| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-47327 | NULL pointer dereference in Ubuntu Linux AppArmor notification handling | Canonical | Ubuntu Linux | Low | 3.3 | 2026-05-28 18:27:21 | Deep Dive |
| CVE-2026-47326 | Memory leak in Ubuntu Linux AppArmor large notification response allocation | Canonical | Ubuntu Linux | Medium | 5.5 | 2026-05-28 18:26:58 | Deep Dive |
| CVE-2026-45332 | Automad Broken Access Control: unauthenticated exposure of administrator bcrypt password hashes and TOTP secrets via public API endpoint | marcantondahmen | automad | High | 7.5 | 2026-05-28 18:22:12 | Deep Dive |
| CVE-2026-4944 | Hardcoded trust_remote_code=True in vllm-project/vllm Bypasses User Security Control | vllm-project | vllm-project/vllm | - | - | 2026-05-28 18:04:05 | Deep Dive |
| CVE-2026-43979 | Local Deep Research: HTML Injection via Unescaped User Input in PDF Export (`pdf_service.py:_markdown_to_html`) | LearningCircuit | local-deep-research | Medium | 5.0 | 2026-05-28 17:59:19 | Deep Dive |
| CVE-2026-46526 | Local Deep Research: SSRF bypass in `safe_get` | LearningCircuit | local-deep-research | Medium | 5.0 | 2026-05-28 17:58:23 | Deep Dive |
| CVE-2026-46509 | deepobj: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') | ranfdev | deepobj | High | 8.2 | 2026-05-28 17:52:52 | Deep Dive |
| CVE-2026-43898 | SandboxJS: Sandbox escape via Function.caller leakage of internal call op | nyariv | SandboxJS | Critical | 10.0 | 2026-05-28 17:50:32 | Deep Dive |
| CVE-2026-45307 | Speakr: Open redirect in is_safe_url via parser mismatch on next parameter | murtaza-nasir | speakr | Medium | 6.1 | 2026-05-28 17:47:22 | Deep Dive |
| CVE-2026-45021 | Kuma: Default kuma-cp leaks admin token cross-origin via CORS wildcard + LocalhostIsAdmin | kumahq | kuma | - | - | 2026-05-28 17:45:14 | Deep Dive |
| CVE-2026-45311 | CodeWhale: run_tests Tool Enables RCE via Malicious Repository Without Approval | Hmbown | CodeWhale | Critical | 9.6 | 2026-05-28 17:32:27 | Deep Dive |
| CVE-2026-45310 | CodeWhale: SSRF via HTTP Redirect Bypass in fetch_url Tool | Hmbown | CodeWhale | High | 7.4 | 2026-05-28 17:30:10 | Deep Dive |
| CVE-2026-45373 | CodeWhale: SSRF IPV6 bypass | Hmbown | CodeWhale | High | 7.4 | 2026-05-28 17:27:59 | Deep Dive |
| CVE-2026-45374 | CodeWhale: task_create Insecure Defaults Enable RCE via Prompt Injection in Project Files | Hmbown | CodeWhale | Critical | 9.6 | 2026-05-28 17:26:43 | Deep Dive |
| CVE-2026-45058 | electerm: Import unsafe bookmark data could lead to unsafe operation when click local type bookmark | electerm | electerm | - | - | 2026-05-28 17:20:42 | Deep Dive |
| CVE-2026-45353 | electerm: Local code through electerm's single-instance socket | electerm | electerm | - | - | 2026-05-28 17:19:17 | Deep Dive |
| CVE-2026-45787 | electerm's encrypt method not safe enough | electerm | electerm | - | - | 2026-05-28 17:17:56 | Deep Dive |
| CVE-2026-45306 | pyLoad: Incomplete Fix for CVE-2026-33509 -storage_folder Bypass via Session Directory | pyload | pyload | Medium | 6.5 | 2026-05-28 17:13:00 | Deep Dive |
| CVE-2026-45348 | pyLoad: Stored XSS in Downloads view via unsanitized link URL in packages.js template literal | pyload | pyload | High | 8.7 | 2026-05-28 17:12:20 | Deep Dive |
| CVE-2026-46561 | pyLoad: SSRF via HTTP Redirect Bypass in parse_urls API | pyload | pyload | Medium | 5.0 | 2026-05-28 17:11:29 | Deep Dive |