| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-44886 | Pi.Alert: Web Interface Vulnerable to Unauthenticated Blind SQL Injection | leiweibau | Pi.Alert | - | - | 2026-05-27 19:16:56 | Deep Dive |
| CVE-2026-44887 | Unauthenticated RCE via Python Config File Injection in SaveConfigFile() (Path) | leiweibau | Pi.Alert | Critical | 9.8 | 2026-05-27 19:15:28 | Deep Dive |
| CVE-2026-44888 | Unauthenticated RCE via Python Config File Injection in SaveConfigFile() (Interger) | leiweibau | Pi.Alert | Critical | 9.8 | 2026-05-27 19:14:44 | Deep Dive |
| CVE-2026-45108 | Himmelblau: Authentication Bypass via Cross-User Local Session Impersonation in Device Authorization Grant (DAG) Flow | himmelblau-idm | himmelblau | High | 8.4 | 2026-05-27 18:53:29 | Deep Dive |
| CVE-2026-45102 | OneUptime: RCE due to Node.js' vm module escape via error objects and infinite recursion | OneUptime | oneuptime | Critical | 9.9 | 2026-05-27 18:50:19 | Deep Dive |
| CVE-2026-45104 | MapServer: NULL pointer dereference in SLD `<ElseFilter>` rule parsing reachable via WMS `SLD_BODY` | MapServer | MapServer | High | 7.5 | 2026-05-27 18:41:39 | Deep Dive |
| CVE-2026-42877 | FacturaScripts: Stored XSS via product reference in sales/purchases | NeoRazorX | facturascripts | Medium | 5.4 | 2026-05-27 18:37:06 | Deep Dive |
| CVE-2026-9759 | NULL Pointer Dereference in Wireshark | Wireshark Foundation | Wireshark | Medium | 5.5 | 2026-05-27 18:33:19 | Deep Dive |
| CVE-2026-47161 | RELATE Vulnerable to Remote Code Execution (RCE) via Insecure Celery Pickle Deserialization | inducer | relate | - | - | 2026-05-27 18:31:55 | Deep Dive |
| CVE-2026-42197 | RELATE Vulnerable to Stored XSS via Unprivileged User Profile | inducer | relate | High | 8.7 | 2026-05-27 18:30:27 | Deep Dive |
| CVE-2026-42879 | FacturaScripts: Authenticated Remote Code Execution (RCE) via GIF Image Upload in Product Images | NeoRazorX | facturascripts | Medium | 6.3 | 2026-05-27 18:29:47 | Deep Dive |
| CVE-2026-42878 | FacturaScripts: Unauthenticated phpinfo() Disclosure via Installer Endpoint in FacturaScripts | NeoRazorX | facturascripts | Medium | 5.3 | 2026-05-27 18:28:06 | Deep Dive |
| CVE-2026-45046 | Gryph Agents Payload Filter Fails to Strip Tool Payload for Sensitive Content | safedep | gryph | Medium | 5.5 | 2026-05-27 18:24:23 | Deep Dive |
| CVE-2026-44635 | Kysely: JSON-path traversal injection via unsanitized path-leg metacharacters in `JSONPathBuilder.key()` / `.at()` | kysely-org | kysely | High | 7.5 | 2026-05-27 18:21:57 | Deep Dive |
| CVE-2026-1402 | Allocation of Resources Without Limits or Throttling in GitLab | GitLab | GitLab | Medium | 6.5 | 2026-05-27 17:55:49 | Deep Dive |
| CVE-2026-2601 | Missing Authorization in GitLab | GitLab | GitLab | Medium | 4.3 | 2026-05-27 17:55:39 | Deep Dive |
| CVE-2026-4868 | Authorization Bypass Through User-Controlled Key in GitLab | GitLab | GitLab | High | 8.2 | 2026-05-27 17:55:24 | Deep Dive |
| CVE-2026-5296 | Missing Authorization in GitLab | GitLab | GitLab | Medium | 4.3 | 2026-05-27 17:55:19 | Deep Dive |
| CVE-2026-6713🧪 | Incorrect Authorization in GitLab | GitLab | GitLab | Medium | 5.3 | 2026-05-27 17:55:14 | Deep Dive |
| CVE-2026-8716 | Use of Incorrectly-Resolved Name or Reference in GitLab | GitLab | GitLab | Medium | 4.3 | 2026-05-27 17:54:59 | Deep Dive |