| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-45701 | Sulu: Weak Cryptographical usage for API Key generation and Reset Tokens | sulu | sulu | - | - | 2026-06-01 16:09:21 | Deep Dive |
| CVE-2026-44740 | go-billy: Lack of depth and cycle detection in symlink resolution may lead to infinite loops and resource exhaustion | go-git | go-billy | Medium | 6.5 | 2026-06-01 16:04:50 | Deep Dive |
| CVE-2026-44211 | Cline Kanban Server has a Cross-Origin WebSocket Hijacking Vulnerability | cline | cline | Critical | 9.6 | 2026-06-01 16:01:56 | Deep Dive |
| CVE-2026-10272 | a4m4 Student-Management-System deleteform.php improper authorization | a4m4 | Student-Management-System | Medium | 6.5 | 2026-06-01 16:00:09 | Deep Dive |
| CVE-2022-4991 | Tychon is vulnerable to privilege escalation due to OPENSSLDIR location | Tychon | Tychon | - | - | 2026-06-01 15:49:12 | Deep Dive |
| CVE-2026-10271 | a4m4 Student-Management-System Admin Endpoint admin redirect | a4m4 | Student-Management-System | Medium | 6.3 | 2026-06-01 15:45:07 | Deep Dive |
| CVE-2026-10118 | Poppler: integer overflow in poppler splashoutputdev::tilingpatternfill leads to heap buffer overflow via unchecked dimension multiplication | Red Hat | Red Hat Enterprise Linux 10 | High | 7.8 | 2026-06-01 15:33:40 | Deep Dive |
| CVE-2026-10270 | D-Link DI-7001 MINI API httpd_debug.asp sprintf stack-based overflow | D-Link | DI-7001 MINI | High | 8.8 | 2026-06-01 15:30:11 | Deep Dive |
| CVE-2026-42671 | WordPress GeoDirectory plugin <= 2.8.157 - Broken Access Control vulnerability | Paolo | GeoDirectory | Medium | 6.5 | 2026-06-01 15:28:46 | Deep Dive |
| CVE-2026-42672 | WordPress WP Directory Kit plugin <= 1.5.1 - SQL Injection vulnerability | Wp Directory Kit | WP Directory Kit | Critical | 9.3 | 2026-06-01 15:27:47 | Deep Dive |
| CVE-2026-42673 | WordPress Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity plugin <= 3.3.6 - Sensitive Data Exposure vulnerability | Logtivity Activity Logs | Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity | High | 7.5 | 2026-06-01 15:24:05 | Deep Dive |
| CVE-2026-42674 | WordPress Advanced Access Manager plugin <= 7.1.0 - Bypass Vulnerability vulnerability | AAM Plugin | Advanced Access Manager | High | 7.5 | 2026-06-01 15:22:10 | Deep Dive |
| CVE-2026-42675 | WordPress Hydra Booking plugin <= 1.1.41 - Broken Access Control vulnerability | Themefic | Hydra Booking | High | 7.3 | 2026-06-01 15:18:42 | Deep Dive |
| CVE-2026-42676 | WordPress myCred plugin <= 3.0.4 - Cross Site Scripting (XSS) vulnerability | myCred | myCred | Medium | 6.5 | 2026-06-01 15:17:54 | Deep Dive |
| CVE-2026-42677 | WordPress WP Document Revisions plugin <= 3.8.1 - Broken Access Control vulnerability | Ben Balter | WP Document Revisions | High | 7.5 | 2026-06-01 15:16:18 | Deep Dive |
| CVE-2026-10269 | decolua 9router HTTP Header dashboardGuard.js isAuthenticated improper authorization | decolua | 9router | Medium | 6.3 | 2026-06-01 15:15:10 | Deep Dive |
| CVE-2026-42678 | WordPress GiveWP plugin <= 4.14.5 - Cross Site Scripting (XSS) vulnerability | Liquid Web / StellarWP | GiveWP | High | 7.1 | 2026-06-01 15:14:24 | Deep Dive |
| CVE-2026-42679 | WordPress Classified Listing plugin <= 5.3.8 - Arbitrary File Download vulnerability | Mamunur Rashid | Classified Listing | Medium | 6.5 | 2026-06-01 15:13:24 | Deep Dive |
| CVE-2026-8643 | pip can extract console_scripts and gui_scripts outside installation directory | Python Packaging Authority | pip | 高危 | - | 2026-06-01 15:01:32 | Deep Dive |
| CVE-2026-10268 | janet-lang janet marsh.c unmarshal_one_fiber integer overflow | janet-lang | janet | Low | 3.3 | 2026-06-01 15:00:13 | Deep Dive |