Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
5.3 MEDIUM
CVE-2026-41645 — Nuclei: Environment variable disclosure via Response-Derived DSL Expressions

Nuclei is a vulnerability scanner built on a simple YAML-based DSL. From version 3.0.0 to before version 3.8.0, a vulnerability in Nuclei's expression evaluation engine makes it possible for a malici…

nuclei | Remote | Injection
May 08, 2026 May 08, 2026
May 08, 2026
May 08, 2026
9.8 CRITICAL
CVE-2026-41501 — electerm has Command Injection Vulnerability via runLinux function

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.3.8, a command injection vulnerability exists in github.com/elcterm/electerm/npm/install.j…

electerm | Remote | Injection
May 08, 2026 May 08, 2026
May 08, 2026
May 08, 2026
9.8 CRITICAL
CVE-2026-41500 — electerm has Command Injection Vulnerability via runMac function

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.3.8, a command injection vulnerability exists in github.com/elcterm/electerm/npm/install.j…

electerm | Remote | Injection
May 08, 2026 May 08, 2026
May 08, 2026
May 08, 2026
3.3 LOW
CVE-2026-41498 — Kimai: Team API Missing Object-Level Authorization

Kimai is an open-source time tracking application. Prior to version 2.54.0, the Team API endpoints use #[IsGranted('edit_team')] instead of #[IsGranted('edit', 'team')], causing Symfony TeamVoter to …

kimai | Remote | Authorization
May 08, 2026 May 12, 2026
May 08, 2026
May 12, 2026
Showing 20 of 7084 Results