| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-9091 | CVE-2026-9091 | Casdoor | Casdoor | - | - | 2026-05-28 16:19:39 | Deep Dive |
| CVE-2026-9090 | CVE-2026-9090 | Casdoor | Casdoor | - | - | 2026-05-28 16:17:22 | Deep Dive |
| CVE-2026-44466 | Zed: Allowlist Bypass via Bash Arithmetic Expansion in Terminal Tool Permissions | zed-industries | zed | High | 8.6 | 2026-05-28 16:16:05 | Deep Dive |
| CVE-2026-44463 | Zed: Allowlist Bypass via Environment Variable Injection in Terminal Tool Permissions | zed-industries | zed | High | 8.6 | 2026-05-28 16:15:14 | Deep Dive |
| CVE-2026-44462 | Zed: Allowlist Bypass via Bash Variable Expansion Chain in Terminal Tool Permissions | zed-industries | zed | Medium | 6.4 | 2026-05-28 16:13:49 | Deep Dive |
| CVE-2026-44465 | Zed: Zed IDE Arbitrary Code Execution via untrusted repository with poisoned .git/config | zed-industries | zed | High | 8.6 | 2026-05-28 16:10:58 | Deep Dive |
| CVE-2026-44461 | Zed: Remote Command Injection via Unquoted Environment Variable Keys (SSH / WSL Remote) | zed-industries | zed | High | 8.6 | 2026-05-28 16:08:07 | Deep Dive |
| CVE-2026-45078 | Synapse CPU starvation (Denial of Service) | element-hq | synapse | - | - | 2026-05-28 15:52:05 | Deep Dive |
| CVE-2026-45076 | Synapse pagination denial of service | element-hq | synapse | - | - | 2026-05-28 15:50:26 | Deep Dive |
| CVE-2026-41185 | ServiceAccount token disclosure via Azure IPAM CNI plugin logs | Tigera | Calico | - | - | 2026-05-28 15:47:43 | Deep Dive |
| CVE-2026-6720 | Calicoctl leaks cluster credentials to stderr when verbose logging is enabled | Tigera | Calico | - | - | 2026-05-28 15:47:43 | Deep Dive |
| CVE-2026-41184 | ServiceAccount token disclosure via install-cni container logs | Tigera | Calico | - | - | 2026-05-28 15:47:42 | Deep Dive |
| CVE-2026-44477 | CloudNativePG: Metrics exporter allows privilege escalation to PostgreSQL superuser and OS RCE | cloudnative-pg | cloudnative-pg | - | - | 2026-05-28 15:46:12 | Deep Dive |
| CVE-2026-8697 | Improper Authentication Rate Limiting on TP-Link's Archer C64 | TP-Link Systems Inc. | Archer C64 v1.0 | - | - | 2026-05-28 15:45:21 | Deep Dive |
| CVE-2026-24444 | SDMC NE6037 Hardcoded Password via mgmt.php/npcmd.php | SDMC Technology Co., Ltd | NE6037 | Critical | 9.8 | 2026-05-28 15:32:14 | Deep Dive |
| CVE-2026-47673 | Hono: JWT middleware accepts any Authorization scheme, not only Bearer | honojs | hono | Medium | 4.8 | 2026-05-28 15:29:44 | Deep Dive |
| CVE-2026-47674 | Hono: IP Restriction bypasses static deny rules for non-canonical IPv6 | honojs | hono | Medium | 5.3 | 2026-05-28 15:29:09 | Deep Dive |
| CVE-2026-47675 | Hono: Cookie helper does not sanitize sameSite and priority, allowing Set-Cookie injection | honojs | hono | Medium | 4.3 | 2026-05-28 15:28:23 | Deep Dive |
| CVE-2026-47676 | Hono: app.mount() strips mount prefix using undecoded path, causing incorrect routing for percent-encoded paths | honojs | hono | Medium | 5.3 | 2026-05-28 15:26:02 | Deep Dive |
| CVE-2026-47762 | TinyMCE Cross-Site Scripting (XSS) vulnerability through `mce:protected` comments | tinymce | tinymce | High | 8.7 | 2026-05-28 15:21:37 | Deep Dive |