Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
8.7 HIGH
CVE-2026-39352 — Frappe has an Arbitrary File Read via Path Traversal in render_include

Frappe is a full-stack web application framework. Versions prior to 15.105.0 and 16.15.0 contain a possible Arbitrary File Read vulnerability via Path Traversal. The issue is resolved in versions 16.…

frappe | Remote | Path Traversal
May 20, 2026 May 21, 2026
May 20, 2026
May 21, 2026
6.8 MEDIUM
CVE-2026-39311 — Trilium Notes: Stored XSS Leads to Unauthorized Remote Code Execution (RCE) via Unsanitiz…

Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. Versions 0.102.1 and prior contain a critical security flaw where lack of S…

trilium | Remote | Misconfiguration
May 20, 2026 May 21, 2026
May 20, 2026
May 21, 2026
8.6 HIGH
CVE-2026-39310 — Trilium Notes: Authentication Bypass in Clipper API for Electron (Desktop) Builds

Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Clipper API in Trilium Desktop (v0.101.3…

trilium | Remote | Authentication
May 20, 2026 May 21, 2026
May 20, 2026
May 21, 2026
5.1 MEDIUM
CVE-2026-35016 — Open ISES Tickets < 3.44.2 Reflected XSS via search.php frm_query Parameter

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in search.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized valu…

Remote | Cross-Site Scripting
May 20, 2026 May 21, 2026
May 20, 2026
May 21, 2026
5.1 MEDIUM
CVE-2026-35015 — Open ISES Tickets < 3.44.2 Reflected XSS via do_unit_mail.php the_ticket Parameter

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in do_unit_mail.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitize…

Remote | Cross-Site Scripting
May 20, 2026 May 21, 2026
May 20, 2026
May 21, 2026
5.1 MEDIUM
CVE-2026-35014 — Open ISES Tickets < 3.44.2 Reflected XSS via routes_nm.php ticket_id Parameter

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in routes_nm.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized v…

Remote | Cross-Site Scripting
May 20, 2026 May 21, 2026
May 20, 2026
May 21, 2026
5.1 MEDIUM
CVE-2026-35013 — Open ISES Tickets < 3.44.2 Reflected XSS via street_view.php thelat and thelng Parameters

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in street_view.php that allows authenticated attackers to inject arbitrary JavaScript by passing unsanitized va…

Remote | Cross-Site Scripting
May 20, 2026 May 21, 2026
May 20, 2026
May 21, 2026
5.1 MEDIUM
CVE-2026-35012 — Open ISES Tickets < 3.44.2 Reflected XSS via add_facnote.php ticket_id Parameter

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in add_facnote.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized…

Remote | Cross-Site Scripting
May 20, 2026 May 21, 2026
May 20, 2026
May 21, 2026
5.1 MEDIUM
CVE-2026-35011 — Open ISES Tickets < 3.44.2 Reflected XSS via opena.php frm_call Parameter

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in opena.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value…

Remote | Cross-Site Scripting
May 20, 2026 May 21, 2026
May 20, 2026
May 21, 2026
5.1 MEDIUM
CVE-2026-35010 — Open ISES Tickets < 3.44.2 Reflected XSS via patient_JF.php ticket_id Parameter

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in patient_JF.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized …

Remote | Cross-Site Scripting
May 20, 2026 May 21, 2026
May 20, 2026
May 21, 2026
5.1 MEDIUM
CVE-2026-35009 — Open ISES Tickets < 3.44.2 Reflected XSS via add_note.php ticket_id Parameter

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in add_note.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized va…

Remote | Cross-Site Scripting
May 20, 2026 May 21, 2026
May 20, 2026
May 21, 2026
5.1 MEDIUM
CVE-2026-35008 — Open ISES Tickets < 3.44.2 Reflected XSS via single.php ticket_id Parameter

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in single.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized valu…

Remote | Cross-Site Scripting
May 20, 2026 May 21, 2026
May 20, 2026
May 21, 2026
5.1 MEDIUM
CVE-2026-35007 — Open ISES Tickets < 3.44.2 Reflected XSS via single_unit.php id Parameter

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in single_unit.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized…

Remote | Cross-Site Scripting
May 20, 2026 May 21, 2026
May 20, 2026
May 21, 2026
9.3 CRITICAL
CVE-2026-33137 — XWiki Platform has an Unauthenticated XAR Import via REST /wikis/{wikiName}

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki Platform is a generic wiki platform. In versions starting with 15.10.6 and prior to 18.1…

xwiki | Remote | Authentication
May 20, 2026 May 26, 2026
May 20, 2026
May 26, 2026
4.7 MEDIUM
CVE-2026-2813 — Unvalidated Redirect in ArcGIS Server

ArcGIS Server contains an input validation weakness in the login redirection workflow. An Authenticated attacker could exploit this issue by sending a specially crafted request, Successful exploitati…

linux_kernel arcgis_server windows | Remote | Server-Side Request Forgery
May 20, 2026 May 21, 2026
May 20, 2026
May 21, 2026
5.3 MEDIUM
CVE-2026-2812 — Improper Authentication issue in ArcGIS Server

ArcGIS Server contains an improper authentication vulnerability in an undocumented administrative endpoint. An unauthenticated attacker could exploit this issue by sending a crafted request to the en…

linux_kernel arcgis_server windows | Remote | Authentication
May 20, 2026 May 21, 2026
May 20, 2026
May 21, 2026
6.1 MEDIUM
CVE-2026-26028 — CryptPad: Sanitizer Bypass in Diffmarked.js Allows Arbitrary HTML Injection and Potential…

CryptPad is an end-to-end encrypted collaborative office suite. In versions prior to 2026.2.0, the HTML sanitizer in Diffmarked.js can be bypassed due to incomplete attribute filtering on restricted …

cryptpad | Remote | Cross-Site Scripting
May 20, 2026 May 21, 2026
May 20, 2026
May 21, 2026
8.1 HIGH
CVE-2026-24218 — NVIDIA DGX SSH Key Cloning Vulnerability

NVIDIA DGX OS contains a vulnerability in the factory provisioning process, where the cloning of a base image causes identical SSH host keys to be deployed across multiple systems. The sharing of cr…

dgx_os dgx_spark | Remote | Cryptography
May 20, 2026 May 22, 2026
May 20, 2026
May 22, 2026
8.8 HIGH
CVE-2026-24217 — NVIDIA BioNeMo Core for Linux Path Traversal Vulnerability

NVIDIA BioNeMo Core for Linux contains a vulnerability where a user could cause a path traversal by loading a malicious file. A successful exploit of this vulnerability might lead to code execution, …

linux_kernel bionemo_framework | Remote | Path Traversal
May 20, 2026 May 21, 2026
May 20, 2026
May 21, 2026
7.8 HIGH
CVE-2026-24216 — NVIDIA BioNemo Untrusted Data Deserialization

NVIDIA BioNemo for Linux contains a vulnerability where a user could cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, denial of serv…

linux_kernel bionemo_framework | Injection
May 20, 2026 May 21, 2026
May 20, 2026
May 21, 2026
Showing 20 of 6725 Results