Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
6.7 MEDIUM
CVE-2026-4878 — Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()

A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to…

| Race Condition
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
5.3 MEDIUM
CVE-2026-39941 — ChurchCRM has an XSS vulnerability

ChurchCRM is an open-source church management system. Prior to 7.1.0, an XSS vulnerability allows attacker-supplied input sent via a the EName and EDesc parameters in EditEventAttendees.php to be ren…

Remote | Cross-Site Scripting
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
7.8 HIGH
CVE-2026-39853 — osslsigncode has a Stack Buffer Overflow via Unbounded Digest Copy During Signature Verif…

osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.12, A stack buffer overflow vulnerability exists in osslsigncode in several signature verification paths. Duri…

| Memory Corruption
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
7.7 HIGH
CVE-2026-39843 — Plane has a Server-Side Request Forgery (SSRF) in Favicon Fetching

Plane is an an open-source project management tool. From 0.28.0 to before 1.3.0, the remediation of GHSA-jcc6-f9v6-f7jw is incomplete which could lead to the same full read Server-Side Request Forger…

Remote | Server-Side Request Forgery
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
8.4 HIGH
CVE-2026-35205 — Helm's plugin verification fails open when .prov is missing, allowing unsigned plugin ins…

Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, Helm will install plugins missing provenance (.prov file) when signature verification is required. This vulnerability is fixe…

| Misconfiguration
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
8.4 HIGH
CVE-2026-35204 — Helm has a path traversal in plugin metadata version enables arbitrary file write outside…

Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, a specially crafted Helm plugin, when installed or updated, will cause Helm to write the contents of the plugin to an arbitra…

| Path Traversal
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
4.2 MEDIUM
CVE-2026-35041 — ReDoS in fast-jwt when using RegExp in allowed* leading to CPU exhaustion during token ve…

fast-jwt provides fast JSON Web Token (JWT) implementation. From 5.0.0 to 6.2.0, a denial-of-service condition exists in fast-jwt when the allowedAud verification option is configured using a regular…

Remote | Denial of Service
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
5.3 MEDIUM
CVE-2026-35040 — fast-jwt: Stateful RegExp (/g or /y) causes non-deterministic allowed-claim validation (l…

fast-jwt provides fast JSON Web Token (JWT) implementation. Prior to 6.2.1, using certain modifiers on RegExp objects in the allowedAud, allowedIss, allowedSub, allowedJti, or allowedNonce options in…

Remote | Authentication
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
0.0 NA
CVE-2026-34020 — Apache OpenMeetings: Login Credentials Passed via GET Query Parameters

Use of GET Request Method With Sensitive Query Strings vulnerability in Apache OpenMeetings. The REST login endpoint uses HTTP GET method with username and password passed as query parameters. Pleas…

| Authentication
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
0.0 NA
CVE-2026-33266 — Apache OpenMeetings: Hardcoded Remember-Me Cookie Encryption Key and Salt

Use of Hard-coded Cryptographic Key vulnerability in Apache OpenMeetings. The remember-me cookie encryption key is set to default value in openmeetings.properties and not being auto-rotated. In case…

| Cryptography
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
0.0 NA
CVE-2026-33005 — Apache OpenMeetings: Insufficient checks in FileWebService

Improper Handling of Insufficient Privileges vulnerability in Apache OpenMeetings. Any registered user can query web service with their credentials and get files/sub-folders of any folder by ID (met…

| Authorization
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
0.0 NA
CVE-2025-70365 — Kiamo Stored XSS

A stored cross-site scripting (XSS) vulnerability exists in Kiamo before 8.4 due to improper output encoding of user-supplied input in administrative interfaces. An authenticated administrative user …

| Cross-Site Scripting
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
0.0 NA
CVE-2025-70364 — Kiamo PHP Code Execution Vulnerability

An issue was discovered in Kiamo before 8.4 allowing authenticated administrative attackers to execute arbitrary PHP code on the server.

| Injection
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
2.7 LOW
CVE-2025-15480 — Senstive information disclosure was affecting ubuntu-desktop-provision

In Ubuntu, ubuntu-desktop-provision version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, ubuntu-desk…

Remote | Information Disclosure
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
2.7 LOW
CVE-2025-14551 — Senstive information disclosure was affecting subiquity

In Ubuntu, Subiquity version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, Subiquity could include ce…

Remote | Information Disclosure
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
7.5 HIGH
CVE-2026-5959 — GL.iNet GL-RM1/GL-RM10/GL-RM10RC/GL-RM1PE Factory Reset improper authentication

A security flaw has been discovered in GL.iNet GL-RM1, GL-RM10, GL-RM10RC and GL-RM1PE 1.8.1. Affected by this issue is some unknown functionality of the component Factory Reset Handler. Performing a…

Remote | Authentication
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
0.0 NA
CVE-2026-5445 — Out-of-Bounds Read in DicomImageDecoder (DecodeLookupTable)

An out-of-bounds read vulnerability exists in the `DecodeLookupTable` function within `DicomImageDecoder.cpp`. The lookup-table decoding logic used for `PALETTE COLOR` images does not validate pixel …

| Memory Corruption
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
0.0 NA
CVE-2026-5444 — Heap Buffer Overflow in PAM Image Buffer Allocation

A heap buffer overflow vulnerability exists in the PAM image parsing logic. When Orthanc processes a crafted PAM image embedded in a DICOM file, image dimensions are multiplied using 32-bit unsigned …

| Memory Corruption
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
0.0 NA
CVE-2026-5443 — Heap Buffer Overflow in DICOM Image Decoder (Palette Color Decode)

A heap buffer overflow vulnerability exists during the decoding of `PALETTE COLOR` DICOM images. Pixel length validation uses 32-bit multiplication for width and height calculations. If these values …

| Memory Corruption
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
0.0 NA
CVE-2026-5442 — Heap Buffer Overflow in DICOM Image Decoder via VR UL Dimensions

A heap buffer overflow vulnerability exists in the DICOM image decoder. Dimension fields are encoded using Value Representation (VR) Unsigned Long (UL), instead of the expected VR Unsigned Short (US)…

| Memory Corruption
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
Showing 20 of 6458 Results