVMe request size to 2 MiB | Linux | Linux | High | 7.8 | 2026-05-28 09:35:09 | Deep Dive |
| CVE-2026-46104 | selinux: use sk blob accessor in socket permission helpers | Linux | Linux | - | - | 2026-05-28 09:35:07 | Deep Dive |
| CVE-2026-9813 | FlowIntel external reference URL probe allows server-side request forgery | flowintel | flowintel | - | - | 2026-05-28 09:27:26 | Deep Dive |
| CVE-2026-47074 | ex_aws_sns SigningCertURL not validated in verify_message/1 | ex-aws | ex_aws_sns | - | - | 2026-05-28 09:05:55 | Deep Dive |
| CVE-2026-4377 | Use of Weak Credentials in D-Link DWR-X1820 router | D-Link Corporation | DWR-X1820 | - | - | 2026-05-28 09:02:45 | Deep Dive |
| CVE-2025-48977 | Apache Ignite: REST HTTP arbitrary file read vulnerability | Apache Software Foundation | Apache Ignite | - | - | 2026-05-28 08:58:07 | Deep Dive |
| CVE-2026-4334 | Shariff Wrapper <= 4.6.20 - Authenticated (Contributor+) Cross-Site Scripting | 3uu | Shariff Wrapper | Medium | 6.4 | 2026-05-28 08:27:39 | Deep Dive |
| CVE-2026-6226 | Frontend Admin by DynamiApps <= 3.29.2 - Unauthenticated Privilege Escalation via Form Configuration Injection | shabti | Frontend Admin by DynamiApps | High | 8.8 | 2026-05-28 08:27:38 | Deep Dive |
| CVE-2024-47097 | Reflected Cross-Site Scripting in Follet School Solutions Destiny | Follet School Solutions | Destiny | - | - | 2026-05-28 08:25:57 | Deep Dive |
| CVE-2024-47096 | Reflected Cross-Site Scripting in Follet School Solutions Destiny | Follet School Solutions | Destiny | - | - | 2026-05-28 08:25:47 | Deep Dive |
| CVE-2026-9804 | Kubevirt: kubevirt: vmexport directory symlink escape enables exporter pod file read | Red Hat | Red Hat OpenShift Virtualization 4 | High | 7.7 | 2026-05-28 08:15:40 | Deep Dive |
| CVE-2026-6937 | Appointment Booking Calendar <= 1.6.11.8 - Missing Authorization to Unauthenticated Arbitrary Modification via Bulk Appointments REST API Endpoint | croixhaug | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | Medium | 5.3 | 2026-05-28 07:43:44 | Deep Dive |
| CVE-2026-7048 | Photo Gallery by 10Web <= 1.8.40 - Authenticated (Contributor+) SQL Injection via 'order_by' Shortcode Attribute | 10web | Photo Gallery by 10Web – Mobile-Friendly Image Gallery | Medium | 6.5 | 2026-05-28 07:43:43 | Deep Dive |
| CVE-2026-9015 | Equalize Digital Accessibility Checker <= 1.42.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Accessibility Issue Modification via edac_insert_ignore_data AJAX Action | equalizedigital | Equalize Digital Accessibility Checker – WCAG, ADA, EAA and Section 508 compliance | Medium | 4.3 | 2026-05-28 07:43:43 | Deep Dive |