| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-29051 | melange has Path Traversal via .PKGINFO in --persist-lint-results | chainguard-dev | melange | Medium | 4.4 | 2026-04-24 00:00:36 | Deep Dive |
| CVE-2026-29050 | melange has Path Traversal When Resolving External Pipelines via Unvalidated pipeline[].uses | chainguard-dev | melange | Medium | 6.1 | 2026-04-23 23:58:40 | Deep Dive |
| CVE-2026-41211 | `vite-plus/binding` has path traversal `downloadPackageManager()` that leads to writes outside of `VP_HOME` | voidzero-dev | vite-plus | - | - | 2026-04-23 00:56:16 | Deep Dive |
| CVE-2026-40942 | DSF: Inverted Time Comparison in OIDC JWKS and Token Cache | datasharingframework | dsf | - | - | 2026-04-21 21:09:45 | Deep Dive |
| CVE-2026-40939 | DSF: Missing Session Timeout for OIDC Sessions | datasharingframework | dsf | - | - | 2026-04-21 21:07:11 | Deep Dive |
| CVE-2026-40090 | Zarf has a Path Traversal via Malicious Package Metadata.Name — Arbitrary File Write | zarf-dev | zarf | High | 7.1 | 2026-04-14 23:46:19 | Deep Dive |
| CVE-2026-39426 | MaxKB: Stored XSS via Unsanitized iframe_render Parsing | 1Panel-dev | MaxKB | 中危 | - | 2026-04-14 01:25:11 | Deep Dive |
| CVE-2026-39425 | MaxKB: Stored XSS via Unsanitized html_rander Tags in Markdown Rendering | 1Panel-dev | MaxKB | 中危 | - | 2026-04-14 01:18:43 | Deep Dive |
| CVE-2026-39419 | MaxKB: Sandbox Result Validation Bypass via Tool Output Spoofing | 1Panel-dev | MaxKB | Low | 3.1 | 2026-04-14 01:03:41 | Deep Dive |
| CVE-2026-39424 | MaxKB has CSV Injection in its Application Chat Export Functionality | 1Panel-dev | MaxKB | 中危 | - | 2026-04-14 00:56:57 | Deep Dive |
| CVE-2026-39423 | Stored XSS via Eval Injection in EchartsRander Component | 1Panel-dev | MaxKB | 中危 | - | 2026-04-14 00:28:48 | Deep Dive |
| CVE-2026-39422 | MaxKB has Stored XSS via ChatHeadersMiddleware | 1Panel-dev | MaxKB | 中危 | - | 2026-04-14 00:22:51 | Deep Dive |
| CVE-2026-39421 | MaxKB: Sandbox escape via ctypes and unhooked SYS_pkey_mprotect | 1Panel-dev | MaxKB | Medium | 6.3 | 2026-04-14 00:17:10 | Deep Dive |
| CVE-2026-39420 | MaxKB: Sandbox escape via LD_PRELOAD bypass | 1Panel-dev | MaxKB | Medium | 6.3 | 2026-04-14 00:13:01 | Deep Dive |
| CVE-2026-39418 | MaxKB: SSRF via sandbox network hook bypass | 1Panel-dev | MaxKB | Medium | 5.0 | 2026-04-14 00:08:50 | Deep Dive |
| CVE-2026-39417 | MaxKB: RCE via MCP stdio command injection in workflow engine | 1Panel-dev | MaxKB | Medium | 4.6 | 2026-04-14 00:03:16 | Deep Dive |
| CVE-2025-15632 | 1Panel-dev MaxKB MdPreview chat.ts cross site scripting | 1Panel-dev | MaxKB | Low | 3.5 | 2026-04-13 09:30:21 | Deep Dive |
| CVE-2026-6108 | 1Panel-dev MaxKB Model Context Protocol Node base_mcp_node.py execute os command injection | 1Panel-dev | MaxKB | Medium | 6.3 | 2026-04-12 01:00:20 | Deep Dive |
| CVE-2026-6107 | 1Panel-dev MaxKB ChatHeadersMiddleware chat_headers_middleware.py cross site scripting | 1Panel-dev | MaxKB | Low | 3.5 | 2026-04-12 00:45:19 | Deep Dive |
| CVE-2026-6106 | 1Panel-dev MaxKB Public Chat static_headers_middleware.py StaticHeadersMiddleware cross site scripting | 1Panel-dev | MaxKB | Low | 3.5 | 2026-04-11 22:15:14 | Deep Dive |