Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.9 MEDIUM
CVE-2026-6588 — serge-chat serge Model API Endpoint model.py delete_model missing authentication

A weakness has been identified in serge-chat serge up to 1.4TB. The impacted element is the function download_model/delete_model of the file api/src/serge/routers/model.py of the component Model API …

Remote | Authentication
Apr 20, 2026 Apr 20, 2026
Apr 20, 2026
Apr 20, 2026
6.5 MEDIUM
CVE-2026-6587 — vibrantlabsai RAGAS Collections util.py _try_process_url server-side request forgery

A security flaw has been discovered in vibrantlabsai RAGAS up to 0.4.3. The affected element is the function _try_process_local_file/_try_process_url of the file src/ragas/metrics/collections/multi_m…

Remote | Server-Side Request Forgery
Apr 20, 2026 Apr 20, 2026
Apr 20, 2026
Apr 20, 2026
6.5 MEDIUM
CVE-2026-6586 — TransformerOptimus SuperAGI Budget Endpoint budget.py update_budget authorization

A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Impacted is the function get_budget/update_budget of the file superagi/controllers/budget.py of the component Budget Endpoi…

Remote | Authorization
Apr 20, 2026 Apr 20, 2026
Apr 20, 2026
Apr 20, 2026
5.5 MEDIUM
CVE-2026-6585 — TransformerOptimus SuperAGI Organisation Update Endpoint organisation.py update_organisat…

A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This issue affects the function update_organisation of the file superagi/controllers/organisation.py of the component Organ…

Remote | Authorization
Apr 20, 2026 Apr 20, 2026
Apr 20, 2026
Apr 20, 2026
5.5 MEDIUM
CVE-2026-6584 — TransformerOptimus SuperAGI User Update Endpoint user.py update_user authorization

A vulnerability was found in TransformerOptimus SuperAGI up to 0.0.14. This vulnerability affects the function update_user of the file superagi/controllers/user.py of the component User Update Endpoi…

Remote | Authorization
Apr 20, 2026 Apr 20, 2026
Apr 20, 2026
Apr 20, 2026
5.5 MEDIUM
CVE-2026-6583 — TransformerOptimus SuperAGI API Key Management Endpoint api_key.py edit_api_key authoriza…

A vulnerability has been found in TransformerOptimus SuperAGI up to 0.0.14. This affects the function delete_api_key/edit_api_key of the file superagi/controllers/api_key.py of the component API Key …

Remote | Authorization
Apr 19, 2026 Apr 19, 2026
Apr 19, 2026
Apr 19, 2026
7.5 HIGH
CVE-2026-6582 — TransformerOptimus SuperAGI Vector Database Management Endpoint vector_dbs.py get_vector_…

A flaw has been found in TransformerOptimus SuperAGI up to 0.0.14. Affected by this issue is the function get_vector_db_details of the file superagi/controllers/vector_dbs.py of the component Vector …

Remote | Authentication
Apr 19, 2026 Apr 19, 2026
Apr 19, 2026
Apr 19, 2026
9.0 HIGH
CVE-2026-6581 — H3C Magic B1 aspForm SetMobileAPInfoById buffer overflow

A vulnerability was detected in H3C Magic B1 up to 100R004. Affected by this vulnerability is the function SetMobileAPInfoById of the file /goform/aspForm. Performing a manipulation of the argument p…

Remote | Memory Corruption
Apr 19, 2026 Apr 19, 2026
Apr 19, 2026
Apr 19, 2026
7.5 HIGH
CVE-2026-6580 — liangliangyy DjangoBlog Amap API Call views.py hard-coded key

A security vulnerability has been detected in liangliangyy DjangoBlog up to 2.1.0.0. Affected is an unknown function of the file owntracks/views.py of the component Amap API Call Handler. Such manipu…

Remote | Cryptography
Apr 19, 2026 Apr 19, 2026
Apr 19, 2026
Apr 19, 2026
6.9 MEDIUM
CVE-2026-6579 — liangliangyy DjangoBlog Clean Endpoint views.py missing authentication

A weakness has been identified in liangliangyy DjangoBlog up to 2.1.0.0. This impacts an unknown function of the file blog/views.py of the component Clean Endpoint. This manipulation causes missing a…

Remote | Authentication
Apr 19, 2026 Apr 19, 2026
Apr 19, 2026
Apr 19, 2026
6.3 MEDIUM
CVE-2026-6578 — liangliangyy DjangoBlog Setting settings.py hard-coded credentials

A security flaw has been discovered in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknown function of the file djangoblog/settings.py of the component Setting Handler. The manipulation of…

Remote | Misconfiguration
Apr 19, 2026 Apr 19, 2026
Apr 19, 2026
Apr 19, 2026
7.5 HIGH
CVE-2026-6577 — liangliangyy DjangoBlog logtracks Endpoint views.py missing authentication

A vulnerability was identified in liangliangyy DjangoBlog up to 2.1.0.0. The impacted element is an unknown function of the file owntracks/views.py of the component logtracks Endpoint. The manipulati…

Remote | Authentication
Apr 19, 2026 Apr 19, 2026
Apr 19, 2026
Apr 19, 2026
6.5 MEDIUM
CVE-2026-6576 — liangliangyy DjangoBlog WeChat Bot commonapi.py CommandHandler command injection

A vulnerability was determined in liangliangyy DjangoBlog up to 2.1.0.0. The affected element is the function CommandHandler of the file servermanager/api/commonapi.py of the component WeChat Bot Int…

Remote | Injection
Apr 19, 2026 Apr 19, 2026
Apr 19, 2026
Apr 19, 2026
7.5 HIGH
CVE-2026-6574 — osuuu LightPicture API Upload Endpoint lp.sql hard-coded credentials

A vulnerability has been found in osuuu LightPicture up to 1.2.2. This issue affects some unknown processing of the file /public/install/lp.sql of the component API Upload Endpoint. Such manipulation…

lightpicture | Remote | Authentication
Apr 19, 2026 Apr 19, 2026
Apr 19, 2026
Apr 19, 2026
6.5 MEDIUM
CVE-2026-6573 — PHPEMS Instant Exam Creation exams.master.php temppage server-side request forgery

A vulnerability was detected in PHPEMS 11.0. This affects the function temppage of the file /app/exam/controller/exams.master.php of the component Instant Exam Creation Handler. The manipulation of t…

phpems | Remote | Server-Side Request Forgery
Apr 19, 2026 Apr 19, 2026
Apr 19, 2026
Apr 19, 2026
6.3 MEDIUM
CVE-2026-6572 — Collabora KodExplorer fileUpload Endpoint share.class.php improper authorization

A security vulnerability has been detected in Collabora KodExplorer up to 4.52. Affected by this issue is some unknown functionality of the file /app/controller/share.class.php of the component fileU…

Remote | Authorization
Apr 19, 2026 Apr 19, 2026
Apr 19, 2026
Apr 19, 2026
6.5 MEDIUM
CVE-2026-6571 — kodcloud KodExplorer systemRole.class.php roleGroupAction authorization

A weakness has been identified in kodcloud KodExplorer up to 4.52. Affected by this vulnerability is the function roleGroupAction of the file /app/controller/systemRole.class.php. Executing a manipul…

kodexplorer | Remote | Authorization
Apr 19, 2026 Apr 19, 2026
Apr 19, 2026
Apr 19, 2026
5.1 MEDIUM
CVE-2026-6570 — kodcloud KodExplorer systemMember.class.php initInstall authorization

A security flaw has been discovered in kodcloud KodExplorer up to 4.52. Affected is the function initInstall of the file /app/controller/systemMember.class.php. Performing a manipulation of the argum…

kodexplorer | Remote | Authorization
Apr 19, 2026 Apr 19, 2026
Apr 19, 2026
Apr 19, 2026
7.5 HIGH
CVE-2026-6569 — kodcloud KodExplorer fileGet Endpoint share.class.php improper authentication

A vulnerability was identified in kodcloud KodExplorer up to 4.52. This impacts the function fileGet of the file /app/controller/share.class.php of the component fileGet Endpoint. Such manipulation o…

kodexplorer | Remote | Authentication
Apr 19, 2026 Apr 19, 2026
Apr 19, 2026
Apr 19, 2026
7.5 HIGH
CVE-2026-6568 — kodcloud KodExplorer Public Share share.class.php initShareOld path traversal

A vulnerability was determined in kodcloud KodExplorer up to 4.52. This affects the function share.class.php::initShareOld of the file /app/controller/share.class.php of the component Public Share Ha…

kodexplorer | Remote | Path Traversal
Apr 19, 2026 Apr 19, 2026
Apr 19, 2026
Apr 19, 2026
Showing 20 of 5945 Results