| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-8770 | continuedev continue JSON-RPC Server lsTool.ts lsTool path traversal | continuedev | continue | Low | 3.3 | 2026-05-17 23:15:15 | Deep Dive |
| CVE-2026-8769 | vercel ai provider-utils response-handler.ts createJsonErrorResponseHandler resource consumption | vercel | ai | Medium | 4.3 | 2026-05-17 23:00:14 | Deep Dive |
| CVE-2026-8768 | vercel ai provider-utils download-blob.ts validateDownloadUrl server-side request forgery | vercel | ai | High | 7.3 | 2026-05-17 22:45:10 | Deep Dive |
| CVE-2026-8767 | vercel ai PR Branch Name Interpolation prettier-on-automerge.yml run os command injection | vercel | ai | Medium | 5.0 | 2026-05-17 22:30:10 | Deep Dive |
| CVE-2026-8766 | Kilo-Org kilocode Environment Variable config.ts load information disclosure | Kilo-Org | kilocode | Medium | 4.3 | 2026-05-17 22:15:09 | Deep Dive |
| CVE-2026-8765 | Kilo-Org kilocode File Diff API Endpoint worktree-diff.ts Bun.file path traversal | Kilo-Org | kilocode | Medium | 4.3 | 2026-05-17 22:00:13 | Deep Dive |
| CVE-2026-8764🧪 | H3C Magic B3 aspForm UpdateWanParams buffer overflow | H3C | Magic B3 | High | 7.2 | 2026-05-17 21:30:12 | Deep Dive |
| CVE-2026-8721 | Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs | JONASBN | Crypt::OpenSSL::PKCS12 | - | - | 2026-05-17 18:51:41 | Deep Dive |
| CVE-2026-8507 | Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws | JONASBN | Crypt::OpenSSL::PKCS12 | - | - | 2026-05-17 18:43:06 | Deep Dive |
| CVE-2026-46720 | Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric injections | RRWO | Net::Statsd::Tiny | - | - | 2026-05-17 17:51:41 | Deep Dive |
| CVE-2026-8759 | xiandafu beetl SpELFunction SpELFunction.java expression language injection | xiandafu | beetl | High | 7.3 | 2026-05-17 14:15:42 | Deep Dive |
| CVE-2026-8758 | Metasoft 美特软件 MetaCRM upload3.jsp unrestricted upload | Metasoft 美特软件 | MetaCRM | High | 7.3 | 2026-05-17 13:45:37 | Deep Dive |
| CVE-2026-8757 | adenhq hive Delete Request routes_sessions.py _read_events_tail path traversal | adenhq | hive | High | 7.3 | 2026-05-17 13:15:10 | Deep Dive |
| CVE-2026-8756 | fishaudio Bert-VITS2 Gradio webui_preprocess.py generate_config path traversal | fishaudio | Bert-VITS2 | High | 7.3 | 2026-05-17 13:00:17 | Deep Dive |
| CVE-2026-8755 | fishaudio Bert-VITS2 Model hiyoriUI.py _get_all_models path traversal | fishaudio | Bert-VITS2 | High | 7.3 | 2026-05-17 12:45:09 | Deep Dive |
| CVE-2026-8754 | AstrBotDevs AstrBot File Upload chat.py post_file path traversal | AstrBotDevs | AstrBot | Medium | 6.3 | 2026-05-17 12:15:10 | Deep Dive |
| CVE-2018-25334 | Zechat 1.5 Cross-Site Request Forgery (CSRF) via hashtag parameter | Bylancer | Zechat | Medium | 5.4 | 2026-05-17 12:12:25 | Deep Dive |
| CVE-2018-25339 | Zechat 1.5 SQL Injection via v parameter (time-based blind) | Bylancer | Zechat | High | 8.2 | 2026-05-17 12:11:43 | Deep Dive |
| CVE-2018-25338 | Zechat 1.5 SQL Injection via hashtag parameter | Bylancer | Zechat | High | 8.2 | 2026-05-17 12:11:42 | Deep Dive |
| CVE-2018-25337 | Joomla JoomOCShop 1.0 Cross-Site Request Forgery | Joomlaextensions | Joomla! extension JoomOCShop | Medium | 4.3 | 2026-05-17 12:11:41 | Deep Dive |