Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
0.0 NA
CVE-2026-43284 — xfrm: esp: avoid in-place decrypt on shared skb frags

In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSG_SPLICE_PAGES can attach pages from a pipe directly to an skb. TCP marks…

| Memory Corruption
May 08, 2026 May 08, 2026
May 08, 2026
May 08, 2026
5.1 MEDIUM
CVE-2026-8149 — GCM chunking can lead to bad tag exception on decryption

A vulnerability in Legion of the Bouncy Castle Inc. BC-FJA BC-FIPS on Linux, X86_64, AVX, AVX-512f. This vulnerability is associated with program files gcm128w, gcm512w. This issue affects BC-FJ…

May 08, 2026 May 08, 2026
May 08, 2026
May 08, 2026
8.5 HIGH
CVE-2026-8069 — PredatorSense V3: Local Privilege Escalation (LPE) vulnerability

PredatorSense version 3.00.3136 to 3.00.3196 contain Local Privilege Escalation (LPE) vulnerability.The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. …

| Authorization
May 08, 2026 May 08, 2026
May 08, 2026
May 08, 2026
0.0 NA
CVE-2026-4935 — SureTriggers < 1.1.23 – Unauthenticated SQLi

The OttoKit: All-in-One Automation Platform WordPress plugin before 1.1.23 does not properly sanitize user input before using it in a SQL statement, which could allow unauthenticated attackers to per…

| Injection
May 08, 2026 May 08, 2026
May 08, 2026
May 08, 2026
3.0 LOW
CVE-2026-44916 — OpenStack Ironic Unvalidated Template Injection

In OpenStack Ironic through 35.x, instance_info['ks_template'] is rendered without sandboxing.

Remote | Misconfiguration
May 08, 2026 May 08, 2026
May 08, 2026
May 08, 2026
0.0 NA
CVE-2025-69691 — Netgate pfSense CE PHP Code Execution Vulnerability

Netgate pfSense CE 2.8.0 allows code execution in the XMLRPC API via pfsense.exec_php. NOTE: the Supplier disputes this because the API call is only available to admins and they are intentionally all…

| Authentication
May 08, 2026 May 08, 2026
May 08, 2026
May 08, 2026
0.0 NA
CVE-2025-69690 — Netgate pfSense CE PHP Code Execution Vulnerability

Netgate pfSense CE 2.7.2 allows code execution by using the module installer with a backup file with a serialized PHP object containing the post_reboot_commands property. NOTE: the Supplier disputes …

| Misconfiguration
May 08, 2026 May 08, 2026
May 08, 2026
May 08, 2026
0.0 NA
CVE-2025-69599 — RayVentory Scan Engine Path Environment Variable Privilege Escalation Vulnerability

RayVentory Scan Engine through 12.6 Update 8 allows attackers to gain privileges if they control the value of the PATH environment variable. NOTE: this is disputed because ability of an attacker to c…

| Misconfiguration
May 08, 2026 May 08, 2026
May 08, 2026
May 08, 2026
0.0 NA
CVE-2025-67888 — Softaculous SitePad OS Command Injection Vulnerability

An issue was discovered in Control Web Panel (CWP) before 0.9.8.1209. User input passed via the "key" GET parameter to /admin/index.php (when the "api" parameter is set) is not properly sanitized bef…

| Injection
May 08, 2026 May 08, 2026
May 08, 2026
May 08, 2026
0.0 NA
CVE-2025-67887 — Bitrix Remote Code Execution Vulnerability

1C-Bitrix through 25.100.500 allows Remote Code Execution because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a PHP file and a .htaccess fil…

| Authentication
May 08, 2026 May 08, 2026
May 08, 2026
May 08, 2026
0.0 NA
CVE-2025-67886 — Bitrix24 Remote Code Execution via Unrestricted File Upload

Bitrix24 through 25.100.300 allows Remote Code Execution because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a PHP file and a .htaccess file…

| Misconfiguration
May 08, 2026 May 08, 2026
May 08, 2026
May 08, 2026
0.0 NA
CVE-2025-55449 — AstrBotDevs AstrBot Critical JWT Private Key Hardcoding Vulnerability

AstrBotDevs AstrBot 3.5.15 has Advanced_System_for_Text_Response_and_Bot_Operations_Tool as the hardcoded private key used to sign a JWT.

| Cryptography
May 08, 2026 May 08, 2026
May 08, 2026
May 08, 2026
0.0 NA
CVE-2023-46453 — GL.iNet SQL Injection Regular Expression Authentication Bypass

Certain GL.iNet devices with 4.x firmware allow authentication bypass (resulting in administrative control of the device) via a username that is both a valid SQL statement and a valid regular express…

| Authentication
May 08, 2026 May 08, 2026
May 08, 2026
May 08, 2026
2.9 LOW
CVE-2026-44928 — "Apache uriparser Uri Equality Validation Bypass Vulnerability"

In uriparser before 1.0.2, the function family EqualsUri can misclassify two unequal URIs as equal.

| Misconfiguration
May 08, 2026 May 08, 2026
May 08, 2026
May 08, 2026
2.9 LOW
CVE-2026-44927 — "Uriparser Integer Pointer Truncation Vulnerability"

In uriparser before 1.0.2, there is pointer difference truncation to int in various places.

| Memory Corruption
May 08, 2026 May 08, 2026
May 08, 2026
May 08, 2026
0.0 NA
CVE-2024-53326 — LINQPad Deserialization Remote Code Execution

LINQPad before 5.52.01 Pro edition is vulnerable to Unsafe Deserialization in LINQPad.AutoRefManager::PopulateFromCache(), leading to code execution.

| Misconfiguration
May 08, 2026 May 08, 2026
May 08, 2026
May 08, 2026
0.0 NA
CVE-2024-51092 — LibreNMS OS Command Injection Vulnerability

LibreNMS before 24.10.0 allows a remote attacker to execute arbitrary code via OS command injection involving AboutController.php's index(), SettingsController.php's update(), and PollDevice.php's in…

librenms | Injection
May 08, 2026 May 08, 2026
May 08, 2026
May 08, 2026
0.0 NA
CVE-2024-46508 — Yeti-Platform JWT Token Forgery Vulnerability

yeti-platform yeti before 2.1.12 allows attackers to generate valid JWT tokens is the secret is not changed (by setting YETI_AUTH_SECRET_KEY to a value other than SECRET).

| Authentication
May 08, 2026 May 08, 2026
May 08, 2026
May 08, 2026
0.0 NA
CVE-2024-46507 — Yeti-Platform SSTI Code Execution

A SSTI (server side template injection) vulnerability in the custom template export function in yeti-platform yeti before 2.1.12 allows attackers to execute code on the application server.

| Injection
May 08, 2026 May 08, 2026
May 08, 2026
May 08, 2026
0.0 NA
CVE-2024-45257 — BYOB Command Injection Vulnerability

A Command Injection issue in the payload build page in BYOB (Build Your Own Botnet) 2.0 allows attackers to execute arbitrary commands on the server via a crafted build parameter. This occurs in free…

| Injection
May 08, 2026 May 08, 2026
May 08, 2026
May 08, 2026
Showing 20 of 5879 Results