{"@context":{"@vocab":"https://schema.org/"},"@type":"ItemList","@id":"https://api.ai-analytics.org/api/v1/cve/recent","_source":{"data_provider":"AI Analytics","data_provider_url":"https://api.ai-analytics.org","license":"https://creativecommons.org/publicdomain/zero/1.0/","primary_source":"https://nvd.nist.gov/developers/vulnerabilities","generated_at":"2026-05-30T00:40:36.739Z"},"count":50,"filters":{"severity":null},"items":[{"cve_id":"CVE-2026-8782","published":"2026-05-18T02:16:37.753","status":"Received","cvss_score":4.3,"severity":"MEDIUM","description":"A weakness has been identified in omec-project amf up to 2.1.3-dev. This affects an unknown function of the file ngap/handler.go of the component NGAP Message Handler. This manipulation causes null po","url":"https://api.ai-analytics.org/cve/CVE-2026-8782"},{"cve_id":"CVE-2026-8781","published":"2026-05-18T02:16:37.570","status":"Received","cvss_score":4.3,"severity":"MEDIUM","description":"A security flaw has been discovered in omec-project amf up to 2.1.3-dev. The impacted element is the function RANConfiguration of the file ngap/handler.go. The manipulation results in null pointer der","url":"https://api.ai-analytics.org/cve/CVE-2026-8781"},{"cve_id":"CVE-2026-8780","published":"2026-05-18T02:16:37.383","status":"Received","cvss_score":4.3,"severity":"MEDIUM","description":"A vulnerability was identified in omec-project amf up to 2.1.3-dev. The affected element is an unknown function of the file ngap/dispatcher.go of the component NGAP Message Handler. The manipulation l","url":"https://api.ai-analytics.org/cve/CVE-2026-8780"},{"cve_id":"CVE-2026-8779","published":"2026-05-18T02:16:37.180","status":"Received","cvss_score":4.3,"severity":"MEDIUM","description":"A vulnerability was determined in omec-project amf up to 2.1.3-dev. Impacted is the function NGSetupRequest of the file ngap/handler.go. Executing a manipulation of the argument InformationElement can","url":"https://api.ai-analytics.org/cve/CVE-2026-8779"},{"cve_id":"CVE-2026-8777","published":"2026-05-18T02:16:36.990","status":"Received","cvss_score":6.3,"severity":"MEDIUM","description":"A vulnerability was found in Edimax BR-6428NS 1.10. This issue affects the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component POST Request Handler. Performing a manipulation","url":"https://api.ai-analytics.org/cve/CVE-2026-8777"},{"cve_id":"CVE-2026-8776","published":"2026-05-18T02:16:36.803","status":"Received","cvss_score":8.8,"severity":"HIGH","description":"A vulnerability has been found in Edimax BR-6428NS 1.10. This vulnerability affects the function formPPTPSetup of the file /goform/formPPTPSetup of the component POST Request Handler. Such manipulatio","url":"https://api.ai-analytics.org/cve/CVE-2026-8776"},{"cve_id":"CVE-2026-8775","published":"2026-05-18T02:16:36.627","status":"Received","cvss_score":8.8,"severity":"HIGH","description":"A flaw has been found in Edimax BR-6428NS 1.10. This affects the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. This manipulation of the argument L2TPU","url":"https://api.ai-analytics.org/cve/CVE-2026-8775"},{"cve_id":"CVE-2026-8774","published":"2026-05-18T02:16:36.433","status":"Received","cvss_score":6.3,"severity":"MEDIUM","description":"A vulnerability was detected in Edimax BR-6228NC 1.22. Affected by this issue is the function mp of the file /goform/mp of the component POST Request Handler. The manipulation of the argument command ","url":"https://api.ai-analytics.org/cve/CVE-2026-8774"},{"cve_id":"CVE-2026-8773","published":"2026-05-18T00:16:37.893","status":"Received","cvss_score":4.7,"severity":"MEDIUM","description":"A security vulnerability has been detected in linlinjava litemall up to 1.8.0. Affected by this vulnerability is the function backup/load of the file litemall-db/src/main/java/org/linlinjava/litemall/","url":"https://api.ai-analytics.org/cve/CVE-2026-8773"},{"cve_id":"CVE-2026-8772","published":"2026-05-18T00:16:37.720","status":"Received","cvss_score":4.7,"severity":"MEDIUM","description":"A weakness has been identified in linlinjava litemall up to 1.8.0. Affected is an unknown function of the component Admin Endpoint. Executing a manipulation can lead to sql injection. The attack can b","url":"https://api.ai-analytics.org/cve/CVE-2026-8772"},{"cve_id":"CVE-2026-8771","published":"2026-05-18T00:16:37.537","status":"Received","cvss_score":7.3,"severity":"HIGH","description":"A security flaw has been discovered in linlinjava litemall up to 1.8.0. This impacts the function list of the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/web/WxGoodsController.java o","url":"https://api.ai-analytics.org/cve/CVE-2026-8771"},{"cve_id":"CVE-2026-8770","published":"2026-05-18T00:16:37.343","status":"Received","cvss_score":3.3,"severity":"LOW","description":"A vulnerability was identified in continuedev continue up to 1.2.22. This affects the function lsTool of the file core/tools/implementations/lsTool.ts of the component JSON-RPC Server. Such manipulati","url":"https://api.ai-analytics.org/cve/CVE-2026-8770"},{"cve_id":"CVE-2026-8769","published":"2026-05-17T23:17:03.180","status":"Received","cvss_score":4.3,"severity":"MEDIUM","description":"A vulnerability was determined in vercel ai up to 3.0.97. The impacted element is the function createJsonResponseHandler/createJsonErrorResponseHandler of the file packages/provider-utils/src/response","url":"https://api.ai-analytics.org/cve/CVE-2026-8769"},{"cve_id":"CVE-2026-8768","published":"2026-05-17T23:17:02.997","status":"Received","cvss_score":7.3,"severity":"HIGH","description":"A vulnerability was found in vercel ai up to 3.0.97. The affected element is the function validateDownloadUrl of the file packages/provider-utils/src/download-blob.ts of the component provider-utils. ","url":"https://api.ai-analytics.org/cve/CVE-2026-8768"},{"cve_id":"CVE-2026-8767","published":"2026-05-17T23:17:02.810","status":"Received","cvss_score":5,"severity":"MEDIUM","description":"A vulnerability has been found in vercel ai up to 3.0.97. Impacted is the function run of the file .github/workflows/prettier-on-automerge.yml of the component PR Branch Name Interpolation. The manipu","url":"https://api.ai-analytics.org/cve/CVE-2026-8767"},{"cve_id":"CVE-2026-8766","published":"2026-05-17T23:17:02.640","status":"Received","cvss_score":4.3,"severity":"MEDIUM","description":"A flaw has been found in Kilo-Org kilocode up to 7.0.47. This issue affects the function Load of the file packages/opencode/src/config/config.ts of the component Environment Variable Handler. Executin","url":"https://api.ai-analytics.org/cve/CVE-2026-8766"},{"cve_id":"CVE-2026-8765","published":"2026-05-17T23:17:02.480","status":"Received","cvss_score":4.3,"severity":"MEDIUM","description":"A vulnerability was detected in Kilo-Org kilocode up to 7.0.47. This vulnerability affects the function Bun.file of the file packages/opencode/src/kilocode/review/worktree-diff.ts of the component Fil","url":"https://api.ai-analytics.org/cve/CVE-2026-8765"},{"cve_id":"CVE-2026-8764","published":"2026-05-17T22:16:21.463","status":"Received","cvss_score":7.2,"severity":"HIGH","description":"A security vulnerability has been detected in H3C Magic B3 up to 100R002. This affects the function UpdateWanParams of the file /goform/aspForm. Such manipulation of the argument param leads to buffer","url":"https://api.ai-analytics.org/cve/CVE-2026-8764"},{"cve_id":"CVE-2026-8721","published":"2026-05-17T19:16:25.310","status":"Received","cvss_score":null,"severity":null,"description":"Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs.\n\nPassword parameters in PKCS12.xs are declared char *, which routes through Perl's default typemap to SvP","url":"https://api.ai-analytics.org/cve/CVE-2026-8721"},{"cve_id":"CVE-2026-8507","published":"2026-05-17T19:16:24.590","status":"Received","cvss_score":null,"severity":null,"description":"Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws.\n\nWhen parsing a PKCS12 file, with a >= 1 GiB OCTET STRING (or BIT STRING) attribute on a SAFEBAG, via info()","url":"https://api.ai-analytics.org/cve/CVE-2026-8507"},{"cve_id":"CVE-2026-46720","published":"2026-05-17T18:16:27.397","status":"Received","cvss_score":null,"severity":null,"description":"Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric injections.\n\nThe metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources co","url":"https://api.ai-analytics.org/cve/CVE-2026-46720"},{"cve_id":"CVE-2026-8759","published":"2026-05-17T15:16:20.843","status":"Received","cvss_score":7.3,"severity":"HIGH","description":"A vulnerability was identified in xiandafu beetl up to 3.20.2. Affected is an unknown function of the file beetl-classic-integration/beetl-spring-classic/src/main/java/org/beetl/ext/spring/SpELFunctio","url":"https://api.ai-analytics.org/cve/CVE-2026-8759"},{"cve_id":"CVE-2026-8758","published":"2026-05-17T14:16:22.327","status":"Received","cvss_score":7.3,"severity":"HIGH","description":"A vulnerability was determined in Metasoft 美特软件 MetaCRM up to 6.4.0 Beta06. This impacts an unknown function of the file /common/jsp/upload3.jsp. Executing a manipulation of the argument File can lead","url":"https://api.ai-analytics.org/cve/CVE-2026-8758"},{"cve_id":"CVE-2026-8757","published":"2026-05-17T14:16:21.380","status":"Received","cvss_score":7.3,"severity":"HIGH","description":"A vulnerability was found in adenhq hive up to 0.11.0. This affects the function _read_events_tail of the file core/framework/server/routes_sessions.py of the component Delete Request Handler. Perform","url":"https://api.ai-analytics.org/cve/CVE-2026-8757"},{"cve_id":"CVE-2026-8756","published":"2026-05-17T13:16:46.410","status":"Received","cvss_score":7.3,"severity":"HIGH","description":"A vulnerability has been found in fishaudio Bert-VITS2 up to 8f7fbd8c4770965225d258db548da27dc8dd934c. The impacted element is the function generate_config of the file webui_preprocess.py of the compo","url":"https://api.ai-analytics.org/cve/CVE-2026-8756"},{"cve_id":"CVE-2026-8755","published":"2026-05-17T13:16:46.260","status":"Received","cvss_score":7.3,"severity":"HIGH","description":"A flaw has been found in fishaudio Bert-VITS2 up to 8f7fbd8c4770965225d258db548da27dc8dd934c. The affected element is the function _get_all_models of the file hiyoriUI.py of the component Model Handle","url":"https://api.ai-analytics.org/cve/CVE-2026-8755"},{"cve_id":"CVE-2026-8754","published":"2026-05-17T13:16:46.107","status":"Received","cvss_score":6.3,"severity":"MEDIUM","description":"A vulnerability was detected in AstrBotDevs AstrBot up to 4.23.5. Impacted is the function post_file of the file astrbot/dashboard/routes/chat.py of the component File Upload Handler. The manipulation","url":"https://api.ai-analytics.org/cve/CVE-2026-8754"},{"cve_id":"CVE-2026-8753","published":"2026-05-17T13:16:45.940","status":"Received","cvss_score":6.3,"severity":"MEDIUM","description":"A security vulnerability has been detected in kalcaddle Kodbox up to 1.64. This issue affects the function parseVideoInfo of the file /workspace/source-code/plugins/fileThumb/lib/VideoResize.class.php","url":"https://api.ai-analytics.org/cve/CVE-2026-8753"},{"cve_id":"CVE-2018-25339","published":"2026-05-17T13:16:45.710","status":"Received","cvss_score":8.2,"severity":"HIGH","description":"Zechat 1.5 contains a SQL injection vulnerability in the v parameter that allows unauthenticated attackers to extract database information using time-based blind techniques. Attackers can exploit the ","url":"https://api.ai-analytics.org/cve/CVE-2018-25339"},{"cve_id":"CVE-2018-25338","published":"2026-05-17T13:16:45.590","status":"Received","cvss_score":8.2,"severity":"HIGH","description":"Zechat 1.5 contains a SQL injection vulnerability in the hashtag parameter that allows unauthenticated attackers to extract database information using union-based techniques. Attackers can exploit the","url":"https://api.ai-analytics.org/cve/CVE-2018-25338"},{"cve_id":"CVE-2018-25337","published":"2026-05-17T13:16:45.470","status":"Received","cvss_score":4.3,"severity":"MEDIUM","description":"Joomla JoomOCShop 1.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious HTML for","url":"https://api.ai-analytics.org/cve/CVE-2018-25337"},{"cve_id":"CVE-2018-25336","published":"2026-05-17T13:16:45.343","status":"Received","cvss_score":5.3,"severity":"MEDIUM","description":"Joomla jCart for OpenCart 2.3.0.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information without authentication. Attackers can craft malicious HTM","url":"https://api.ai-analytics.org/cve/CVE-2018-25336"},{"cve_id":"CVE-2018-25335","published":"2026-05-17T13:16:45.220","status":"Received","cvss_score":9.8,"severity":"CRITICAL","description":"WordPress Plugin Peugeot Music 1.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the upload.php endpoint. ","url":"https://api.ai-analytics.org/cve/CVE-2018-25335"},{"cve_id":"CVE-2018-25334","published":"2026-05-17T13:16:45.097","status":"Received","cvss_score":5.4,"severity":"MEDIUM","description":"Zechat 1.5 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows an attacker to change a user's information by bypassing anti-CSRF protections. The application uses a CSRF token, but ","url":"https://api.ai-analytics.org/cve/CVE-2018-25334"},{"cve_id":"CVE-2018-25333","published":"2026-05-17T13:16:44.970","status":"Received","cvss_score":8.2,"severity":"HIGH","description":"Nordex N149/4.0-4.5 Wind Turbine Web Server 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the l","url":"https://api.ai-analytics.org/cve/CVE-2018-25333"},{"cve_id":"CVE-2018-25332","published":"2026-05-17T13:16:44.840","status":"Received","cvss_score":9.8,"severity":"CRITICAL","description":"GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generation and insecure file upload","url":"https://api.ai-analytics.org/cve/CVE-2018-25332"},{"cve_id":"CVE-2018-25331","published":"2026-05-17T13:16:44.710","status":"Received","cvss_score":6.1,"severity":"MEDIUM","description":"Zenar Content Management System contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating form parameters in POST requests. Attack","url":"https://api.ai-analytics.org/cve/CVE-2018-25331"},{"cve_id":"CVE-2018-25330","published":"2026-05-17T13:16:44.573","status":"Received","cvss_score":8.2,"severity":"HIGH","description":"Joomla! extension EkRishta 2.10 contains persistent cross-site scripting and SQL injection vulnerabilities that allow attackers to inject malicious code through profile fields and POST parameters. Att","url":"https://api.ai-analytics.org/cve/CVE-2018-25330"},{"cve_id":"CVE-2018-25329","published":"2026-05-17T13:16:44.443","status":"Received","cvss_score":7.5,"severity":"HIGH","description":"WordPress Plugin WP with Spritz 1.0 contains a remote file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by injecting file paths into the url parameter. Attacke","url":"https://api.ai-analytics.org/cve/CVE-2018-25329"},{"cve_id":"CVE-2018-25328","published":"2026-05-17T13:16:44.310","status":"Received","cvss_score":8.4,"severity":"HIGH","description":"VX Search 10.6.18 contains a local buffer overflow vulnerability that allows attackers to overwrite the instruction pointer by supplying an oversized string in the directory field. Attackers can craft","url":"https://api.ai-analytics.org/cve/CVE-2018-25328"},{"cve_id":"CVE-2018-25327","published":"2026-05-17T13:16:44.183","status":"Received","cvss_score":5.3,"severity":"MEDIUM","description":"Joomla! Component Js Jobs 1.2.0 contains a cross-site request forgery vulnerability that allows attackers to perform state-changing actions without token validation. Attackers can craft malicious HTML","url":"https://api.ai-analytics.org/cve/CVE-2018-25327"},{"cve_id":"CVE-2018-25326","published":"2026-05-17T13:16:44.050","status":"Received","cvss_score":7.5,"severity":"HIGH","description":"Google Drive for WordPress 2.2 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by injecting directory traversal sequences in the file_name paramet","url":"https://api.ai-analytics.org/cve/CVE-2018-25326"},{"cve_id":"CVE-2018-25325","published":"2026-05-17T13:16:43.923","status":"Received","cvss_score":7.5,"severity":"HIGH","description":"Woocommerce CSV Importer 3.3.6 contains a path traversal vulnerability that allows any registered user to delete arbitrary files by submitting unescaped filenames through the delete_export_file AJAX a","url":"https://api.ai-analytics.org/cve/CVE-2018-25325"},{"cve_id":"CVE-2018-25324","published":"2026-05-17T13:16:43.787","status":"Received","cvss_score":6.2,"severity":"MEDIUM","description":"Simple Fields 0.2 through 0.3.5 WordPress Plugin contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by injecting null bytes into the wp_abspath","url":"https://api.ai-analytics.org/cve/CVE-2018-25324"},{"cve_id":"CVE-2018-25323","published":"2026-05-17T13:16:43.663","status":"Received","cvss_score":8.4,"severity":"HIGH","description":"Allok AVI DivX MPEG to DVD Converter 2.6.1217 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious paylo","url":"https://api.ai-analytics.org/cve/CVE-2018-25323"},{"cve_id":"CVE-2018-25322","published":"2026-05-17T13:16:43.537","status":"Received","cvss_score":8.4,"severity":"HIGH","description":"Allok Fast AVI MPEG Splitter 1.2 contains a stack based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious license name string. Attackers can ","url":"https://api.ai-analytics.org/cve/CVE-2018-25322"},{"cve_id":"CVE-2018-25321","published":"2026-05-17T13:16:43.403","status":"Received","cvss_score":4.3,"severity":"MEDIUM","description":"TP-Link TL-WR720N wireless router contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious web requests. Attackers","url":"https://api.ai-analytics.org/cve/CVE-2018-25321"},{"cve_id":"CVE-2018-25320","published":"2026-05-17T13:16:43.270","status":"Received","cvss_score":9.8,"severity":"CRITICAL","description":"ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability that allows attackers to execute arbitrary commands by leveraging the EXECUTE function. Attackers can u","url":"https://api.ai-analytics.org/cve/CVE-2018-25320"},{"cve_id":"CVE-2018-25319","published":"2026-05-17T13:16:43.123","status":"Received","cvss_score":7.1,"severity":"HIGH","description":"Redaxo CMS Addon MyEvents 2.2.1 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the myevents_id parameter. Atta","url":"https://api.ai-analytics.org/cve/CVE-2018-25319"},{"cve_id":"CVE-2026-8752","published":"2026-05-17T12:16:43.330","status":"Received","cvss_score":5.3,"severity":"MEDIUM","description":"A weakness has been identified in h2oai h2o-3 up to 7402. This vulnerability affects the function exec of the file h2o-core/src/main/java/water/rapids/ast/prims/misc/AstSetProperty.java of the compone","url":"https://api.ai-analytics.org/cve/CVE-2026-8752"}]}