Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
0.0 NA
CVE-2026-46333 — ptrace: slightly saner 'get_dumpable()' logic

In the Linux kernel, the following vulnerability has been resolved: ptrace: slightly saner 'get_dumpable()' logic The 'dumpability' of a task is fundamentally about the memory image of the task - t…

| Authorization
May 15, 2026 May 15, 2026
May 15, 2026
May 15, 2026
0.0 NA
CVE-2026-8669 — Imager versions through 1.030 for Perl allow a heap out of bounds (OOB) write on crafted …

Imager versions through 1.030 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files. Imager::File::GIF's i_readgif_multi_low allocates a single per-row buffer GifRow sized…

| Memory Corruption
May 15, 2026 May 15, 2026
May 15, 2026
May 15, 2026
9.2 CRITICAL
CVE-2026-7182 — Path Traversal in Diagram

Diagram's export module is vulnerable to Path Traversal in src attribute due to lack of HTML sanitization. An unauthenticated user could craft the html payload which could include local files from t…

Remote | Path Traversal
May 15, 2026 May 15, 2026
May 15, 2026
May 15, 2026
10.0 CRITICAL
CVE-2026-41553 — Remote Code Execution in PDF Export Module

PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Remote Code Execution due to lack of "data" parameter sanitization. An unauthenticated attacker can inject the malicio…

Remote | Injection
May 15, 2026 May 15, 2026
May 15, 2026
May 15, 2026
9.2 CRITICAL
CVE-2026-41552 — Path Traversal in PDF Export Module

PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Path Traversal due to lack of HTML sanitization. An unauthenticated user could craft the html payload which could incl…

Remote | Path Traversal
May 15, 2026 May 15, 2026
May 15, 2026
May 15, 2026
0.0 NA
CVE-2026-8503 — Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session…

Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids. Apache::Session::Generate::SHA256 generated session ids insecurely. The default session id generator re…

| Cryptography
May 15, 2026 May 15, 2026
May 15, 2026
May 15, 2026
0.0 NA
CVE-2026-8454 — Imager::File::GIF versions through 1.002 for Perl allow a heap out of bounds (OOB) write …

Imager::File::GIF versions through 1.002 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files. Imager::File::GIF's i_readgif_multi_low allocates a single per-row buffer G…

| Memory Corruption
May 15, 2026 May 15, 2026
May 15, 2026
May 15, 2026
5.5 MEDIUM
CVE-2026-41971 — "Apache Security Control Module Permission Bypass"

Permission control vulnerability in the security control module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

| Authorization
May 15, 2026 May 15, 2026
May 15, 2026
May 15, 2026
6.8 MEDIUM
CVE-2026-41970 — Apache Distributed File System Out-of-Bounds Write Vulnerability

Out-of-bounds write vulnerability in the distributed file system module. Impact: Successful exploitation of this vulnerability may affect availability.

| Memory Corruption
May 15, 2026 May 15, 2026
May 15, 2026
May 15, 2026
6.2 MEDIUM
CVE-2026-41969 — Apache Airflow Permission Escalation

Permission control vulnerability in the projection module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

| Authorization
May 15, 2026 May 15, 2026
May 15, 2026
May 15, 2026
5.9 MEDIUM
CVE-2026-41968 — "Qualtrics Design Module Unauthenticated Remote Access Vulnerability"

Permission control vulnerability in the manufacturability design module. Impact: Successful exploitation of this vulnerability may affect availability.

| Authorization
May 15, 2026 May 15, 2026
May 15, 2026
May 15, 2026
5.9 MEDIUM
CVE-2026-41967 — "Adobe Manufacturability Design Module Permissions Vulnerability"

Permission control vulnerability in the manufacturability design module. Impact: Successful exploitation of this vulnerability may affect availability.

| Authorization
May 15, 2026 May 15, 2026
May 15, 2026
May 15, 2026
5.6 MEDIUM
CVE-2026-41966 — "Microsoft Smart Sensing Service Authorization Bypass"

Permission control vulnerability in the smart sensing service. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Remote | Authorization
May 15, 2026 May 15, 2026
May 15, 2026
May 15, 2026
5.6 MEDIUM
CVE-2026-41965 — Apache Web Server Use-After-Free (UAF) Buffer Overflow

Use-After-Free (UAF) vulnerability in the web. Impact: Successful exploitation of this vulnerability may affect availability.

Remote | Memory Corruption
May 15, 2026 May 15, 2026
May 15, 2026
May 15, 2026
8.4 HIGH
CVE-2026-41964 — Apache Web Server Authentication Bypass

Permission control vulnerability in the web. Impact: Successful exploitation of this vulnerability may affect availability.

| Authorization
May 15, 2026 May 15, 2026
May 15, 2026
May 15, 2026
2.8 LOW
CVE-2026-41963 — Media Platform Stack Overflow Vulnerability

Stack overflow vulnerability in the media platform. Impact: Successful exploitation of this vulnerability may affect availability.

| Memory Corruption
May 15, 2026 May 15, 2026
May 15, 2026
May 15, 2026
3.6 LOW
CVE-2026-41962 — Apache App Misconfigured Permission Control Vulnerability

Permission control vulnerability in the app management and control module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

| Authorization
May 15, 2026 May 15, 2026
May 15, 2026
May 15, 2026
5.9 MEDIUM
CVE-2026-41961 — Google Contacts Permission Control Vulnerability

Permission control vulnerability in contacts. Impact: Successful exploitation of this vulnerability may affect availability.

| Authorization
May 15, 2026 May 15, 2026
May 15, 2026
May 15, 2026
5.8 MEDIUM
CVE-2026-41960 — Apache Kafka Kerberos Authentication Bypass

Permission control vulnerability in calls. Impact: Successful exploitation of this vulnerability may affect availability.

Remote | Authorization
May 15, 2026 May 15, 2026
May 15, 2026
May 15, 2026
4.3 MEDIUM
CVE-2026-8425 — Notify Odoo <= 1.0.1 - Cross-Site Request Forgery to Settings Update

The Notify Odoo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the _updateSettin…

Remote | Cross-Site Request Forgery
May 15, 2026 May 15, 2026
May 15, 2026
May 15, 2026
Showing 20 of 6324 Results