| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-39958 | oma-topic: name Field in Topic Manifests (topic.json) May Allow CRLF Injection | AOSC-Dev | oma | - | - | 2026-04-09 16:28:19 | Deep Dive |
| CVE-2026-39429 | kcp's cache server is accessible without authentication or authorization checks | kcp-dev | kcp | High | 8.2 | 2026-04-08 20:16:04 | Deep Dive |
| CVE-2026-39466 | WordPress Broken Link Checker plugin <= 2.4.7 - SQL Injection vulnerability | WPMU DEV - Your All-in-One WordPress Platform | Broken Link Checker | - | - | 2026-04-08 08:30:07 | Deep Dive |
| CVE-2026-5603 | elgentos magento2-dev-mcp index.ts executeMagerun2Command os command injection | elgentos | magento2-dev-mcp | Medium | 5.3 | 2026-04-05 22:30:17 | Deep Dive |
| CVE-2026-34824 | Mesop: Unbounded Thread Creation in WebSocket Handler Leads to Denial of Service | mesop-dev | mesop | High | 7.5 | 2026-04-03 22:41:35 | Deep Dive |
| CVE-2026-33486 | Roadiz has Server-Side Request Forgery (SSRF) in roadiz/documents | roadiz | core-bundle-dev-app | Medium | 6.8 | 2026-03-26 17:15:31 | Deep Dive |
| CVE-2019-25586 | Deluge 1.3.15 Denial of Service via URL Field | Dev | Deluge | Medium | 6.2 | 2026-03-22 00:11:08 | Deep Dive |
| CVE-2019-25585 | Deluge 1.3.15 Denial of Service via Webseeds Field | Dev | Deluge | Medium | 6.2 | 2026-03-22 00:11:07 | Deep Dive |
| CVE-2026-33057 | Mesop Affected by Unauthenticated Remote Code Execution via Test Suite Route /exec-py | mesop-dev | mesop | Critical | 9.8 | 2026-03-20 07:17:00 | Deep Dive |
| CVE-2026-33054 | Mesop: Path Traversal utilizing `FileStateSessionBackend` leads to Application Denial of Service and File Write/Deletion | mesop-dev | mesop | Critical | 10.0 | 2026-03-20 06:57:36 | Deep Dive |
| CVE-2026-32409 | WordPress Forminator plugin <= 1.50.2 - Broken Access Control vulnerability | WPMU DEV - Your All-in-One WordPress Platform | Forminator | 中危 | - | 2026-03-13 11:42:14 | Deep Dive |
| CVE-2026-28433 | Misskey lacks resource ownership validation | misskey-dev | misskey | - | - | 2026-03-09 21:21:06 | Deep Dive |
| CVE-2026-28432 | HTTP signature verification can be bypassed | misskey-dev | misskey | - | - | 2026-03-09 21:19:43 | Deep Dive |
| CVE-2026-28431 | Misskey lacks proper authorization checks and input validation | misskey-dev | misskey | - | - | 2026-03-09 21:17:33 | Deep Dive |
| CVE-2026-29064 | Zarf: Symlink targets in archives are not validated against destination directory | zarf-dev | zarf | High | 8.2 | 2026-03-06 16:13:18 | Deep Dive |
| CVE-2026-29049 | melange: unbounded HTTP download in `melange update-cache` can exhaust disk in CI | chainguard-dev | melange | Medium | 4.3 | 2026-03-06 07:03:10 | Deep Dive |
| CVE-2026-28407 | malcontent's nested archive extraction failure can drop content from scan inputs | chainguard-dev | malcontent | 中危 | - | 2026-02-27 21:28:06 | Deep Dive |
| CVE-2026-28211 | Arbitrary code execution in log reader via untrusted log file | CyrilleB79 | NVDA-Dev-Test-Toolbox | High | 7.8 | 2026-02-26 22:29:36 | Deep Dive |
| CVE-2026-27730 | esm.sh has SSRF localhost/private-network bypass in `/http(s)` module route | esm-dev | esm.sh | - | - | 2026-02-25 15:37:02 | Deep Dive |
| CVE-2025-50180 | esm.sh is vulnerable to full-response SSRF | esm-dev | esm.sh | - | - | 2026-02-25 15:32:56 | Deep Dive |