CVE Prioritization
Triage CVEs by EPSS, CISA KEV, PoC availability, attack complexity, and in-feed incidents.
50
Total CVEs
6
Critical
1
KEV / Exploited
0
PoC Exists
0
Zero Day
1
Patch Available
| CVE ID | Published | Severity | EPSS Score | Complexity | Status | PoC | Patch | Due Date | Feed Hits | Description | |
|---|---|---|---|---|---|---|---|---|---|---|---|
| 14 May 2026 | HIGH 8.8 |
0.0%
|
LOW |
—
|
— | — | — | 0 | Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, a trust_remote_code bypass in DiffusionPip | Details | |
| 14 May 2026 | HIGH 7.4 |
0.0%
|
HIGH |
—
|
— | — | — | 0 | Katalyst Koi is a framework for building Rails admin functionality. Prior to 4.20.0 and 5.6.0, admin session cookies wer | Details | |
| 14 May 2026 | LOW 2.5 |
0.0%
|
HIGH |
—
|
— | — | — | 0 | PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in compute_ha | Details | |
| 14 May 2026 | MEDIUM 5.8 |
0.0%
|
LOW |
—
|
— | — | — | 0 | css_parser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0, the CSS Parser gem does not validate HTTPS connections, allo | Details | |
| 14 May 2026 | CRITICAL 9.1 |
0.0%
|
LOW |
—
|
— | — | — | 0 | Valtimo is an open-source business process automation platform. com.ritense.valtimo:document from 12.0.0 to before 12.32 | Details | |
| 14 May 2026 | HIGH 8.6 |
0.0%
|
LOW |
—
|
— | — | — | 0 | A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, | Details | |
| 14 May 2026 | MEDIUM 5.4 |
0.0%
|
LOW |
—
|
— | — | — | 0 | A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, r | Details | |
| 14 May 2026 | MEDIUM 5.4 |
0.0%
|
LOW |
—
|
— | — | — | 0 | A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, r | Details | |
| 14 May 2026 | CRITICAL 10 |
0.0%
|
LOW |
KEV
|
— | 2026-05-17 | 7 | May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fi | Details | ||
| 14 May 2026 | LOW 2.6 |
0.0%
|
HIGH |
—
|
— | — | — | 0 | HCL AION is affected by a vulnerability where sensitive information may be included in URL parameters. Passing sensitive | Details | |
| 14 May 2026 | LOW 2.3 |
0.0%
|
HIGH |
—
|
— | — | — | 0 | HCL AION is affected by a vulnerability where certain security-related HTTP response headers are not properly configured | Details | |
| 14 May 2026 | MEDIUM 5.4 |
0.0%
|
LOW |
—
|
— | — | — | 0 | HCL AION is affected by a vulnerability where adequate protections against brute-force attempts are not enforced. This m | Details | |
| 14 May 2026 | LOW 3 |
0.0%
|
LOW |
—
|
— | — | — | 0 | HCL AION is affected by a vulnerability where basic authorization tokens are used for authentication. Use of basic autho | Details | |
| 14 May 2026 | MEDIUM 4.3 |
0.0%
|
HIGH |
—
|
— | — | — | 0 | HCL AION is affected by a vulnerability where backend service details may be transmitted over insecure HTTP channels. Th | Details | |
| 14 May 2026 | MEDIUM 5.4 |
0.0%
|
HIGH |
—
|
— | — | — | 0 | HCL AION is affected by a vulnerability where encryption is not enforced for certain data transmissions or operations. T | Details | |
| 14 May 2026 | LOW 2.6 |
0.0%
|
HIGH |
—
|
— | — | — | 0 | HCL AION is affected by a vulnerability where auto-complete functionality is enabled for certain input fields. This may | Details | |
| 14 May 2026 | MEDIUM 5.1 |
0.0%
|
HIGH |
—
|
— | — | — | 0 | HCL AION is affected by a vulnerability where sensitive backend infrastructure details may be exposed. Exposure of such | Details | |
| 14 May 2026 | MEDIUM 5.1 |
0.0%
|
HIGH |
—
|
— | — | — | 0 | HCL AION is affected by a vulnerability where certain operations may trigger out-of-band interactions, potentially resul | Details | |
| 14 May 2026 | — |
0.0%
|
— |
—
|
— | — | — | 0 | Aegra is a drop-in replacement for LangSmith Deployments. Prior to 0.9.7, with multiple authenticated users on a shared | Details | |
| 14 May 2026 | — |
0.0%
|
— |
—
|
— | — | — | 0 | The RedirectHandler middleware in microsoft/kiota-java (com.microsoft.kiota:microsoft-kiota-http-okHttp v1.9.0) and othe | Details | |
| 14 May 2026 | MEDIUM 4.3 |
0.0%
|
LOW |
—
|
— | — | — | 0 | DataHub is an open-source metadata platform. Prior to 1.5.0.3, The DataHub frontend (datahub-frontend-react) deserialize | Details | |
| 14 May 2026 | MEDIUM 5.9 |
0.0%
|
HIGH |
—
|
— | — | — | 0 | Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the /forms/chromium/convert/url and /forms/c | Details | |
| 14 May 2026 | CRITICAL 9.4 |
0.0%
|
LOW |
—
|
— | — | — | 0 | Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, the default deny-lists used by Gotenberg's d | Details | |
| 14 May 2026 | HIGH 8.6 |
0.0%
|
LOW |
—
|
— | — | — | 0 | Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, Gotenberg's Chromium URL-to-PDF endpoint (/f | Details | |
| 14 May 2026 | HIGH 7.5 |
0.0%
|
LOW |
—
|
— | — | — | 0 | Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the webhook middleware spawns a goroutine th | Details | |
| 14 May 2026 | MEDIUM 5.3 |
0.0%
|
LOW |
—
|
— | — | — | 0 | Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, pdfengines/merge, pdfengines/split, libreoff | Details | |
| 14 May 2026 | MEDIUM 5.3 |
0.0%
|
LOW |
—
|
— | — | — | 0 | Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, FilterOutboundURL resolves the hostname, che | Details | |
| 14 May 2026 | HIGH 8.2 |
0.0%
|
LOW |
—
|
— | — | — | 0 | Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the LibreOffice conversion endpoint (/forms/ | Details | |
| 14 May 2026 | HIGH 8.2 |
0.0%
|
LOW |
—
|
— | — | — | 0 | Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.30.0, The ExifTool metadata write blocklist in Got | Details | |
| 14 May 2026 | CRITICAL 9.8 |
0.0%
|
LOW |
—
|
— | — | — | 0 | Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg's /forms/pdfengines/metadata/write | Details | |
| 14 May 2026 | HIGH 7.7 |
0.0%
|
HIGH |
—
|
— | — | — | 0 | DevSpace is a client-only developer tool for cloud-native development with Kubernetes. Prior to 6.3.21, DevSpace's UI se | Details | |
| 14 May 2026 | — |
0.0%
|
— |
—
|
— | — | — | 0 | MagicMirror² is an open source modular smart mirror platform. Prior to 2.36.0, an unauthenticated Server-Side Request Fo | Details | |
| 14 May 2026 | — |
0.0%
|
— |
—
|
— | — | — | 0 | Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and veri | Details | |
| 14 May 2026 | HIGH 8.2 |
0.0%
|
LOW |
—
|
— | — | — | 0 | Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg only checks if the tag is exactly | Details | |
| 14 May 2026 | — |
0.0%
|
— |
—
|
— | — | — | 0 | PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. Versions 2.6.2 and 2.6.2 have introdu | Details | |
| 14 May 2026 | CRITICAL 9.6 |
0.0%
|
LOW |
—
|
— | — | — | 0 | soundcloud-rpc is a SoundCloud Client with Discord Rich Presence, Dark Mode, Last.fm and AdBlock support. Prior to 0.1.8 | Details | |
| 14 May 2026 | HIGH 7.5 |
0.0%
|
LOW |
—
|
— | — | — | 0 | Nerdbank.MessagePack is a NativeAOT-compatible MessagePack serialization library. Prior to 1.1.62, Nerdbank.MessagePack | Details | |
| 14 May 2026 | MEDIUM 4.3 |
0.0%
|
LOW |
—
|
— | — | — | 0 | Backstage is an open framework for building developer portals. Prior to 0.6.11, the unprocessed entities read endpoints | Details | |
| 14 May 2026 | — |
0.0%
|
— |
—
|
— | — | — | 0 | Open OnDemand is an open-source high-performance computing portal. Prior to 4.0.11, 4.1.5, and 4.2.2, specially crafted | Details | |
| 14 May 2026 | — |
0.0%
|
— |
—
|
— | — | — | 0 | Spring Cloud AWS simplifies using AWS managed services in a Spring and Spring Boot applications. From 3.0.0 to 4.0.1, pp | Details | |
| 14 May 2026 | — |
0.0%
|
— |
—
|
— | — | — | 0 | Wasmtime is a runtime for WebAssembly. From 30.0.0 to 36.0.8, 43.0.2, and 44.0.1, Wasmtime's allocation logic for a WebA | Details | |
| 14 May 2026 | — |
0.0%
|
— |
—
|
— | — | — | 0 | STIGQter is an open-source reimplementation of DISA's STIG Viewer. From 0.1.2 to before 1.2.7, an attacker can achieve l | Details | |
| 14 May 2026 | HIGH 8.8 |
0.0%
|
LOW |
—
|
— | — | — | 0 | RMCP is an official Rust SDK for the Model Context Protocol. Prior to version 1.4.0, the rmcp crate's Streamable HTTP se | Details | |
| 14 May 2026 | CRITICAL 9 |
0.0%
|
LOW |
—
|
— | — | — | 0 | vCluster Platform provides a Kubernetes platform for managing virtual clusters, multi-tenancy, and cluster sharing. Prio | Details | |
| 14 May 2026 | — |
0.0%
|
— |
—
|
— | — | — | 0 | OpenBao is an open source identity-based secrets management system. Prior to 2.5.3, when OpenBao's initial namespace del | Details | |
| 14 May 2026 | HIGH 7.2 |
0.0%
|
LOW |
—
|
— | — | — | 0 | Vvveb before 1.0.8.3 contains an unrestricted file upload vulnerability in the plugin upload endpoint that allows super_ | Details | |
| 14 May 2026 | HIGH 7.1 |
0.0%
|
LOW |
—
|
— | — | — | 0 | Vvveb before 1.0.8.3 contains an uncontrolled recursion vulnerability in the admin controller dispatch cycle where Base: | Details | |
| 14 May 2026 | MEDIUM 5.3 |
0.0%
|
LOW |
—
|
— | — | — | 0 | Vvveb before 1.0.8.3 contains a directory listing information disclosure vulnerability that allows unauthenticated attac | Details | |
| 14 May 2026 | MEDIUM 6.1 |
0.0%
|
LOW |
—
|
— | — | — | 0 | Vvveb before 1.0.8.3 contains a stored cross-site scripting vulnerability in the customer signup flow where the Signup:: | Details | |
| 14 May 2026 | HIGH 7.3 |
0.2%
|
LOW |
—
|
— | — | — | 0 | Northern.tech CFEngine Enterprise and Community before 3.21.8, 3.24.3, and 3.27.0 allows Command injection. | Details |