Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
9.1 CRITICAL
CVE-2026-8598 — Unauthenticated Export Service in ZKTeco CCTV Cameras

An undocumented configuration export port is accessible on some models of ZKTeco CCTV cameras. This port does not require authentication and exposes critical information about the camera such as op…

Remote | Information Disclosure
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
5.3 MEDIUM
CVE-2026-4293 — Kieback & Peter DDC Building Controllers Cross-site Scripting

The affected Kieback & Peter DDC building controllers are vulnerable to cross-site scripting, enabling JavaScript to be executed by the victim's browser, which allows the attacker to control the brow…

Remote | Cross-Site Scripting
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
7.5 HIGH
CVE-2025-32750 — Dell PowerFlex Manager Directory Listing Vulnerability

Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Exposure of Information Through Directory Listing vulnerability. An unauthenticated attacker with remote access could potentially exploit thi…

Remote | Information Disclosure
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
6.0 MEDIUM
CVE-2026-9084 — MISP OIDC authentication bypass via automatic email-based account linking under insecure …

MISP’s OIDC authentication plugin allowed automatic linking of an OIDC identity to an existing local user account based on the email claim when the local account had no stored sub value. Under insecu…

| Authentication
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
7.6 HIGH
CVE-2026-5783 — Reflected XSS in Beyaz Computer's CityPLus

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Beyaz Computer Software Design Industry and Trade Ltd. Co. CityPLus allows Reflected XSS. This i…

Remote | Cross-Site Scripting
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
5.9 MEDIUM
CVE-2026-8485 — Uncontrolled Memory Allocation vulnerability in Progress Software MOVEit Automation

Uncontrolled Memory Allocation vulnerability in Progress Software MOVEit Automation allows Excessive Allocation. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7.

Remote | Memory Corruption
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
8.2 HIGH
CVE-2026-8469 — Unauthenticated denial-of-service via BEAM atom table exhaustion in phoenix_storybook

Allocation of Resources Without Limits or Throttling vulnerability in phenixdigital phoenix_storybook allows unauthenticated denial-of-service via BEAM atom table exhaustion. Multiple LiveView event…

Remote | Denial of Service
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
9.5 CRITICAL
CVE-2026-8467 — Unauthenticated remote code execution via HEEx template injection in phoenix_storybook pl…

Code Injection vulnerability in phenixdigital phoenix_storybook allows unauthenticated remote code execution via unsanitized attribute value interpolation in HEEx template generation. The psb-assign…

Remote | Injection
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
2.3 LOW
CVE-2026-47068 — Cross-session PubSub topic injection via URL parameter in phoenix_storybook

Authorization Bypass Through User-Controlled Key vulnerability in phenixdigital phoenix_storybook allows cross-session PubSub topic injection via a URL query parameter. 'Elixir.PhoenixStorybook.Stor…

Remote | Authorization
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
8.8 HIGH
CVE-2026-24425 — Twig 2.16.x & 3.9.0-3.25.x Sandbox Bypass via SourcePolicyInterface

Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows attackers with template rendering capabilities to pass arbitrary PH…

Remote | Misconfiguration
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
7.8 HIGH
CVE-2026-22554 — MediaArea MediaInfoLib Heap Overflow

MediaArea MediaInfoLib Channel Splitting heap-based buffer overflow vulnerability

| Memory Corruption
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
6.5 MEDIUM
CVE-2026-21836 — HCL DominoIQ is affected by broken access control

The HCL DominoIQ RAG feature is affected by a Broken Access Control vulnerability.  Under certain circumstances, document level access restrictions will be ignored when determining what data to retur…

Remote | Authorization
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
4.3 MEDIUM
CVE-2026-8488 — Allocation of resources without limits or throttling vulnerability in Progress Software M…

Allocation of resources without limits or throttling vulnerability in Progress Software MOVEit Automation allows Excessive Allocation. This issue affects MOVEit Automation: before 2025.0.11, from 20…

Remote | Denial of Service
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
4.1 MEDIUM
CVE-2023-7346 — Ledger Bitcoin App 2.1.0 Address Derivation Error via Miniscript

Ledger Bitcoin app versions 2.1.0 and 2.1.1 contain an address derivation vulnerability that allows attackers to cause incorrect Bitcoin addresses to be displayed by exploiting improper handling of m…

| Cryptography
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
6.5 MEDIUM
CVE-2026-8487 — Incorrect default permissions vulnerability in Progress Software MOVEit Automation

Incorrect default permissions vulnerability in Progress Software MOVEit Automation allows Retrieve Embedded Sensitive Data. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 befo…

Remote | Information Disclosure
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
5.3 MEDIUM
CVE-2026-8486 — Allocation of resources without limits or throttling vulnerability in Progress Software M…

Allocation of resources without limits or throttling vulnerability in Progress Software MOVEit Automation allows Flooding. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 befor…

Remote | Denial of Service
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
5.3 MEDIUM
CVE-2026-5950 — Unbounded resend loop in BIND 9 resolver

An unbounded resend loop vulnerability exists in the BIND 9 resolver state machine during bad-server handling, enabling a remote unauthenticated attacker to cause severe resource exhaustion by sendin…

Remote | Denial of Service
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
7.5 HIGH
CVE-2026-5947 — SIG(0) validation during query flood may lead to undefined behavior

Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG(0), it begins work to validate that signature. …

Remote | Race Condition
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
7.5 HIGH
CVE-2026-5946 — Invalid handling of CLASS != IN

Multiple flaws have been identified in `named` related to the handling of DNS messages whose CLASS is not Internet (`IN`) — for example, `CHAOS` or `HESIOD`, or DNS messages that specify meta-classes…

Remote | Denial of Service
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
8.1 HIGH
CVE-2026-45584 — Microsoft Defender Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Defender allows an unauthorized attacker to execute code over a network.

May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
Showing 20 of 6417 Results