| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-44850 | Portainer: Bind-mount restriction bypass via HostConfig.Mounts | portainer | portainer | High | 8.5 | 2026-05-28 21:03:17 | Deep Dive |
| CVE-2026-10044 | ai-goofish-monitor Unauthenticated Arbitrary File Read via GET /api/prompts/ | Usagi-org | ai-goofish-monitor | High | 7.5 | 2026-05-28 21:02:21 | Deep Dive |
| CVE-2026-44882 | Portainer: Kubernetes middleware continues after token validation failure, bypassing endpoint authorization | portainer | portainer | High | 8.1 | 2026-05-28 21:01:31 | Deep Dive |
| CVE-2026-44883 | Portainer: JWT accepted in URL query leaks tokens to logs and referers | portainer | portainer | - | - | 2026-05-28 20:59:52 | Deep Dive |
| CVE-2026-44884 | Portainer: Missing authorization on custom template file endpoint exposes template content | portainer | portainer | - | - | 2026-05-28 20:58:37 | Deep Dive |
| CVE-2026-44885 | Portainer: Path traversal in backup archive extraction allows arbitrary file write | portainer | portainer | Medium | 5.5 | 2026-05-28 20:56:42 | Deep Dive |
| CVE-2026-45342 | LinkAce: IDOR in Update Policies Allows Any Authenticated User to Overwrite Other Users' Links, Lists, Tags, and Notes | Kovah | LinkAce | - | - | 2026-05-28 20:47:21 | Deep Dive |
| CVE-2026-45343 | LinkAce - Stored XSS via Unsanitized SSO User's Name Rendered in Admin Audit Log Allows Session Hijacking | Kovah | LinkAce | - | - | 2026-05-28 20:45:52 | Deep Dive |
| CVE-2026-45344 | LinkAce: Setup database password newline injection enables pre-auth RCE on uninitialized instances | Kovah | LinkAce | High | 8.1 | 2026-05-28 20:41:45 | Deep Dive |
| CVE-2026-45366 | typescript-utcp: SSRF via attacker-controlled OpenAPI servers[0].url in HTTP communication protocol | universal-tool-calling-protocol | typescript-utcp | Medium | 4.7 | 2026-05-28 20:38:17 | Deep Dive |
| CVE-2026-9646 | ScadaBR Unauthenticated Reflected Cross-Site Scripting | ScadaBR | ScadaBR | Medium | 6.1 | 2026-05-28 20:32:28 | Deep Dive |
| CVE-2026-9645 | ScadaBR Authenticated Remote Code Execution | ScadaBR | ScadaBR | Critical | 9.9 | 2026-05-28 20:30:14 | Deep Dive |
| CVE-2026-42071 | MantisBT: Private Bugnote Attachment Content Leak via REST API | mantisbt | mantisbt | - | - | 2026-05-28 20:29:20 | Deep Dive |
| CVE-2026-42070 | MantisBT: Authorization Bypass in Bugnote Editing via Issue Update API | mantisbt | mantisbt | - | - | 2026-05-28 20:28:20 | Deep Dive |
| CVE-2026-44655 | MantisBT: Stored XSS on Move Attachments Admin Page | mantisbt | mantisbt | - | - | 2026-05-28 20:27:03 | Deep Dive |
| CVE-2026-41897 | MantisBT: Reflected XSS in Rendering Dynamic Custom Textarea Field | mantisbt | mantisbt | - | - | 2026-05-28 20:26:24 | Deep Dive |
| CVE-2026-44657 | MantisBT: Stored XSS in File Download | mantisbt | mantisbt | - | - | 2026-05-28 20:25:27 | Deep Dive |
| CVE-2026-45288 | Marten has an SQL injection vulnerability in its full-text search regConfig parameter | JasperFx | marten | Critical | 9.8 | 2026-05-28 20:20:11 | Deep Dive |
| CVE-2026-46843 | Oracle REST Data Services 安全漏洞 | Oracle Corporation | Oracle REST Data Services | Medium | 5.3 | 2026-05-28 20:17:18 | Deep Dive |
| CVE-2026-46842 | Oracle REST Data Services 安全漏洞 | Oracle Corporation | Oracle REST Data Services | Medium | 5.3 | 2026-05-28 20:17:18 | Deep Dive |