Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
7.1 HIGH
CVE-2026-42280 — Improper Permission Checking in Auth.js SDK

Auth0.js is a client-side JavaScript library for Auth0. From 8.11.0 to 9.32.0, under specific preconditions, the Auth0.js SDK may improperly return user profile information using a valid access token…

Remote | Authentication
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
6.1 MEDIUM
CVE-2026-42184 — Tauri: Origin Confusion Allows Remote Pages to Invoke Local-Only IPC Commands

Tauri is a framework for building binaries for all major desktop platforms. From 2.0 to 2.11.0, a flaw in Tauri's is_local_url() function causes it to incorrectly classify remote URLs as trusted loca…

Remote | Path Traversal
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
0.0 NA
CVE-2026-37713 — Dolibarr ERP/CRM Remote Code Execution

An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote attacker to execute arbitrary code via the htdocs/core/class/commonobject.class.php.

| Injection
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
0.0 NA
CVE-2026-37712 — Dolibarr ERP/CRM Remote Code Execution Vulnerability

An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote attacker to execute arbitrary code via the htdocs/cron/class/cronjob.class.php, call_user_func_array() in fun…

| Injection
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
0.0 NA
CVE-2026-37711 — Dolibarr ERP/CRM Remote Code Execution

An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote attacker to execute arbitrary code via the htdocs/core/actions_addupdatedelete.inc.php

| Injection
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
0.0 NA
CVE-2026-31266 — Craft CMS Missing Authorization Vulnerability

Craft CMS 5.9.5 and earlier contains a Missing Authorization vulnerability in the migrate endpoint (/actions/app/migrate).

| Authorization
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
0.0 NA
CVE-2026-30498 — Jason2605 AdminPanel CSRF Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the delete.php endpoint of Jason2605 AdminPanel 4.0.

| Cross-Site Request Forgery
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
0.0 NA
CVE-2026-1248 — IBM Business Automation Workflow information leak

IBM Business Automation Workflow containers and traditional may leak information about its database structure in error messages.

| Information Disclosure
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
0.0 NA
CVE-2025-70103 — Libjxl Heap Buffer Overflow Vulnerability

Heap buffer overflow vulnerability in libjxl 0.12.0 via crafted PBM images to the jxl::extras::DecodeImagePNM function in file lib/extras/dec/pnm.cc.

| Memory Corruption
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
6.8 MEDIUM
CVE-2026-9704 — Keycloak: keycloak: privilege escalation due to oversized subject_token jwt

A flaw was found in Keycloak. An authenticated user with low privileges can exploit this vulnerability by sending an oversized subject_token JSON Web Token (JWT) to the TokenEndpoint. When the token …

Remote | Authentication
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
6.8 MEDIUM
CVE-2026-9617 — PostgreSQL Anonymizer: malicious column name allows SQL injection via anon.k_anonymity() …

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a table and placing malicious code inside a column identifier. If a superuser calls the k-an…

Remote | Authentication
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
6.5 MEDIUM
CVE-2026-9035 — Multiple vulnerabilities in Aspera applications.

IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affecte…

Remote | Path Traversal
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
6.5 MEDIUM
CVE-2026-8405 — IBM Guardium Data Protection is affected by Exposure of Sensitive Information vulnerabili…

IBM Guardium Data Protection 12.2.1, and 12.2.2 's add-on feature of Guardium Data Protection named "Long Term Retention" (LTR) can expose sensitive credentials in debug mode.

Remote | Information Disclosure
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
7.5 HIGH
CVE-2026-8180 — Multiple vulnerabilities in Aspera applications.

IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affecte…

Remote | Denial of Service
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
8.8 HIGH
CVE-2026-8179 — Multiple vulnerabilities in Aspera applications.

IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affecte…

Remote | Memory Corruption
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
9.8 CRITICAL
CVE-2026-8175 — Multiple vulnerabilities in Aspera applications.

IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affecte…

Remote | Denial of Service
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
0.0 NA
CVE-2026-7876 — Authentication bypass vulnerability found in Aspera High-Speed Transfer Server for Cloud …

IBM Aspera HSTS for CP4I 1.5.1 through 1.5.19

| Misconfiguration
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
7.1 HIGH
CVE-2026-7528 — Unauthenticated File Upload Vulnerability Allows Disk Space Exhaustion and Path Disclosur…

IBM Langflow OSS 1.0.0 through 1.9.0 could allow a denial of service due to uncontrolled resource consumption.

Remote | Denial of Service
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
9.8 CRITICAL
CVE-2026-7524 — Path Traversal Vulnerability in File Processing Components Allows Unauthorized File Syste…

IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to improper validation of symbolic links during archive extraction.

Remote | Path Traversal
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
8.4 HIGH
CVE-2026-7365 — IBM Operations Analytics - Log Analysis is affected by Information disclosure due to defa…

IBM Operations Analytics - Log Analysis  and IBM SmartCloud Analytics - Log Analysis uses default passwords default passwords from the manufacturing process for use during the installation process, w…

| Authentication
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
Showing 20 of 6532 Results