Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.5 HIGH
CVE-2026-10281 — Enderfga claw-orchestrator API Endpoint embedded-server.ts EmbeddedServer missing authent…

A weakness has been identified in Enderfga claw-orchestrator up to 3.5.5. This affects the function EmbeddedServer of the file src/embedded-server.ts of the component API Endpoint. This manipulation …

claw-orchestrator | Remote | Authentication
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
7.5 HIGH
CVE-2026-10280 — horizon921 mcpilot MCP API Call Endpoint route.ts server-side request forgery

A security flaw has been discovered in horizon921 mcpilot 0.1.0. The impacted element is an unknown function of the file client/src/app/api/mcp/call/route.ts of the component MCP API Call Endpoint. T…

mcpilot | Remote | Server-Side Request Forgery
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
6.5 MEDIUM
CVE-2026-10279 — hiraishikentaro wezterm-mcp switch_pane/write_to_specific_pane wezterm_executor.ts os com…

A vulnerability was identified in hiraishikentaro wezterm-mcp 0.1.0. The affected element is an unknown function of the file src/wezterm_executor.ts of the component switch_pane/write_to_specific_pan…

wezterm-mcp | Remote | Injection
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
6.5 MEDIUM
CVE-2026-10278 — ishayoyo excel-mcp read_file/write_file index.ts path traversal

A vulnerability was determined in ishayoyo excel-mcp up to 1.0.2. Impacted is an unknown function of the file src/index.ts of the component read_file/write_file. Executing a manipulation of the argum…

excel-mcp | Remote | Path Traversal
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
6.5 MEDIUM
CVE-2026-10277 — j3k0 mcp-google-workspace MCP Gmail Tool gmail.ts saveToDisk access control

A vulnerability was found in j3k0 mcp-google-workspace up to 831790e7d5c2663325733d9f5579cc339a267c4c. This issue affects the function saveToDisk of the file src/tools/gmail.ts of the component MCP G…

mcp-google-workspace | Remote | Authorization
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
6.5 MEDIUM
CVE-2026-10276 — hekmon8 Jenkins-server-mcp get_build_status/get_build_log/trigger_build index.ts jobPath …

A vulnerability has been found in hekmon8 Jenkins-server-mcp 0.1.0. This vulnerability affects the function jobPath of the file src/index.ts of the component get_build_status/get_build_log/trigger_bu…

jenkins-server-mcp | Remote | Server-Side Request Forgery
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
10.0 CRITICAL
CVE-2026-0072 — Android InputMethodManagerService Privilege Escalation

In addInputMethodListener of com.android.server.inputmethod.InputMethodManagerService, there is a missing permission check. This could lead to local escalation of privilege with no additional executi…

android_xr | Remote | Authorization
Jun 01, 2026 Jun 03, 2026
Jun 01, 2026
Jun 03, 2026
7.5 HIGH
CVE-2024-52011 — launch-editor vulnerable to command injection via the crafted request on Windows

launch-editor allows users to open files with line numbers in editor from Node.js. Prior to version 2.9.0, due to the insufficient sanitization of the `file` argument in the `launchEditor`, an attack…

vite | Remote | Injection
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
5.5 MEDIUM
CVE-2026-8643 — pip can extract console_scripts and gui_scripts outside installation directory

pip would treat console_scripts and gui_scripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed out…

pip | Path Traversal
Jun 01, 2026 Jun 04, 2026
Jun 01, 2026
Jun 04, 2026
7.8 HIGH
CVE-2026-8501 — CVE-2026-8501

Improper access control in the PCTCore64.sys Windows kernel driver from PC Tools Internet Security allows user-mode processes to access the PCTCoreDriver WDM device interface and invoke privileged IO…

| Authorization
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
7.8 HIGH
CVE-2026-46243 — smb: client: reject userspace cifs.spnego descriptions

In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions cifs.spnego key descriptions contain authority-bearing fields such as pid,…

linux_kernel | Authentication
Jun 01, 2026 Jun 05, 2026
Jun 01, 2026
Jun 05, 2026
6.9 MEDIUM
CVE-2026-45701 — Sulu: Weak Cryptographical usage for API Key generation and Reset Tokens

Sulu is an open-source PHP content management system based on the Symfony framework. Prior to versions 2.6.23 and 3.0.6, the password reset tokenand API key generation uses a weak cryptographical has…

sulu | Remote | Cryptography
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
6.5 MEDIUM
CVE-2026-45267 — Nextcloud: Missing permission check for from submissions

Nextcloud is an open source content collaboration platform. Prior to version 5.2.6, a missing permissions check allowed users to request reading form submissions of other users. This issue has been p…

notes | Remote | Authorization
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
3.5 LOW
CVE-2026-45266 — Nextcloud: Unauthorized force-mute from missing permission check when using internal sign…

Nextcloud is an open source content collaboration platform. Prior to versions 21.1.10, 22.0.11, and 23.0.3, a low-privileged user can force other user's microphones to be muted in calls when no High-…

notes | Remote | Denial of Service
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
4.3 MEDIUM
CVE-2026-45264 — Nextcloud: ACL Rename Permission Bypass in Team Folders Allows Unauthorized File Renames

Nextcloud is an open source content collaboration platform. From versions 17.0.0 to before 17.0.15, 18.0.0 to before 18.1.12, 19.0.0 to before 19.1.16, 20.0.0 to before 20.1.11, and 21.0.0 to before …

notes | Remote | Authorization
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
3.5 LOW
CVE-2026-45159 — Nextcloud: Files drop share links for end-to-end encrypted folders allowed to drop files …

Nextcloud is an open source content collaboration platform. From versions 1.15.0 to before 1.15.4, 1.16.0 to before 1.16.3, 1.17.0 to before 1.17.1, and 1.18.0 to before 1.18.1, a malicious user with…

notes | Remote | Authorization
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
6.3 MEDIUM
CVE-2026-45157 — Nextcloud: Valid share tokens allow to access tempory upload files of share owner

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, when a malicious user has access to a file share of…

notes | Remote | Information Disclosure
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
8.1 HIGH
CVE-2026-45156 — Nextcloud: Authentication Bypass in ID4me handling via Missing JWT Signature Verification…

Nextcloud is an open source content collaboration platform. From versions 0.3.0 to before 3.1.0, 5.0.0 to before 5.1.0, and 6.0.0 to before 6.4.0, a missing signature verification in User OIDC allowe…

notes | Remote | Authentication
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
2.6 LOW
CVE-2026-45155 — Nextcloud: Private circle can be added to another circle via API

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.7 and 33.0.0 to before 33.0.1, a missing access check on API level allowed to add u…

notes | Remote | Authorization
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
2.6 LOW
CVE-2026-45154 — Nextcloud: Improper Access Control in Collectives

Nextcloud is an open source content collaboration platform. From version 2.6.0 to before version 4.3.0, when a previous collective pages was deleted and the collective was shared view-only, guests wi…

notes | Remote | Authorization
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
Showing 20 of 7360 Results