Latest CVE Feed
Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.
Collabora Online is a collaborative online office suite based on LibreOffice technology. Prior to Collabora Online Development Edition version 25.04.08.2 and prior to Collabora Online versions 23.05.…
Azure Arc Elevation of Privilege Vulnerability
Azure Front Door Elevation of Privilege Vulnerability
Azure Function Information Disclosure Vulnerability
User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.
Webpack is a module bundler. From version 5.49.0 to before 5.104.1, when experiments.buildHttp is enabled, webpack’s HTTP(S) resolver (HttpUriPlugin) can be bypassed to fetch resources from hosts out…
Webpack is a module bundler. From version 5.49.0 to before 5.104.0, when experiments.buildHttp is enabled, webpack’s HTTP(S) resolver (HttpUriPlugin) enforces allowedUris only for the initial URL, bu…
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.32, there is a DoS…
Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in the wild from 2025-12-16 through 2026 (by default, the encryption key…
A flaw has been found in Edimax BR-6258n up to 1.18. This issue affects the function formStaDrvSetup of the file /goform/formStaDrvSetup. This manipulation of the argument submit-url causes open redi…
A vulnerability was determined in WeKan up to 8.20. This impacts an unknown function of the file models/boards.js of the component REST Endpoint. This manipulation causes improper access controls. Re…
A vulnerability was found in WeKan up to 8.20. This affects an unknown function of the file models/attachments.js of the component Attachment Storage. The manipulation results in improper access cont…
A vulnerability has been found in WeKan up to 8.20. The impacted element is an unknown function of the file server/attachmentMigration.js of the component Attachment Migration. The manipulation leads…
In vpu_mmap of vpu_ioctl, there is a possible arbitrary address mmap due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. Us…
A truncated 802.15.4 packet can lead to an assert, resulting in a denial of service.
In builds with PubSub and JSON enabled, a crafted JSON message can cause the decoder to write beyond a heap-allocated array before authentication, reliably crashing the process and corrupting memory.
Tanium addressed an incorrect default permissions vulnerability in Enforce.
Tanium addressed an improper access controls vulnerability in Reputation.
Tanium addressed an incorrect default permissions vulnerability in Benchmark.
Tanium addressed an incorrect default permissions vulnerability in Comply.