| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-9644 | LiveSmart Video Chat <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | nhadjidimitrov | LiveSmart Video Chat Live Video Chat | Medium | 6.4 | 2026-05-28 05:30:41 | Deep Dive |
| CVE-2026-3173 | Meta Field Block <= 1.5.1 - Insecure Direct Object Reference to Authenticated (Contributor+) Arbitrary User Meta Exposure | mr2p | Meta Field Block – Display custom fields in the Block Editor without coding | Medium | 6.5 | 2026-05-28 05:30:40 | Deep Dive |
| CVE-2026-9009 | Crawlomatic Multipage Scraper Post Generator <= 2.7.2 - Authenticated (Author+) Remote Code Execution via 'callback_raw' Shortcode Attribute | CodeRevolution | Crawlomatic Multipage Scraper Post Generator | High | 8.8 | 2026-05-28 05:30:40 | Deep Dive |
| CVE-2026-9673 | json-2-csv 安全漏洞 | - | json-2-csv | Medium | 6.8 | 2026-05-28 05:00:02 | Deep Dive |
| CVE-2026-9803 | Keycloak: keycloak: denial of service via malformed authorization header | Red Hat | Red Hat Build of Keycloak | Medium | 5.3 | 2026-05-28 04:47:10 | Deep Dive |
| CVE-2026-9802 | Keycloak: keycloak: unauthorized account access via replayed refresh tokens after cluster restart | Red Hat | Red Hat Build of Keycloak | Medium | 6.8 | 2026-05-28 04:47:10 | Deep Dive |
| CVE-2026-9801 | Keycloak: keycloak: denial of service via malformed ldap password policy response | Red Hat | Red Hat Build of Keycloak | Medium | 4.9 | 2026-05-28 04:42:10 | Deep Dive |
| CVE-2026-9798 | Keycloak: keycloak: brute-force protection bypass in ciba flow | Red Hat | Red Hat Build of Keycloak | Medium | 4.3 | 2026-05-28 04:37:09 | Deep Dive |
| CVE-2026-9796 | Keycloak: keycloak: privilege escalation via time-of-check to time-of-use (toctou) vulnerability | Red Hat | Red Hat Build of Keycloak | Medium | 6.5 | 2026-05-28 04:27:09 | Deep Dive |
| CVE-2026-32997 | Veeam Backup And Replication 安全漏洞 | Veeam | Backup and Replication | - | - | 2026-05-28 04:01:38 | Deep Dive |
| CVE-2026-32996 | Veeam Agent for Microsoft Windows 安全漏洞 | Veeam | Backup and Replication | - | - | 2026-05-28 04:01:38 | Deep Dive |
| CVE-2026-32998 | Veeam Service Provider Console 安全漏洞 | Veeam | Service Provider Console | - | - | 2026-05-28 04:01:38 | Deep Dive |
| CVE-2026-32995 | Rocket.Chat 安全漏洞 | Rocket.Chat | Rocket.Chat | - | - | 2026-05-28 04:01:38 | Deep Dive |
| CVE-2026-32999 | WebPros Comet Backup 安全漏洞 | WebPros | Comet Backup | Critical | 9.0 | 2026-05-28 04:01:38 | Deep Dive |
| CVE-2026-9795 | Keycloak: keycloak: privilege escalation via improper scope mapping enforcement | Red Hat | Red Hat Build of Keycloak | High | 7.3 | 2026-05-28 03:49:11 | Deep Dive |
| CVE-2026-9794 | Keycloak: keycloak: information disclosure via saml ecp endpoint | Red Hat | Red Hat Build of Keycloak | Medium | 5.3 | 2026-05-28 03:44:20 | Deep Dive |
| CVE-2026-9792 | Keycloak: keycloak: security restriction bypass allows unauthorized ropc token acquisition | Red Hat | Red Hat Build of Keycloak | Medium | 6.5 | 2026-05-28 03:44:19 | Deep Dive |
| CVE-2026-9793 | Keycloak: keycloak: security policy bypass in jwe-encrypted request object processing | Red Hat | Red Hat Build of Keycloak | Medium | 5.9 | 2026-05-28 03:44:18 | Deep Dive |
| CVE-2026-7802 | Frontend Admin by DynamiApps <= 3.29.2 - Missing Authorization to Authenticated (Subscriber+) Account Takeover via 'user_id' URL Query Parameter | shabti | Frontend Admin by DynamiApps | High | 8.8 | 2026-05-28 03:27:28 | Deep Dive |
| CVE-2026-9228 | Timetable and Event Schedule by MotoPress <= 2.4.16 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Exposure via action_get_event_data Function | jetmonsters | Timetable and Event Schedule by MotoPress | Medium | 4.3 | 2026-05-28 03:27:28 | Deep Dive |