Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.5 MEDIUM
CVE-2026-8786 — Tencent WeKnora Config API Endpoint initialization.go getKnowledgeBaseForInitialization a…

A vulnerability has been found in Tencent WeKnora up to 0.3.6. Affected by this issue is the function getKnowledgeBaseForInitialization of the file internal/handler/initialization.go of the component…

Remote | Authorization
May 18, 2026 May 18, 2026
May 18, 2026
May 18, 2026
7.5 HIGH
CVE-2026-8785 — projectworlds hospital-management-system-in-php GET Parameter update_info.php getAllPatie…

A flaw has been found in projectworlds hospital-management-system-in-php 1.0. Affected by this vulnerability is the function getAllPatientDetail of the file update_info.php of the component GET Param…

Remote | Injection
May 18, 2026 May 18, 2026
May 18, 2026
May 18, 2026
4.2 MEDIUM
CVE-2026-8784 — npitre cramfs-tools cramfsck.c change_file_status symlink

A vulnerability was detected in npitre cramfs-tools up to 2.2. Affected is the function change_file_status of the file cramfsck.c. Performing a manipulation results in symlink following. The attack r…

| Path Traversal
May 18, 2026 May 18, 2026
May 18, 2026
May 18, 2026
4.3 MEDIUM
CVE-2026-8783 — omec-project amf dispatcher.go UERadioCapabilityCheckResponse null pointer dereference

A security vulnerability has been detected in omec-project amf up to 2.1.3-dev. This impacts the function UERadioCapabilityCheckResponse of the file ngap/dispatcher.go. Such manipulation leads to nul…

Remote | Memory Corruption
May 18, 2026 May 18, 2026
May 18, 2026
May 18, 2026
4.3 MEDIUM
CVE-2026-8782 — omec-project amf NGAP Message handler.go null pointer dereference

A weakness has been identified in omec-project amf up to 2.1.3-dev. This affects an unknown function of the file ngap/handler.go of the component NGAP Message Handler. This manipulation causes null p…

Remote | Denial of Service
May 18, 2026 May 18, 2026
May 18, 2026
May 18, 2026
4.3 MEDIUM
CVE-2026-8781 — omec-project amf handler.go RANConfiguration null pointer dereference

A security flaw has been discovered in omec-project amf up to 2.1.3-dev. The impacted element is the function RANConfiguration of the file ngap/handler.go. The manipulation results in null pointer de…

Remote | Memory Corruption
May 18, 2026 May 18, 2026
May 18, 2026
May 18, 2026
4.3 MEDIUM
CVE-2026-8780 — omec-project amf NGAP Message dispatcher.go memory corruption

A vulnerability was identified in omec-project amf up to 2.1.3-dev. The affected element is an unknown function of the file ngap/dispatcher.go of the component NGAP Message Handler. The manipulation …

Remote | Memory Corruption
May 18, 2026 May 18, 2026
May 18, 2026
May 18, 2026
4.3 MEDIUM
CVE-2026-8779 — omec-project amf handler.go NGSetupRequest memory corruption

A vulnerability was determined in omec-project amf up to 2.1.3-dev. Impacted is the function NGSetupRequest of the file ngap/handler.go. Executing a manipulation of the argument InformationElement ca…

Remote | Memory Corruption
May 18, 2026 May 18, 2026
May 18, 2026
May 18, 2026
6.5 MEDIUM
CVE-2026-8777 — Edimax BR-6428NS POST Request formStaDrvSetup command injection

A vulnerability was found in Edimax BR-6428NS 1.10. This issue affects the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component POST Request Handler. Performing a manipulatio…

Remote | Injection
May 18, 2026 May 18, 2026
May 18, 2026
May 18, 2026
9.0 HIGH
CVE-2026-8776 — Edimax BR-6428NS POST Request formPPTPSetup buffer overflow

A vulnerability has been found in Edimax BR-6428NS 1.10. This vulnerability affects the function formPPTPSetup of the file /goform/formPPTPSetup of the component POST Request Handler. Such manipulati…

Remote | Memory Corruption
May 18, 2026 May 18, 2026
May 18, 2026
May 18, 2026
9.0 HIGH
CVE-2026-8775 — Edimax BR-6428NS POST Request formL2TPSetup buffer overflow

A flaw has been found in Edimax BR-6428NS 1.10. This affects the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. This manipulation of the argument L2TP…

Remote | Memory Corruption
May 18, 2026 May 18, 2026
May 18, 2026
May 18, 2026
6.5 MEDIUM
CVE-2026-8774 — Edimax BR-6228NC POST Request mp command injection

A vulnerability was detected in Edimax BR-6228NC 1.22. Affected by this issue is the function mp of the file /goform/mp of the component POST Request Handler. The manipulation of the argument command…

Remote | Injection
May 18, 2026 May 18, 2026
May 18, 2026
May 18, 2026
5.8 MEDIUM
CVE-2026-8773 — linlinjava litemall Database Setting DbUtil.java load argument injection

A security vulnerability has been detected in linlinjava litemall up to 1.8.0. Affected by this vulnerability is the function backup/load of the file litemall-db/src/main/java/org/linlinjava/litemall…

Remote | Injection
May 18, 2026 May 18, 2026
May 18, 2026
May 18, 2026
5.8 MEDIUM
CVE-2026-8772 — linlinjava litemall Admin Endpoint sql injection

A weakness has been identified in linlinjava litemall up to 1.8.0. Affected is an unknown function of the component Admin Endpoint. Executing a manipulation can lead to sql injection. The attack can …

Remote | Injection
May 18, 2026 May 18, 2026
May 18, 2026
May 18, 2026
7.5 HIGH
CVE-2026-8771 — linlinjava litemall Front-end WeChat API WxGoodsController.java list sql injection

A security flaw has been discovered in linlinjava litemall up to 1.8.0. This impacts the function list of the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/web/WxGoodsController.java …

Remote | Injection
May 18, 2026 May 18, 2026
May 18, 2026
May 18, 2026
3.3 LOW
CVE-2026-8770 — continuedev continue JSON-RPC Server lsTool.ts lsTool path traversal

A vulnerability was identified in continuedev continue up to 1.2.22. This affects the function lsTool of the file core/tools/implementations/lsTool.ts of the component JSON-RPC Server. Such manipulat…

| Path Traversal
May 18, 2026 May 18, 2026
May 18, 2026
May 18, 2026
4.3 MEDIUM
CVE-2026-8769 — vercel ai provider-utils response-handler.ts createJsonErrorResponseHandler resource cons…

A vulnerability was determined in vercel ai up to 3.0.97. The impacted element is the function createJsonResponseHandler/createJsonErrorResponseHandler of the file packages/provider-utils/src/respons…

Remote | Denial of Service
May 17, 2026 May 17, 2026
May 17, 2026
May 17, 2026
7.5 HIGH
CVE-2026-8768 — vercel ai provider-utils download-blob.ts validateDownloadUrl server-side request forgery

A vulnerability was found in vercel ai up to 3.0.97. The affected element is the function validateDownloadUrl of the file packages/provider-utils/src/download-blob.ts of the component provider-utils.…

Remote | Server-Side Request Forgery
May 17, 2026 May 17, 2026
May 17, 2026
May 17, 2026
5.0 MEDIUM
CVE-2026-8767 — vercel ai PR Branch Name Interpolation prettier-on-automerge.yml run os command injection

A vulnerability has been found in vercel ai up to 3.0.97. Impacted is the function run of the file .github/workflows/prettier-on-automerge.yml of the component PR Branch Name Interpolation. The manip…

Remote | Injection
May 17, 2026 May 17, 2026
May 17, 2026
May 17, 2026
4.3 MEDIUM
CVE-2026-8766 — Kilo-Org kilocode Environment Variable config.ts load information disclosure

A flaw has been found in Kilo-Org kilocode up to 7.0.47. This issue affects the function Load of the file packages/opencode/src/config/config.ts of the component Environment Variable Handler. Executi…

Remote | Information Disclosure
May 17, 2026 May 17, 2026
May 17, 2026
May 17, 2026
Showing 20 of 6138 Results