| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-46416 | Microsoft UFO shared WebSocket handler state causes cross-client response hijacking | microsoft | UFO | Medium | 6.3 | 2026-05-27 21:56:14 | Deep Dive |
| CVE-2026-46414 | Microsoft UFO WebSocket role spoofing allows authenticated peer task hijacking | microsoft | UFO | High | 8.8 | 2026-05-27 21:54:52 | Deep Dive |
| CVE-2026-46402 | Microsoft UFO uses untrusted task_name in log paths, allowing authenticated path traversal and log file creation outside the logs directory | microsoft | UFO | High | 8.1 | 2026-05-27 21:54:07 | Deep Dive |
| CVE-2026-46544 | Microsoft UFO reuses client-supplied WebSocket session IDs and replays stale task results to new authenticated requesters | microsoft | UFO | Medium | 5.3 | 2026-05-27 21:53:11 | Deep Dive |
| CVE-2026-9739 | Google MCP Toolbox for Databases 安全漏洞 | MCP Toolbox for Databases | - | - | 2026-05-27 21:38:56 | Deep Dive | |
| CVE-2026-45322 | OS Command Injection in Microsoft UFO Shell Action Replay via Stored Session JSON | microsoft | UFO | High | 7.8 | 2026-05-27 21:32:50 | Deep Dive |
| CVE-2026-45152 | uniget: Command Injection in tool.Check Leading to Arbitrary Code Execution | uniget-org | cli | High | 7.8 | 2026-05-27 21:05:01 | Deep Dive |
| CVE-2026-44720 | OpenLearnX: Critical Authentication Bypass via JWT Signature Verification Disabled Leading to Account Takeover | th30d4y | OpenLearnX | - | - | 2026-05-27 21:02:30 | Deep Dive |
| CVE-2026-45083 | Goobi viewer: Unauthenticated Solr Streaming Expression Proxy | intranda | goobi-viewer-core | Critical | 9.8 | 2026-05-27 21:00:52 | Deep Dive |
| CVE-2026-9208 | Tanium addressed an unauthorized code execution vulnerability in Connect. | Tanium | Connect | High | 8.8 | 2026-05-27 20:59:43 | Deep Dive |
| CVE-2026-44247 | Volcano: Webhook server vulnerable to OOM due to unbounded HTTP request body size | volcano-sh | volcano | Medium | 6.8 | 2026-05-27 20:56:47 | Deep Dive |
| CVE-2026-45137 | Anchor: Program<'info, System> is not properly validated | solana-foundation | anchor | High | 8.2 | 2026-05-27 20:52:23 | Deep Dive |
| CVE-2026-45136 | claude-code-cache-fix: Local code execution via Python triple-quote injection in tools/quota-statusline.sh | cnighswonger | claude-code-cache-fix | - | - | 2026-05-27 20:48:22 | Deep Dive |
| CVE-2026-44660 | UltraJSON: Memory Leak in ujson.dump() on Write Failure | ultrajson | ultrajson | - | - | 2026-05-27 20:43:00 | Deep Dive |
| CVE-2026-44712 | pam_usb: Shell injection via device UUID and username in pamusb-conf and pamusb-agent | mcdope | pam_usb | High | 8.2 | 2026-05-27 20:24:23 | Deep Dive |
| CVE-2026-44709 | pam_usb: PINENTRY_FALLBACK_APP environment variable allows arbitrary command execution | mcdope | pam_usb | High | 7.8 | 2026-05-27 20:20:53 | Deep Dive |
| CVE-2026-44710 | pam_usb: NULL pointer dereference from UDisks device fields causes PAM crash and login denial-of-service | mcdope | pam_usb | Medium | 4.6 | 2026-05-27 20:19:35 | Deep Dive |
| CVE-2026-44711 | pam_usb: Symlink attacks on pad directory and pad files enable authentication bypass and root file corruption | mcdope | pam_usb | High | 7.9 | 2026-05-27 20:18:46 | Deep Dive |
| CVE-2026-21785 | HCL BigFix Remote Control Server WebUI is affected by a misconfigured Content Security Policy | HCLSoftware | BigFix Remote Control Server | Medium | 4.0 | 2026-05-27 20:15:56 | Deep Dive |
| CVE-2026-44713 | pam_usb: Command injection via $TMUX environment variable leads to RCE as root | mcdope | pam_usb | High | 8.8 | 2026-05-27 20:13:13 | Deep Dive |