Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
5.3 MEDIUM
CVE-2026-45297 — Cross-tenant IDOR on feature-flag and assist-stats routes via {project_id} case mismatch

OpenReplay is a self-hosted session replay suite. Prior to 1.26.0, there is a cross-tenant IDOR on feature-flag and assist-stats routes via {project_id} case mismatch. ProjectAuthorizer.__call__ (OSS…

openreplay | Remote | Authorization
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
7.7 HIGH
CVE-2026-45296 — OpenReplay: Cross-tenant information disclosure in app_apikey projectKey routes via missi…

OpenReplay is a self-hosted session replay suite. Prior to 1.26.0, OpenReplay's Python API exposes several app_apikey routes that trust a caller-provided projectKey after validating only that the API…

openreplay | Remote | Authorization
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
9.4 CRITICAL
CVE-2026-45058 — electerm: Import unsafe bookmark data could lead to unsafe operation when click local typ…

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In 3.8.8 and earlier, there is persistent local-pty code execution via imported bookmarks or compromised sync…

electerm | Remote | Injection
May 28, 2026 Jun 01, 2026
May 28, 2026
Jun 01, 2026
5.1 MEDIUM
CVE-2026-45021 — Kuma: Default kuma-cp leaks admin token cross-origin via CORS wildcard + LocalhostIsAdmin

Kuma is a modern Envoy-based service mesh that can run on every cloud across both Kubernetes and VMs. Prior to 2.7.25, 2.9.15, 2.11.13, 2.12.10, and 2.13.5, the default kuma-cp config leaks the admin…

Remote | Information Disclosure
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
7.1 HIGH
CVE-2026-44798 — Nautobot: GitRepository.current_head field should not be writable through REST API

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, a user with access to add/change a GitRepository record could use the REST API to directly set the cu…

nautobot | Remote | Misconfiguration
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
8.5 HIGH
CVE-2026-44797 — Nautobot: Webhook definitions could be used for server-side request forgery (SSRF)

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot's Webhook data model and associated feature set could be configured by users with sufficient…

nautobot | Remote | Server-Side Request Forgery
May 28, 2026 May 29, 2026
May 28, 2026
May 29, 2026
6.5 MEDIUM
CVE-2026-44796 — Nautobot: Object bulk rename UI actions vulnerable to denial of service by crafted regula…

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot UI object-bulk-rename endpoints (for example, /dcim/interfaces/rename/) were vulnerable to a…

nautobot | Remote | Denial of Service
May 28, 2026 May 29, 2026
May 28, 2026
May 29, 2026
5.4 MEDIUM
CVE-2026-44794 — Nautobot: REST API permits creation of GenericForeignKey references to objects that the u…

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, in the case of inter-object references via GenericForeignKey (a pattern allowing an object to referen…

nautobot | Remote | Authorization
May 28, 2026 May 29, 2026
May 28, 2026
May 29, 2026
10.0 CRITICAL
CVE-2026-43898 — SandboxJS: Sandbox escape via Function.caller leakage of internal call op

SandboxJS is a JavaScript sandboxing library. Prior to 0.9.6, sandbox-defined functions expose Function.caller, allowing sandboxed code to recover the internal LispType.Call runtime callback. That ca…

sandboxjs | Remote | Information Disclosure
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
7.5 HIGH
CVE-2026-34126 — Bluetooth Communication Uses Unencrypted Transmission During Initial Setup on TP-Link's T…

TP-Link has identified a vulnerability in Tapo L535E v1.0 and v3.0, Tapo P300 v1.0, and Tapo D100C v1.0, where Bluetooth communication during the initial setup phase is transmitted in cleartext witho…

tapo_l535e_firmware tapo_l535e tapo_p300_firmware tapo_p300 tapo_d100c_firmware tapo_d100c | Cryptography
May 28, 2026 Jun 03, 2026
May 28, 2026
Jun 03, 2026
9.1 CRITICAL
CVE-2026-9098 — CVE-2026-9098

In Casdoor versions 2.362.0 and earlier, the SAML callback handler in controllers/auth.go accepts any well-formed SAMLResponse sent to /api/acs without verifying that it corresponds to an AuthnReques…

casdoor | Remote | Authentication
May 28, 2026 Jun 02, 2026
May 28, 2026
Jun 02, 2026
9.8 CRITICAL
CVE-2026-9097 — CVE-2026-9097

Casdoor versions 2.362.0 and earlier do not verify that a JWT used for token exchange is still active. The GetTokenExchangeToken() function in object/token_oauth.go validates the JWT signature and pa…

casdoor | Remote | Authentication
May 28, 2026 Jun 02, 2026
May 28, 2026
Jun 02, 2026
7.5 HIGH
CVE-2026-9096 — CVE-2026-9096

Casdoor versions 2.362.0 and earlier do not enforce SAML assertion time bounds. The gosaml2 library reports all time-validation results, including NotOnOrAfter and NotBefore, in the assertionInfo.War…

casdoor | Remote | Authentication
May 28, 2026 Jun 02, 2026
May 28, 2026
Jun 02, 2026
8.1 HIGH
CVE-2026-9095 — CVE-2026-9095

Casdoor versions 2.362.0 and earlier map SAML assertions to user sessions without replay protection. The ParseSamlResponse() function in object/saml_sp.go calls sp.RetrieveAssertionInfo() and immedia…

casdoor | Remote | Authentication
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
9.8 CRITICAL
CVE-2026-9094 — CVE-2026-9094

Casdoor versions 2.362.0 and earlier contain a vulnerability enabling cross-organization token exchange. The GetTokenExchangeToken function in object/token_oauth.go validates JWT signatures but does …

casdoor | Remote | Authorization
May 28, 2026 Jun 02, 2026
May 28, 2026
Jun 02, 2026
9.8 CRITICAL
CVE-2026-9093 — CVE-2026-9093

In Casdoor versions 2.362.0 and earlier, the SAML service provider implementation does not validate the AudienceRestriction element in SAML assertions. The buildSp function in object/saml_sp.go never…

casdoor | Remote | Misconfiguration
May 28, 2026 Jun 02, 2026
May 28, 2026
Jun 02, 2026
9.1 CRITICAL
CVE-2026-9092 — CVE-2026-9092

Casdoor versions 2.362.0 and earlier contain a vulnerability involving unverified email binding that may enable account takeover. The getExistUserByBindingRule function matches users by email without…

casdoor | Remote | Authentication
May 28, 2026 Jun 01, 2026
May 28, 2026
Jun 01, 2026
5.3 MEDIUM
CVE-2026-9091 — CVE-2026-9091

Casdoor versions 2.362.0 and earlier contain a logic flaw in the social‑login binding flow that allows users to bypass configured MFA requirements. The binding‑rule code path in controllers/auth.go c…

casdoor | Remote | Authentication
May 28, 2026 May 29, 2026
May 28, 2026
May 29, 2026
9.1 CRITICAL
CVE-2026-9090 — CVE-2026-9090

Casdoor versions 2.362.0 and earlier contain a vulnerability that allows an attacker to bypass authentication by supplying an arbitrary signing certificate. The buildSpCertificateStore function extra…

casdoor | Remote | Authentication
May 28, 2026 May 29, 2026
May 28, 2026
May 29, 2026
8.8 HIGH
CVE-2026-8697 — Improper Authentication Rate Limiting on TP-Link's Archer C64

Due to improper enforcement of authentication rate-limiting on a debug SSH service in Archer C64 v1, the SSH service allows unlimited authentication attempts and uses the same credentials as the web …

archer_c64_firmware archer_c64 | Authentication
May 28, 2026 Jun 03, 2026
May 28, 2026
Jun 03, 2026
Showing 20 of 7213 Results