Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
9.3 CRITICAL
CVE-2026-8980 — Privilege Escalation

The Mennekes Amtron series (firmware versions ≤ 5.22.3) is vulnerable to privilege escalation. An authenticated low-privileged user can change the passwords of the admin (operator) and manufacturer a…

Remote | Authorization
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
9.3 CRITICAL
CVE-2026-8979 — Authentication Bypass

The Mennekes Amtron series (firmware versions ≤ 5.22.3) is vulnerable to an authentication bypass. An unauthenticated remote attacker can change the password of the user account via a crafted POST re…

Remote | Authentication
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
8.4 HIGH
CVE-2026-49238 — SFTP Server VM Escape in Canonical Multipass

An issue was discovered in Canonical Multipass before version 1.16.3. The host-side SFTP server component (sshfs_server), which executes with root privileges on the host, contains a path containment …

| Path Traversal
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
7.8 HIGH
CVE-2026-49237 — Local Privilege Escalation in Canonical Multipass

An issue was discovered in Canonical Multipass for macOS before version 1.16.3 due to an incomplete fix for CVE-2025-5199. While the patch in version 1.16.0 updated the ownership of the multipassd da…

| Misconfiguration
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
5.1 MEDIUM
CVE-2026-42250 — Off-by-One Leading to Out-of-Bounds Write in bzip2

bzip2 contains an off‑by‑one error in the bzip2recover utility. When processing a specially crafted file, the application performs an out‑of‑bounds write to a global buffer, resulting in memory corru…

| Memory Corruption
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
0.0 NA
CVE-2026-37579 — SMSGate sms-core Remote Code Execution

An issue in SMSGate sms-core<=2.1.13.6 allows a remote attacker to execute arbitrary code via the Cmpp7FDeliverRequestMessageCodec.java component

| Memory Corruption
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
8.0 HIGH
CVE-2026-37266 — Apache Struts Remote Code Execution

An issue in Responsive File Manager Responsive FileManager Version 9.14.0 allows a remote attacker to execute arbitrary code via the force_download.php component

Remote | Injection
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
0.0 NA
CVE-2026-9658 — Plack::Middleware::Security::Common versions before 0.13.1 for Perl did not block header …

Plack::Middleware::Security::Common versions before 0.13.1 for Perl did not block header injections in request paths. The header injection rule was ineffective at blocking header injections in the r…

| Injection
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
0.0 NA
CVE-2026-40914 — Apache Artemis Stomp Protocol, Apache ActiveMQ Artemis Stomp Protocol: Address routing-ty…

A vulnerability exists in Apache Artemis whereby an application using the STOMP protocol with security credentials that grant either the consume or send permission on an address can augment the routi…

| Authorization
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
6.2 MEDIUM
CVE-2026-9813 — FlowIntel external reference URL probe allows server-side request forgery

FlowIntel up to version 3.3.0 contains a server-side request forgery (SSRF) vulnerability in the external reference URL probe functionality in app/case/task.py. An attacker who can submit an external…

Remote | Server-Side Request Forgery
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
6.0 MEDIUM
CVE-2026-4377 — Use of Weak Credentials in D-Link DWR-X1820 router

Dlink DWR-X1820 router uses weak default password generated from its IMEI number and does not require users to change it. An attacker who knows how passwords are generated can easily crack the defaul…

| Authentication
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
8.7 HIGH
CVE-2026-47074 — ex_aws_sns SigningCertURL not validated in verify_message/1

Improper Certificate Validation vulnerability in ex-aws ex_aws_sns (ExAws.SNS, ExAws.SNS.PublicKeyCache modules) allows Signature Spoofing by Improper Validation. This vulnerability is associated wi…

Remote | Authentication
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
0.0 NA
CVE-2026-46241 — spi: mpc52xx: fix use-after-free on registration failure

In the Linux kernel, the following vulnerability has been resolved: spi: mpc52xx: fix use-after-free on registration failure Make sure to disable and free the interrupts in case controller registra…

| Memory Corruption
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
0.0 NA
CVE-2026-46240 — media: iris: Fix use-after-free in iris_release_internal_buffers()

In the Linux kernel, the following vulnerability has been resolved: media: iris: Fix use-after-free in iris_release_internal_buffers() The recent change in commit 1dabf00ee206 ("media: iris: gen1: …

| Memory Corruption
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
0.0 NA
CVE-2026-46239 — media: i2c: ov5647: Fix runtime PM refcount leak in s_ctrl

In the Linux kernel, the following vulnerability has been resolved: media: i2c: ov5647: Fix runtime PM refcount leak in s_ctrl Three control cases (AUTOGAIN, EXPOSURE_AUTO, ANALOGUE_GAIN) directly …

| Misconfiguration
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
0.0 NA
CVE-2026-46238 — batman-adv: stop caching unowned originator pointers in BAT IV

In the Linux kernel, the following vulnerability has been resolved: batman-adv: stop caching unowned originator pointers in BAT IV BAT IV keeps the last-hop neighbor address in each neigh_node, but…

| Memory Corruption
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
0.0 NA
CVE-2026-46237 — drm/amdgpu/vcn3: Avoid overflow on msg bound check

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/vcn3: Avoid overflow on msg bound check As pointed out by SDL, the previous condition may be vulnerable to overflow. …

| Memory Corruption
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
0.0 NA
CVE-2026-46236 — media: rc: xbox_remote: heed DMA restrictions

In the Linux kernel, the following vulnerability has been resolved: media: rc: xbox_remote: heed DMA restrictions The buffer for IO must not be part of the device structure because that violates th…

| Misconfiguration
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
0.0 NA
CVE-2026-46235 — media: saa7164: add ioremap return checks and cleanups

In the Linux kernel, the following vulnerability has been resolved: media: saa7164: add ioremap return checks and cleanups Add checks for ioremap return values in saa7164_dev_setup(). If ioremap fo…

| Memory Corruption
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
0.0 NA
CVE-2026-46234 — vsock: fix buffer size clamping order

In the Linux kernel, the following vulnerability has been resolved: vsock: fix buffer size clamping order In vsock_update_buffer_size(), the buffer size was being clamped to the maximum first, and …

| Misconfiguration
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
Showing 20 of 6754 Results