| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-23545 | WordPress Aruba HiSpeed Cache plugin <= 3.0.4 - Broken Access Control vulnerability | Aruba.it Dev | Aruba HiSpeed Cache | - | - | 2026-02-19 08:26:49 | Deep Dive |
| CVE-2026-25808 | Hollo DMs get leaked and can be seen on Webfinger Browser | fedify-dev | hollo | High | 7.5 | 2026-02-09 21:50:11 | Deep Dive |
| CVE-2026-25575 | NavigaTUM has a Path Traversal Vulnerability in the propose_edits functionality | TUM-Dev | NavigaTUM | - | - | 2026-02-04 21:54:38 | Deep Dive |
| CVE-2026-25145 | melange has a path traversal in license-path which allows reading files outside workspace | chainguard-dev | melange | Medium | 5.5 | 2026-02-04 19:32:36 | Deep Dive |
| CVE-2026-25143 | melange affected by potential host command execution via license-check YAML mode patch pipeline | chainguard-dev | melange | High | 7.8 | 2026-02-04 19:32:17 | Deep Dive |
| CVE-2026-24844 | melange pipeline working-directory could allow command injection | chainguard-dev | melange | High | 7.9 | 2026-02-04 19:31:56 | Deep Dive |
| CVE-2026-24843 | melange QEMU runner could write files outside workspace directory | chainguard-dev | melange | High | 8.2 | 2026-02-04 19:31:36 | Deep Dive |
| CVE-2026-25140 | apko affected by potential unbounded resource consumption in expandapk.ExpandApk on attacker-controlled .apk streams | chainguard-dev | apko | High | 7.5 | 2026-02-04 19:02:21 | Deep Dive |
| CVE-2026-25121 | apko is vulnerable to path traversal in apko dirFS which allows filesystem writes outside base | chainguard-dev | apko | High | 7.5 | 2026-02-04 19:02:18 | Deep Dive |
| CVE-2026-25122 | apko is vulnerable to unbounded resource consumption in expandapk.Split on attacker-controlled .apk streams | chainguard-dev | apko | Medium | 5.5 | 2026-02-04 19:02:16 | Deep Dive |
| CVE-2026-24998 | WordPress Hustle plugin <= 7.8.9.2 - Sensitive Data Exposure vulnerability | WPMU DEV - Your All-in-One WordPress Platform | Hustle | - | - | 2026-02-03 14:08:38 | Deep Dive |
| CVE-2026-1761 | Libsoup: stack-based buffer overflow in libsoup multipart response parsingmultipart http response | Red Hat | Red Hat Enterprise Linux 10 | High | 8.6 | 2026-02-02 14:01:04 | Deep Dive |
| CVE-2026-24846 | malcontent's archive extraction could write outside extraction directory | chainguard-dev | malcontent | Medium | 5.5 | 2026-01-29 21:12:19 | Deep Dive |
| CVE-2026-24845 | malcontent's OCI image scanning could expose registry credentials | chainguard-dev | malcontent | Medium | 6.5 | 2026-01-29 21:02:24 | Deep Dive |
| CVE-2025-14969 | Hibernate-reactive-core: hibernate reactive: denial of service due to connection leak on http client disconnect | Red Hat | Red Hat build of Quarkus 3.27.2 | Medium | 4.3 | 2026-01-26 19:36:40 | Deep Dive |
| CVE-2025-11065 | Github.com/go-viper/mapstructure/v2: go-viper's mapstructure may leak sensitive information in logs in github.com/go-viper/mapstructure | - | - | Medium | 5.3 | 2026-01-26 19:36:29 | Deep Dive |
| CVE-2026-0603 | Org.hibernate/hibernate-core: hibernate: information disclosure and data deletion via second-order sql injection | - | - | High | 8.3 | 2026-01-23 06:31:39 | Deep Dive |
| CVE-2026-23644 | esm.sh has path traversal in `extractPackageTarball` that enables file writes from malicious packages | esm-dev | esm.sh | 中危 | - | 2026-01-18 22:49:30 | Deep Dive |
| CVE-2026-23525 | 1panel App Store vulnerable to Cross-site Scripting | 1Panel-dev | 1Panel | Medium | 6.4 | 2026-01-18 22:11:00 | Deep Dive |
| CVE-2025-12548 | Github.com/che-incubator/che-code: eclipse che — unauthenticated rce and secret exfiltration via tcp/3333 | Red Hat | Red Hat OpenShift Dev Spaces (RHOSDS) 3.22 | Critical | 9.0 | 2026-01-13 15:35:01 | Deep Dive |