| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-44794 | Nautobot: REST API permits creation of GenericForeignKey references to objects that the user should not be able to reference | nautobot | nautobot | Medium | 5.4 | 2026-05-28 17:01:21 | Deep Dive |
| CVE-2026-44796 | Nautobot: Object bulk rename UI actions vulnerable to denial of service by crafted regular expression (REDoS) | nautobot | nautobot | Medium | 6.5 | 2026-05-28 17:00:07 | Deep Dive |
| CVE-2026-44797 | Nautobot: Webhook definitions could be used for server-side request forgery (SSRF) | nautobot | nautobot | High | 8.5 | 2026-05-28 16:59:06 | Deep Dive |
| CVE-2026-44798 | Nautobot: GitRepository.current_head field should not be writable through REST API | nautobot | nautobot | High | 7.1 | 2026-05-28 16:57:46 | Deep Dive |
| CVE-2026-45323 | MeshCore Card: XSS vulnerability through meshcore node name | jpettitt | meshcore-card | Critical | 9.6 | 2026-05-28 16:54:33 | Deep Dive |
| CVE-2026-45296 | OpenReplay: Cross-tenant information disclosure in app_apikey projectKey routes via missing tenant binding | openreplay | openreplay | High | 7.7 | 2026-05-28 16:51:47 | Deep Dive |
| CVE-2026-45297 | Cross-tenant IDOR on feature-flag and assist-stats routes via {project_id} case mismatch | openreplay | openreplay | - | - | 2026-05-28 16:50:39 | Deep Dive |
| CVE-2026-34126 | Bluetooth Communication Uses Unencrypted Transmission During Initial Setup on TP-Link's Tapo L535E, P300 and D100C | TP-Link Systems Inc. | Tapo L535E v1.0, v3.0 | - | - | 2026-05-28 16:47:16 | Deep Dive |
| CVE-2026-44543 | Local Path Provisioner: HelperPod Template Injection | rancher | local-path-provisioner | High | 8.7 | 2026-05-28 16:41:36 | Deep Dive |
| CVE-2026-45292 | opentelemetry-java: Unbounded Memory Allocation in W3C Baggage Propagation | open-telemetry | opentelemetry-java | Medium | 5.3 | 2026-05-28 16:37:29 | Deep Dive |
| CVE-2026-9098 | CVE-2026-9098 | Casdoor | Casdoor | - | - | 2026-05-28 16:31:43 | Deep Dive |
| CVE-2026-9097 | CVE-2026-9097 | Casdoor | Casdoor | - | - | 2026-05-28 16:29:07 | Deep Dive |
| CVE-2026-9096 | CVE-2026-9096 | Casdoor | Casdoor | - | - | 2026-05-28 16:27:15 | Deep Dive |
| CVE-2026-9095 | CVE-2026-9095 | Casdoor | Casdoor | - | - | 2026-05-28 16:25:17 | Deep Dive |
| CVE-2026-9094 | CVE-2026-9094 | Casdoor | Casdoor | - | - | 2026-05-28 16:25:09 | Deep Dive |
| CVE-2026-41141 | EspoCRM: IDOR in EmailTemplate Prepare Endpoint Leaks Entity Data via Email Address Lookup | espocrm | espocrm | Medium | 6.5 | 2026-05-28 16:25:03 | Deep Dive |
| CVE-2026-41160 | EspoCRM: Broken Access Control / IDOR in Note Pinning API allows unauthorized modification of notes | espocrm | espocrm | Medium | 4.3 | 2026-05-28 16:24:20 | Deep Dive |
| CVE-2026-9093 | CVE-2026-9093 | Casdoor | Casdoor | - | - | 2026-05-28 16:21:50 | Deep Dive |
| CVE-2026-45261 | GitButler: Link injection via forge integration enables arbitrary script execution | gitbutlerapp | gitbutler | - | - | 2026-05-28 16:20:52 | Deep Dive |
| CVE-2026-9092 | CVE-2026-9092 | Casdoor | Casdoor | - | - | 2026-05-28 16:20:46 | Deep Dive |