| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-32250 | NamelessMC has Reflected Cross-Site Scripting (XSS) in id parameter of /index.php?route=/queries/user/ | NamelessMC | Nameless | Medium | 4.3 | 2026-06-02 13:37:13 | Deep Dive |
| CVE-2026-39555 | WordPress Askka theme <= 1.3.1 - PHP Object Injection vulnerability | Elated-Themes | Askka | High | 8.1 | 2026-06-02 13:34:51 | Deep Dive |
| CVE-2026-9844 | Vulnerability in navify® Digital Pathology | Roche Diagnostics | navify Digital Pathology | - | - | 2026-06-02 13:23:46 | Deep Dive |
| CVE-2026-7313 | CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity | Progress Software | Sitefinity | High | 8.7 | 2026-06-02 13:09:47 | Deep Dive |
| CVE-2026-7312 | CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity | Progress Software | Sitefinity | Critical | 10.0 | 2026-06-02 13:09:06 | Deep Dive |
| CVE-2026-7201 | CWE-639: Authorization Bypass Through User-Controlled Key in web services in Progress Sitefinity | Progress Software | Sitefinity | High | 8.8 | 2026-06-02 13:07:37 | Deep Dive |
| CVE-2026-7198 | CWE-284: Improper Access Control in web services in Progress Sitefinity | Progress Software | Sitefinity | Critical | 9.8 | 2026-06-02 13:06:32 | Deep Dive |
| CVE-2026-7195 | CWE-20: Improper Input Validation in web services in Progress Sitefinity | Progress Software | Sitefinity | High | 8.8 | 2026-06-02 13:04:40 | Deep Dive |
| CVE-2026-10611 | OTP bypass via plugin-based LDAP authentication in MISP when LDAP mixed authentication is enabled | misp | misp | - | - | 2026-06-02 12:48:11 | Deep Dive |
| CVE-2026-39553 | WordPress WaveRide theme <= 1.4 - Local File Inclusion vulnerability | Select-Themes | WaveRide | High | 8.1 | 2026-06-02 12:41:10 | Deep Dive |
| CVE-2026-39552 | WordPress Blueprint theme < 1.1.5 - Local File Inclusion vulnerability | Code Supply Co. | Blueprint | High | 8.1 | 2026-06-02 12:39:50 | Deep Dive |
| CVE-2026-41918 | RUGGEDCOM RST2428P <V4.0浏览器缓存敏感信息泄露漏洞 | Siemens | RUGGEDCOM RST2428P | Medium | 5.7 | 2026-06-02 12:06:50 | Deep Dive |
| CVE-2026-8993 | Improper URL Handler Processing in D.Launcher 2 enables NTLM Credential Disclosure and SSRF attacks | Ditec a.s. | D.Launcher 2 | Medium | 6.5 | 2026-06-02 11:13:40 | Deep Dive |
| CVE-2026-39551 | WordPress Töbel theme <= 1.8.1 - PHP Object Injection vulnerability | Elated-Themes | Töbel | High | 8.1 | 2026-06-02 10:46:57 | Deep Dive |
| CVE-2026-39550 | WordPress Aperitif theme <= 1.6 - PHP Object Injection vulnerability | Elated-Themes | Aperitif | High | 8.1 | 2026-06-02 10:44:44 | Deep Dive |
| CVE-2026-42685 | WordPress WP Job Portal plugin <= 2.5.1 - Cross Site Scripting (XSS) vulnerability | Ahmad | WP Job Portal | High | 7.1 | 2026-06-02 10:43:42 | Deep Dive |
| CVE-2026-42684 | WordPress WP Job Portal plugin <= 2.5.1 - SQL Injection vulnerability | Ahmad | WP Job Portal | Critical | 9.3 | 2026-06-02 10:42:47 | Deep Dive |
| CVE-2026-42670 | WordPress Five Star Restaurant Reservations plugin <= 2.7.14 - Payment Bypass vulnerability | Etoile Web Design Incorporated | Five Star Restaurant Reservations | - | - | 2026-06-02 10:41:34 | Deep Dive |
| CVE-2026-42669 | WordPress EventPrime plugin <= 4.3.2.0 - Broken Access Control vulnerability | EventPrime | EventPrime | High | 7.5 | 2026-06-02 10:40:24 | Deep Dive |
| CVE-2025-58705 | WordPress Crafti theme <= 1.12 - Local File Inclusion vulnerability | Axiomthemes | Crafti | High | 8.1 | 2026-06-02 10:27:26 | Deep Dive |