| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-45727 | CloakBrowser: Unauthenticated path traversal via fingerprint parameter in cloakserve leads to arbitrary directory deletion | CloakHQ | CloakBrowser | - | - | 2026-06-01 17:23:50 | Deep Dive |
| CVE-2026-45302 | Prototype Pollution in parse-nested-form-data via `__proto__` in FormData field names | milamer | parse-nested-form-data | High | 8.2 | 2026-06-01 17:20:35 | Deep Dive |
| CVE-2026-45729 | ThorVG: Null pointer dereference in SVG loader causes crash via 6-byte malformed input | thorvg | thorvg | Medium | 4.3 | 2026-06-01 17:18:36 | Deep Dive |
| CVE-2024-52011 | launch-editor vulnerable to command injection via the crafted request on Windows | vitejs | launch-editor | - | - | 2026-06-01 17:17:44 | Deep Dive |
| CVE-2026-10277 | j3k0 mcp-google-workspace MCP Gmail Tool gmail.ts saveToDisk access control | j3k0 | mcp-google-workspace | Medium | 6.3 | 2026-06-01 17:15:10 | Deep Dive |
| CVE-2026-45810 | Nextcloud: Propfind requests for file comments allowed to load comments for other files | nextcloud | security-advisories | Medium | 6.8 | 2026-06-01 17:13:22 | Deep Dive |
| CVE-2026-45722 | Nextcloud: Tables app allows limited SQLi in ORDER BY with malicious sort order argument for Table Views | nextcloud | security-advisories | High | 7.1 | 2026-06-01 17:11:15 | Deep Dive |
| CVE-2026-45691 | Nextcloud: Bypass of second factor authentication on DAV endpoints | nextcloud | security-advisories | Medium | 5.9 | 2026-06-01 17:09:48 | Deep Dive |
| CVE-2026-49121 | AI Tensor Engine for ROCm (AITER) 0.1.14 Unauthenticated RCE via MessageQueue.recv() Pickle Deserialization | ROCm | aiter | High | 8.1 | 2026-06-01 17:09:19 | Deep Dive |
| CVE-2026-45690 | Nextcloud: Two-Factor Authentication Bypass via Pending Session Token Replay | nextcloud | security-advisories | Medium | 5.9 | 2026-06-01 17:08:05 | Deep Dive |
| CVE-2026-45545 | Nextcloud: SQL Injection in Column Type Parameter Allows Arbitrary SQL Execution | nextcloud | security-advisories | High | 8.2 | 2026-06-01 17:05:18 | Deep Dive |
| CVE-2026-45544 | Nextcloud: Information Disclosure of view filter metdata via Broken Sensitive Data Masking in ViewService | nextcloud | security-advisories | Medium | 4.3 | 2026-06-01 17:03:07 | Deep Dive |
| CVE-2026-45543 | Nextcloud: Deleting a Forms collaborator share leaves uploaded response files accessible through a lingering Files share | nextcloud | security-advisories | Medium | 5.3 | 2026-06-01 17:00:49 | Deep Dive |
| CVE-2026-10276 | hekmon8 Jenkins-server-mcp get_build_status/get_build_log/trigger_build index.ts jobPath server-side request forgery | hekmon8 | Jenkins-server-mcp | Medium | 6.3 | 2026-06-01 17:00:11 | Deep Dive |
| CVE-2026-45286 | Nextcloud: Calendar app leaked user identifiers via attendee suggestion endpoint | nextcloud | security-advisories | Medium | 4.3 | 2026-06-01 16:59:37 | Deep Dive |
| CVE-2026-45284 | Nextcloud: Wrong condition in the User OIDC app's LdapService allowed deleted LDAP users to authenticate | nextcloud | security-advisories | Medium | 4.6 | 2026-06-01 16:57:56 | Deep Dive |
| CVE-2026-45285 | Nextcloud: Hidden Public Link creation when sharing to a Team External Member | nextcloud | security-advisories | Medium | 6.4 | 2026-06-01 16:57:50 | Deep Dive |
| CVE-2026-45283 | Nextcloud: Files Lock app allows users to lock and unlock files of other users | nextcloud | security-advisories | Medium | 6.3 | 2026-06-01 16:53:51 | Deep Dive |
| CVE-2026-45282 | Nextcloud: Logged-in user bypasses share password and download restrictions on Text attachments via documentId leads to unauthorized file access | nextcloud | security-advisories | Medium | 6.5 | 2026-06-01 16:53:19 | Deep Dive |
| CVE-2026-45281 | Nextcloud: Cross-Account Calendar Takeover via Unauthorized Group-Member-Set Update | nextcloud | security-advisories | High | 8.1 | 2026-06-01 16:52:57 | Deep Dive |