Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
0.0 NA
CVE-2026-7692 — Wavlink WL-WN570HA1 adm.cgi ping_ddns command injection

A vulnerability was detected in Wavlink WL-WN570HA1 R70HA1 V1410_221110. The affected element is the function ping_ddns of the file /cgi-bin/adm.cgi. Performing a manipulation of the argument DDNS re…

| Injection
May 03, 2026 May 03, 2026
May 03, 2026
May 03, 2026
6.5 MEDIUM
CVE-2026-7690 — Wavlink WL-WN570HA1 adm.cgi set_sys_adm command injection

A weakness has been identified in Wavlink WL-WN570HA1 R70HA1 V1410_221110. This issue affects the function set_sys_adm of the file /cgi-bin/adm.cgi. This manipulation of the argument Username causes …

Remote | Injection
May 03, 2026 May 03, 2026
May 03, 2026
May 03, 2026
3.7 LOW
CVE-2026-7689 — Dolibarr ERP CRM Online Signature security.lib.php dol_verifyHash signature verification

A security flaw has been discovered in Dolibarr ERP CRM up to 23.0.2. This vulnerability affects the function dol_verifyHash in the library htdocs/core/lib/security.lib.php of the component Online Si…

Remote | Cryptography
May 03, 2026 May 03, 2026
May 03, 2026
May 03, 2026
5.0 MEDIUM
CVE-2026-7688 — Dolibarr ERP CRM Shipments API Endpoint expedition.class.php _checkValForAPI sql injection

A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. This affects the function _checkValForAPI of the file htdocs/expedition/class/expedition.class.php of the component Shipments API Endp…

Remote | Injection
May 03, 2026 May 03, 2026
May 03, 2026
May 03, 2026
0.0 NA
CVE-2026-7691 — Wavlink WL-WN570HA1 adm.cgi set_sys_cmd command injection

A security vulnerability has been detected in Wavlink WL-WN570HA1 R70HA1 V1410_221110. Impacted is the function set_sys_cmd of the file /cgi-bin/adm.cgi. Such manipulation of the argument command lea…

| Injection
May 03, 2026 May 03, 2026
May 03, 2026
May 03, 2026
6.5 MEDIUM
CVE-2026-7687 — langflow-ai langflow Full Builtins code_parser.py CodeParser.parse_callable_details comma…

A vulnerability was determined in langflow-ai langflow up to 1.8.4. Affected by this issue is the function CodeParser.parse_callable_details of the file src/lfx/src/lfx/custom/code_parser/code_parser…

Remote | Injection
May 03, 2026 May 03, 2026
May 03, 2026
May 03, 2026
5.5 MEDIUM
CVE-2026-7686 — eyeo Adblock Plus Legacy Premium Activation premium.preload.js postMessage access control

A vulnerability was found in eyeo Adblock Plus up to 4.36.2 on Chrome. Affected by this vulnerability is the function postMessage of the file premium.preload.js of the component Legacy Premium Activa…

Remote | Authorization
May 03, 2026 May 03, 2026
May 03, 2026
May 03, 2026
9.0 HIGH
CVE-2026-7685 — Edimax BR-6208AC setWAN buffer overflow

A vulnerability was detected in Edimax BR-6208AC up to 1.02. Affected is an unknown function of the file /goform/setWAN. Performing a manipulation of the argument pptpDfGateway  results in buffer ove…

Remote | Memory Corruption
May 03, 2026 May 03, 2026
May 03, 2026
May 03, 2026
9.0 HIGH
CVE-2026-7684 — Edimax BR-6428nC setWAN buffer overflow

A security vulnerability has been detected in Edimax BR-6428nC up to 1.16. This impacts an unknown function of the file /goform/setWAN. Such manipulation of the argument pptpDfGateway  leads to buffe…

Remote | Memory Corruption
May 03, 2026 May 03, 2026
May 03, 2026
May 03, 2026
6.5 MEDIUM
CVE-2026-7683 — Edimax BR-6428nC Web setWAN command injection

A weakness has been identified in Edimax BR-6428nC up to 1.16. This affects an unknown function of the file /goform/setWAN of the component Web Interface. This manipulation of the argument pppUserNam…

Remote | Injection
May 03, 2026 May 03, 2026
May 03, 2026
May 03, 2026
6.5 MEDIUM
CVE-2026-7682 — Edimax BR-6208AC L2TP Mode setWAN command injection

A security flaw has been discovered in Edimax BR-6208AC 1.02. The impacted element is the function setWAN of the file /goform/setWAN of the component L2TP Mode. The manipulation of the argument L2TPU…

Remote | Injection
May 03, 2026 May 03, 2026
May 03, 2026
May 03, 2026
0.0 NA
CVE-2026-5337 — Frontend File Manager Plugin <= 23.6 - Subscriber+ Arbitrary Download Access via IDOR

During the analysis, it was identified that authenticated attackers with Subscriber-level access or higher are able to perform an Insecure Direct Object Reference (IDOR) attack. This vulnerability ex…

| Authorization
May 03, 2026 May 03, 2026
May 03, 2026
May 03, 2026
6.5 MEDIUM
CVE-2026-7681 — jsbroks COCO Annotator Dataset API datasets.py authorization

A security vulnerability has been detected in jsbroks COCO Annotator up to 0.11.1. Affected by this vulnerability is an unknown functionality of the file backend/webserver/api/datasets.py of the comp…

Remote | Authorization
May 03, 2026 May 03, 2026
May 03, 2026
May 03, 2026
4.3 MEDIUM
CVE-2026-7680 — jsbroks COCO Annotator Data Endpoint datasets.py path traversal

A weakness has been identified in jsbroks COCO Annotator up to 0.11.1. Affected is an unknown function of the file backend/webserver/api/datasets.py of the component Data Endpoint. Executing a manipu…

Remote | Path Traversal
May 03, 2026 May 03, 2026
May 03, 2026
May 03, 2026
7.2 HIGH
CVE-2026-5063 — NEX-Forms <= 9.1.11 - Unauthenticated Stored Cross-Site Scripting via POST Parameter Key …

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via POST parameter key names in the submit_nex_form() function in versions up to,…

Remote | Cross-Site Scripting
May 03, 2026 May 03, 2026
May 03, 2026
May 03, 2026
7.5 HIGH
CVE-2026-7679 — YunaiV yudao-cloud OAuth2TokenServiceImpl.java getAccessToken improper authentication

A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This impacts the function getAccessToken of the file yudao-module-system-biz/src/main/java/io/github/ruoyi/common/oauth2/servi…

Remote | Authentication
May 03, 2026 May 03, 2026
May 03, 2026
May 03, 2026
6.5 MEDIUM
CVE-2026-7678 — YunaiV yudao-cloud GoViewDataServiceImpl.java getDataBySQL sql injection

A vulnerability was identified in YunaiV yudao-cloud up to 2026.01. This affects the function getDataBySQL of the file yudao-module-report-biz/src/main/java/io/github/ruoyi/report/service/impl/GoView…

Remote | Injection
May 03, 2026 May 03, 2026
May 03, 2026
May 03, 2026
4.0 MEDIUM
CVE-2026-7677 — kerwincui FastBee System Notice SysNoticeController.java add cross site scripting

A vulnerability was determined in kerwincui FastBee up to 1.2.1. The impacted element is the function Add of the file springboot/fastbee-admin/src/main/java/com/fastbee/web/controller/system/SysNotic…

Remote | Cross-Site Scripting
May 03, 2026 May 03, 2026
May 03, 2026
May 03, 2026
4.3 MEDIUM
CVE-2026-7676 — kerwincui FastBee Tool Download Endpoint ToolController.java ToolController.download path…

A vulnerability was found in kerwincui FastBee up to 1.2.1. The affected element is the function ToolController.download of the file springboot/fastbee-open-api/src/main/java/com/fastbee/data/control…

Remote | Path Traversal
May 03, 2026 May 03, 2026
May 03, 2026
May 03, 2026
9.0 HIGH
CVE-2026-7675 — Shenzhen Libituo Technology LBT-T300-HW1 apply.cgi start_lan buffer overflow

A vulnerability has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. Impacted is the function start_lan of the file /apply.cgi. The manipulation of the argument Channel/ApCliSsid l…

Remote | Memory Corruption
May 03, 2026 May 03, 2026
May 03, 2026
May 03, 2026
Showing 20 of 5657 Results