| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-42509 | Apache Wicket: crafted strings can break out of the JavaScript sequence | Apache Software Foundation | Apache Wicket | - | - | 2026-05-06 08:34:01 | Deep Dive |
| CVE-2026-43646 | Apache Wicket: crafted URLs can bypass PackageResourceGuard | Apache Software Foundation | Apache Wicket | - | - | 2026-05-06 08:31:51 | Deep Dive |
| CVE-2026-43975 | Apache Wicket: Possible malicious path traversal in FolderUploadsFileManager | Apache Software Foundation | Apache Wicket | - | - | 2026-05-06 08:28:28 | Deep Dive |
| CVE-2026-28780 | Apache HTTP Server: buffer overflow in mod_proxy_ajp via ajp_msg_check_header() | Apache Software Foundation | Apache HTTP Server | 中危 | - | 2026-05-05 21:29:42 | Deep Dive |
| CVE-2026-7412 | Eclipse BaSyx Java Server SDK 代码问题漏洞 | Eclipse Foundation | Eclipse BaSyx | High | 8.6 | 2026-05-05 14:15:06 | Deep Dive |
| CVE-2026-7411 | Eclipse BaSyx Java Server SDK 路径遍历漏洞 | Eclipse Foundation | Eclipse BaSyx | Critical | 10.0 | 2026-05-05 14:07:53 | Deep Dive |
| CVE-2026-29168 | Apache HTTP Server: mod_md unrestricted OCSP response | Apache Software Foundation | Apache HTTP Server | 高危 | - | 2026-05-05 13:10:06 | Deep Dive |
| CVE-2026-6918 | Eclipse OpenJ9 缓冲区错误漏洞 | Eclipse Foundation | Eclipse OpenJ9 | 高危 | - | 2026-05-05 12:29:10 | Deep Dive |
| CVE-2026-43868 | Apache Thrift: Rust implementation vulnerable to CVE-2020-13949 pattern | Apache Software Foundation | Apache Thrift | 高危 | - | 2026-05-05 07:49:48 | Deep Dive |
| CVE-2026-43870 | Apache Thrift: Node.js web_server.js multi-vulnerability | Apache Software Foundation | Apache Thrift | 高危 | - | 2026-05-05 07:45:36 | Deep Dive |
| CVE-2026-43869 | Apache Thrift: TSSLTransportFactory.java hostname verification | Apache Software Foundation | Apache Thrift | 高危 | - | 2026-05-05 07:25:49 | Deep Dive |
| CVE-2026-40682 | Apache OpenNLP: XXE via Dictionary Parsing in DictionaryEntryPersistor | Apache Software Foundation | Apache OpenNLP | 中危 | - | 2026-05-04 16:55:56 | Deep Dive |
| CVE-2026-42810 | Apache Polaris: could broaden vended S3 credentials through wildcard-bearing namespace or table names | Apache Software Foundation | Apache Polaris | Critical | 9.9 | 2026-05-04 16:48:50 | Deep Dive |
| CVE-2026-42027 | Apache OpenNLP: Arbitrary Class Instantiation via Model Manifest in ExtensionLoader | Apache Software Foundation | Apache OpenNLP | 中危 | - | 2026-05-04 16:43:13 | Deep Dive |
| CVE-2026-42440 | Apache OpenNLP: OOM DoS via Unbounded Array Allocation in AbstractModelReader | Apache Software Foundation | Apache OpenNLP | 中危 | - | 2026-05-04 16:40:33 | Deep Dive |
| CVE-2026-42811 | Apache Polaris: could broaden vended GCS credentials through unescaped identifier content in access-boundary CEL conditions | Apache Software Foundation | Apache Polaris | Critical | 9.9 | 2026-05-04 16:37:02 | Deep Dive |
| CVE-2026-42809 | Apache Polaris: staged table creation could vend storage credentials for unvalidated locations | Apache Software Foundation | Apache Polaris | Critical | 9.9 | 2026-05-04 16:22:49 | Deep Dive |
| CVE-2026-42812 | Apache Polaris: No protection on `write.metadata.path` | Apache Software Foundation | Apache Polaris | Critical | 9.9 | 2026-05-04 16:19:56 | Deep Dive |
| CVE-2026-40563 | Apache Atlas: Script injection allows access to unintended data | Apache Software Foundation | Apache Atlas | 高危 | - | 2026-05-04 15:17:33 | Deep Dive |
| CVE-2026-29169 | Apache HTTP Server: mod_dav_lock indirect lock crash | Apache Software Foundation | Apache HTTP Server | 高危 | - | 2026-05-04 14:48:30 | Deep Dive |