| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-44577 | Next.js: Denial of Service in the Image Optimization API | vercel | next.js | Medium | 5.9 | 2026-05-13 17:00:03 | Deep Dive |
| CVE-2026-44576 | Next.js: Cache poisoning in React Server Component responses | vercel | next.js | Medium | 5.4 | 2026-05-13 16:57:11 | Deep Dive |
| CVE-2026-44574 | Next.js: Middleware / Proxy bypass through dynamic route parameter injection | vercel | next.js | High | 8.1 | 2026-05-13 16:56:06 | Deep Dive |
| CVE-2026-44575 | Next.js: Middleware / Proxy bypass in App Router applications via segment-prefetch routes | vercel | next.js | High | 7.5 | 2026-05-13 16:54:39 | Deep Dive |
| CVE-2026-44573 | Next.js: Middleware / Proxy bypass in Pages Router applications using i18n | vercel | next.js | High | 7.5 | 2026-05-13 16:48:16 | Deep Dive |
| CVE-2026-2695 | Lack of Server-side validation in Instruction Input in TeamViewer DEX Platform (On-Premises) | TeamViewer | DEX (On-Premises) | Medium | 6.3 | 2026-05-13 16:09:09 | Deep Dive |
| CVE-2026-44572 | Next.js: Middleware / Proxy redirects can be cache-poisoned | vercel | next.js | Low | 3.7 | 2026-05-13 15:57:16 | Deep Dive |
| CVE-2025-32425 | AutoGPT has missing Docker log rotation on platform containers that allows host disk-exhaustion DoS | Significant-Gravitas | AutoGPT | - | - | 2026-05-13 15:55:03 | Deep Dive |
| CVE-2026-45028 | Astro: Server island encrypted parameters vulnerable to cross-component replay | withastro | astro | - | - | 2026-05-13 15:50:50 | Deep Dive |
| CVE-2026-45033 | GitHub Copilot CLI: Nested Bare Repository Can Execute Arbitrary Commands via core.fsmonitor | github | copilot-cli | - | - | 2026-05-13 15:45:27 | Deep Dive |
| CVE-2026-44470 | Claude Desktop: Local Privilege Escalation via Directory Junction in CoworkVMService | anthropics | claude-code | - | - | 2026-05-13 15:41:48 | Deep Dive |
| CVE-2026-44467 | Claude Desktop: SSH Host Key Verification Bypass Allows Man-in-the-Middle Attack on Remote Sessions | anthropics | claude-code | - | - | 2026-05-13 15:40:42 | Deep Dive |
| CVE-2026-44479 | Vercel: Non-interactive mode includes CLI arguments in suggested command output | vercel | vercel | Medium | 5.5 | 2026-05-13 15:36:37 | Deep Dive |
| CVE-2026-44664 | fast-xml-builder: Comment Value bypass regex | NaturalIntelligence | fast-xml-builder | Medium | 6.1 | 2026-05-13 15:27:35 | Deep Dive |
| CVE-2026-44665 | fast-xml-builder: Attribute values with unwanted quotes can bypass malicious or unwanted attributes | NaturalIntelligence | fast-xml-builder | Medium | 6.1 | 2026-05-13 15:24:55 | Deep Dive |
| CVE-2026-44431 | urllib3: Sensitive headers forwarded across origins in proxied low-level redirects | urllib3 | urllib3 | - | - | 2026-05-13 15:20:25 | Deep Dive |
| CVE-2026-44432 | urllib3: Decompression-bomb safeguards bypassed in parts of the streaming API | urllib3 | urllib3 | - | - | 2026-05-13 15:17:13 | Deep Dive |
| CVE-2026-42266 | jupyterlab: Extension Manager API/GUI Policy Discrepancy allowing 3rd party (malicious) extensions install via POST request. | jupyterlab | jupyterlab | High | 8.8 | 2026-05-13 15:08:50 | Deep Dive |
| CVE-2026-43489 | liveupdate: luo_file: remember retrieve() status | Linux | Linux | - | - | 2026-05-13 15:08:34 | Deep Dive |
| CVE-2026-43487 | ata: libata-core: Disable LPM on ST1000DM010-2EP102 | Linux | Linux | - | - | 2026-05-13 15:08:33 | Deep Dive |