| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-47269 | pam_usb: deny_remote feature incorrectly classifies IPv4-mapped IPv6 remote connections as local | mcdope | pam_usb | High | 7.4 | 2026-05-27 20:11:45 | Deep Dive |
| CVE-2026-47270 | pam_usb: strtok() race condition in multi-threaded PAM hosts can corrupt deny_remote result | mcdope | pam_usb | Medium | 6.3 | 2026-05-27 20:10:37 | Deep Dive |
| CVE-2026-47271 | pam_usb: OOM guards removed by -DNDEBUG cause NULL dereference and authentication process crash | mcdope | pam_usb | Medium | 5.1 | 2026-05-27 20:08:03 | Deep Dive |
| CVE-2026-47272 | pam_usb: OTP pad authentication bypass via missing system pad check and uninitialized RNG buffer | mcdope | pam_usb | High | 7.1 | 2026-05-27 20:06:15 | Deep Dive |
| CVE-2026-47273 | pam_usb: XPath injection via PAM-supplied identifiers in pam_usb configuration queries | mcdope | pam_usb | Medium | 6.5 | 2026-05-27 20:03:39 | Deep Dive |
| CVE-2026-47274 | pam_usb: Uncontrolled search path in pam_usb tools allows privilege escalation via PATH manipulation | mcdope | pam_usb | Medium | 6.3 | 2026-05-27 20:02:38 | Deep Dive |
| CVE-2026-48064 | pam_usb: PAM_RHOST check skipped when deny_remote=false allows XDMCP authentication bypass | mcdope | pam_usb | High | 8.1 | 2026-05-27 19:59:53 | Deep Dive |
| CVE-2026-48065 | pam_usb: Unchecked integer multiplication before xmalloc() in conf.c allows heap-based buffer overflow on 32-bit targets | mcdope | pam_usb | Medium | 6.7 | 2026-05-27 19:58:36 | Deep Dive |
| CVE-2026-48066 | pam_usb: Thread-unsafe static pointer in log.c causes data race under concurrent PAM authentication | mcdope | pam_usb | Medium | 5.7 | 2026-05-27 19:57:43 | Deep Dive |
| CVE-2026-48792 | pam_usb: pusb_has_virtual_input_device() silently discards EACCES, disabling remote desktop detection under non-root execution | mcdope | pam_usb | Medium | 4.4 | 2026-05-27 19:55:46 | Deep Dive |
| CVE-2026-8359 | Gladinet Triofox WOSHttpStatusModule.dll NULL Function Pointer Call DoS | Gladinet | Triofox | High | 7.5 | 2026-05-27 19:49:18 | Deep Dive |
| CVE-2026-8360 | Gladinet Triofox Unchecked Return Value to NULL Pointer Dereference DOS | Gladinet | Triofox | High | 7.5 | 2026-05-27 19:47:30 | Deep Dive |
| CVE-2026-8361 | Gladinet Triofox Path Traversal in WOSDefaultHttpModule.dll | Gladinet | Triofox | High | 7.5 | 2026-05-27 19:44:39 | Deep Dive |
| CVE-2026-8362 | Gladinet Triofox Stack-based Buffer Overflow in WOSDefaultHttpModule.dll | Gladinet | Triofox | Critical | 9.8 | 2026-05-27 19:42:09 | Deep Dive |
| CVE-2026-8363 | Gladinet Triofox Stack-based Buffer Overflow in WOSDeviceDropFolder.dll | Gladinet | Triofox | Critical | 9.8 | 2026-05-27 19:40:33 | Deep Dive |
| CVE-2026-8364 | Gladinet Triofox Missing Authentication for Critical Functions | Gladinet | Triofox | Critical | 9.8 | 2026-05-27 19:38:01 | Deep Dive |
| CVE-2026-45134 | LangSmith Client SDK: Public prompt pull deserializes untrusted manifests without trust boundary warning | langchain-ai | langsmith-sdk | High | 7.1 | 2026-05-27 19:35:33 | Deep Dive |
| CVE-2026-44724 | systeminformation: Linux command injection in networkInterfaces() via unsanitized NetworkManager connection profile name | sebhildebrandt | systeminformation | High | 7.8 | 2026-05-27 19:26:28 | Deep Dive |
| CVE-2026-44590 | Sherlock: Command Injection via pull_request_target in validate_modified_targets.yml | sherlock-project | sherlock | Critical | 9.3 | 2026-05-27 19:23:02 | Deep Dive |
| CVE-2026-44681 | Authlib: Open Redirect in Authlib OIDC Implicit/Hybrid Authorization | authlib | authlib | Medium | 6.1 | 2026-05-27 19:20:44 | Deep Dive |