| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-7368 | Yarbo Android/iOS Mobile Application and Cloud Infrastructure Missing Authorization | Yarbo | Yarbo Android/IOS mobile application | High | 8.1 | 2026-06-12 14:01:11 | Deep Dive |
| CVE-2026-44893🧪 | Netty: HAProxy SSL TLV parsing leaks retained slice on invalid TLV length | netty | netty | High | 7.5 | 2026-06-12 14:00:26 | Deep Dive |
| CVE-2026-54133🧪 | jmespath.php has CompilerRuntime code injection via unescaped function names | jmespath | jmespath.php | Critical | 9.8 | 2026-06-12 13:56:38 | Deep Dive |
| CVE-2026-53787 | Amasty Order Attributes for Magento 2 < 4.0.0 Unauthenticated Arbitrary File Upload | Amasty | Order Attributes for Magento 2 | Critical | 9.8 | 2026-06-12 13:52:17 | Deep Dive |
| CVE-2026-6853 | OTP Bypass in Başbelen Group's Pause+ Mobile App | Başbelen Group Food Cafe Businesses Industry and Trade Ltd. Co. | Pause+ Mobile App | Critical | 9.8 | 2026-06-12 13:50:33 | Deep Dive |
| CVE-2026-53722 | Nuxt: Reflected XSS in `<NuxtLink>` via unsanitised `javascript:` or `data:` URL | nuxt | nuxt | - | - | 2026-06-12 13:44:15 | Deep Dive |
| CVE-2026-53721 | Nuxt: Route-rule middleware bypass via case-sensitivity mismatch between vue-router and the routeRules matcher | nuxt | nuxt | - | - | 2026-06-12 13:41:34 | Deep Dive |
| CVE-2026-11967 | Arbitrary code execution in MobaXterm Personal Edition (Portable) | Mobatek | MobaXterm Personal Edition (Portable) | - | - | 2026-06-12 13:30:11 | Deep Dive |
| CVE-2026-11879 | Arbitrary code execution in MobaXterm Personal Edition (Portable) | Mobatek | MobaXterm Personal Edition (Portable) | - | - | 2026-06-12 13:29:42 | Deep Dive |
| CVE-2026-1836 | Stored credentials in Redmine | Redmine | Redmine | - | - | 2026-06-12 13:23:32 | Deep Dive |
| CVE-2017-20240 | Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks | ARODLAND | Crypt::PBKDF2 | - | - | 2026-06-12 13:19:16 | Deep Dive |
| CVE-2026-12066🧪 | PbootCMS Password MemberController.php retrieve password recovery | - | PbootCMS | High | 7.3 | 2026-06-12 13:00:08 | Deep Dive |
| CVE-2026-47200 | Nuxt: Route middleware not enforced when rendering `.server.vue` pages via `/__nuxt_island/page_*` | nuxt | nuxt | - | - | 2026-06-12 12:58:01 | Deep Dive |
| CVE-2026-49993 | @nuxt/webpack-builder and @nuxt/rspack-builder dev server same-origin check bypassed when Sec-Fetch-Site, Origin, and Referer are all absent (incomplete fix for GHSA-6m52-m754-pw2g) | nuxt | nuxt | - | - | 2026-06-12 12:57:43 | Deep Dive |
| CVE-2026-45669 | Nuxt: Reflected XSS in `navigateTo()` external redirect | nuxt | nuxt | - | - | 2026-06-12 12:51:43 | Deep Dive |
| CVE-2026-45670 | Nuxt: Dev server exposes built source over LAN to malicious sites (incomplete fix for GHSA-4gf7-ff8x-hq99) | nuxt | nuxt | - | - | 2026-06-12 12:51:16 | Deep Dive |
| CVE-2026-46342 | Nuxt: `__nuxt_island` endpoint does not bind responses to request props, enabling shared-cache poisoning | nuxt | nuxt | - | - | 2026-06-12 12:50:42 | Deep Dive |
| CVE-2026-12065 | Groww Stock, Mutual Fund, Gold App WebView URL improper authorization in handler for custom url scheme | Groww | Stock, Mutual Fund, Gold App | Low | 1.8 | 2026-06-12 12:30:09 | Deep Dive |
| CVE-2026-49347 | Quest Bot: Ticket creation has no per-user open-ticket limit or cooldown | duck-organization | questbot | - | - | 2026-06-12 11:54:08 | Deep Dive |
| CVE-2026-48485 | Quest Bot: Stored warn reasons can still trigger bot-powered mass mentions through `/warns`. | duck-organization | questbot | - | - | 2026-06-12 11:53:15 | Deep Dive |