Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
0.0 NA
CVE-2026-47372 — Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts

Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography.

| Cryptography
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
6.5 MEDIUM
CVE-2026-40102 — Plane: ORM Field Reference Injection via `segment` Parameter in Saved Analytics

Plane is an open-source project management tool. In versions 1.3.0 and below, SavedAnalyticEndpoint passes the user-controlled segment query parameter directly to a Django F() expression without vali…

Remote | Injection
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
4.3 MEDIUM
CVE-2026-40094 — nimiq-blockchain: network-libp2p untrusted peer can crash address book via empty peer con…

nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In versions 1.3.0 and prior, network-libp2p discovery accepts signed PeerContact updates from untrusted peers and s…

Remote | Denial of Service
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
7.5 HIGH
CVE-2026-40092 — nimiq-keys: Unchecked Ed25519 signature length in TaggedPublicKey::verify causes remote n…

nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In versions 1.3.0 and below, a malicious network peer can crash any Nimiq full node by publishing a crafted Kademli…

Remote | Denial of Service
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
5.4 MEDIUM
CVE-2026-39960 — MantisBT is Vulnerable to Stored XSS through Custom Field Textarea Values

Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and below contain flawed logic that causes improper escaping of a textarea custom field's contents in the Update Issue p…

Remote | Cross-Site Scripting
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
8.5 HIGH
CVE-2026-8632 — HP Linux Imaging and Printing Software – Potential Escalation of Privilege and Arbitrary …

A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or arbitrary code execution v…

| Injection
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
9.3 CRITICAL
CVE-2026-8631 — HP Linux Imaging and Printing Software – Potential Escalation of Privilege and Arbitrary …

A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or arbitrary code execution v…

Remote | Memory Corruption
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
0.0 NA
CVE-2026-47373 — Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks

Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying has…

| Cryptography
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
8.4 HIGH
CVE-2026-9144 — Taiko AG1000-01A Rev 7.3/8 Stored XSS via Web Configuration Interface

Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a stored cross-site scripting vulnerability in the embedded web configuration interface that allows authenticated attackers to execute pe…

Remote | Cross-Site Scripting
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
9.8 CRITICAL
CVE-2026-9141 — Taiko AG1000-01A Rev 7.3/8 Authentication Bypass via Web Interface

Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains an authentication bypass vulnerability in the embedded web configuration interface that allows unauthenticated attackers to access intern…

Remote | Authentication
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
9.8 CRITICAL
CVE-2026-9139 — Taiko AG1000-01A Rev 7.3/8 Hard-coded Credentials via login.zhtml

Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded credential vulnerability in the embedded web configuration interface where authentication is implemented entirely in client-…

Remote | Authentication
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
5.1 MEDIUM
CVE-2026-9137 — CSP Report Endpoint Log Flooding via Incorrect Size Limit

The CSP report endpoint intended to limit logged CSP reports to 1 KB but incorrectly allowed reports up to 1 MB before truncation. On deployments where the endpoint is reachable by untrusted clients,…

Remote | Denial of Service
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
8.3 HIGH
CVE-2026-9136 — Unauthorized ShadowAttribute modification in MISP via client-supplied identifier

A vulnerability was identified in the ShadowAttribute proposal creation workflow. The add action accepted user-controlled ShadowAttribute request data without removing the id field before saving the …

Remote | Authorization
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
8.3 HIGH
CVE-2026-9133 — Arbitrary file read in rabbitmq-aws plugin

Active debug code exists in the ARN resolver of amazon-mq rabbitmq-aws before version 0.2.1. A debug ARN scheme (arn:aws-debug:file) accepted by the PUT /api/aws/arn/validate validation endpoint migh…

Remote | Information Disclosure
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
9.4 CRITICAL
CVE-2026-9129 — Path Traversal in Altium Enterprise Server Viewer StorageController Allows Arbitrary File…

A path traversal vulnerability exists in the Altium Enterprise Server Viewer StorageController due to improper handling of file path route parameters. On on-premise deployments that use local filesys…

Remote | Path Traversal
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
8.8 HIGH
CVE-2026-9126 — Google Chrome Use After Free in DOM Medium Severity Vulnerability

Use after free in DOM in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

Remote | Memory Corruption
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
5.3 MEDIUM
CVE-2026-9124 — Google Chrome Cross-Origin Data Leaking Vulnerability

Insufficient validation of untrusted input in Input in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a craf…

Remote | Information Disclosure
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
7.5 HIGH
CVE-2026-9123 — "Chromecast Heap Buffer Overflow Vulnerability"

Heap buffer overflow in Chromecast in Google Chrome on Android, Linux, ChromeOS prior to 148.0.7778.179 allowed a local attacker to execute arbitrary code inside a sandbox via malicious network traff…

| Memory Corruption
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
6.5 MEDIUM
CVE-2026-9122 — Google Chrome GPU Out-of-Bounds Read Vulnerability

Out of bounds read in GPU in Google Chrome on Mac prior to 148.0.7778.179 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium …

Remote | Information Disclosure
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
8.8 HIGH
CVE-2026-9121 — Google Chrome GPU Out-of-Bounds Read Heap Corruption

Out of bounds read in GPU in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Remote | Memory Corruption
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
Showing 20 of 6433 Results