Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.5 MEDIUM
CVE-2026-9468 — dazeb cline-mcp-memory-bank index.ts handleInitializeMemoryBank path traversal

A security flaw has been discovered in dazeb cline-mcp-memory-bank up to 55c81b9cf6c16700983c84dc4cdea3cafa19a75f. The affected element is the function handleInitializeMemoryBank of the file src/inde…

cline-mcp-memory-bank | Remote | Path Traversal
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
4.3 MEDIUM
CVE-2026-9467 — debugmcp mcp-debugger server.ts handleGetSourceContext path traversal

A vulnerability was identified in debugmcp mcp-debugger up to 0.20.0. Impacted is the function handleGetSourceContext of the file src/server.ts. The manipulation leads to path traversal. The attack i…

mcp-debugger | Remote | Path Traversal
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
5.5 MEDIUM
CVE-2026-9466 — Tiandy Easy7 Integrated Management Platform API Endpoint updateUserPassword password reco…

A vulnerability was determined in Tiandy Easy7 Integrated Management Platform 7.17.0. This issue affects some unknown processing of the file /rest/user/updateUserPassword of the component API Endpoin…

easy7_integrated_management_platform | Remote | Authentication
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
4.9 MEDIUM
CVE-2026-42797 — Apache Syncope: JexlContextBuilder Information Disclosure

Exposure of Sensitive Information Through Data Queries vulnerability in Apache Syncope. An administrator with adequate entitlements for Derived Schemas can create a malicious JEXL expression which a…

syncope | Remote | Information Disclosure
May 25, 2026 May 28, 2026
May 25, 2026
May 28, 2026
7.2 HIGH
CVE-2026-42782 — Apache Syncope: Post-auth RCE via Groovy static

Improper Isolation or Compartmentalization vulnerability in Apache Syncope. An administrator with adequate entitlements for Implementations can create a malicious Groovy class containing untrusted c…

syncope | Remote | Misconfiguration
May 25, 2026 May 27, 2026
May 25, 2026
May 27, 2026
7.5 HIGH
CVE-2026-9465 — Tiandy Easy7 Integrated Management Platform GetDBDataEx.jsp sql injection

A vulnerability was found in Tiandy Easy7 Integrated Management Platform 7.17.0. This vulnerability affects unknown code of the file /Easy7/apps/WebService/GetDBDataEx.jsp. Performing a manipulation …

easy7_integrated_management_platform | Remote | Injection
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
5.8 MEDIUM
CVE-2026-9464 — YunaiV yudao-cloud Admin API Endpoint create IotDataSinkHttpConfig server-side request fo…

A vulnerability has been found in YunaiV yudao-cloud 2026.03. This affects the function IotDataSinkHttpConfig of the file /admin-api/iot/data-sink/create of the component Admin API Endpoint. Such man…

yudao-cloud | Remote | Server-Side Request Forgery
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
9.0 HIGH
CVE-2026-9463 — Edimax EW-7438RPn formLicence stack-based overflow

A flaw has been found in Edimax EW-7438RPn 1.31. Affected by this issue is the function formLicence of the file /goform/formLicence. This manipulation of the argument submit-url causes stack-based bu…

ew-7438rpn | Remote | Memory Corruption
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
9.0 HIGH
CVE-2026-9462 — Edimax EW-7438RPn formWpsProxyEnable stack-based overflow

A vulnerability was detected in Edimax EW-7438RPn 1.31. Affected by this vulnerability is the function formWpsProxyEnable of the file /goform/formWpsProxyEnable. The manipulation of the argument subm…

ew-7438rpn | Remote | Memory Corruption
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
5.4 MEDIUM
CVE-2026-9078 — Firefox iOS RTL Domain Rendering Issue in Link Preview

Firefox for iOS displayed specially crafted right-to-left (RTL) and internationalized domain names (IDNs) incorrectly in link preview UI surfaces. A crafted RTL hostname could visually reorder portio…

firefox | Remote | Information Disclosure
May 25, 2026 May 28, 2026
May 25, 2026
May 28, 2026
8.2 HIGH
CVE-2026-47077 — Unbounded body accumulation in HTTP/3 response loop in hackney

Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. hackney_h3:await_response_loop/6 accumulates the HTTP/3 response body in memory without any size…

hackney | Remote | Denial of Service
May 25, 2026 May 27, 2026
May 25, 2026
May 27, 2026
6.9 MEDIUM
CVE-2026-47076 — SSRF allowlist bypass via percent-encoded host in hackney

Interpretation Conflict vulnerability in benoitc hackney allows Server Side Request Forgery. hackney_url:normalize/2 URL-decodes the host component after the URL has been parsed into a #hackney_url{}…

hackney | Server-Side Request Forgery
May 25, 2026 May 27, 2026
May 25, 2026
May 27, 2026
7.5 HIGH
CVE-2026-47075 — CR/LF injection in query parameter in hackney

Improper Neutralization of CRLF Sequences vulnerability in benoitc hackney allows HTTP Request Splitting. hackney does not percent-encode carriage return (\r) or line feed (\n) characters in the URL …

hackney | Remote | Injection
May 25, 2026 May 28, 2026
May 25, 2026
May 28, 2026
8.7 HIGH
CVE-2026-47073 — Unbounded memory consumption in WebSocket client in hackney

Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. The WebSocket client in src/hackney_ws.erl imposes no upper bound on memory consumption in three…

hackney | Remote | Denial of Service
May 25, 2026 May 27, 2026
May 25, 2026
May 27, 2026
7.5 HIGH
CVE-2026-47072 — CRLF injection in WebSocket upgrade request in hackney

Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in benoitc hackney allows HTTP Request/Response Splitting. The WebSocket upgrade code in src/hackney_ws.erl copies the host,…

hackney | Remote | Injection
May 25, 2026 May 28, 2026
May 25, 2026
May 28, 2026
8.2 HIGH
CVE-2026-47071 — SOCKS5 TLS upgrade ignores caller timeout in hackney

Uncontrolled Resource Consumption vulnerability in benoitc hackney allows Flooding. The SOCKS5 transport in src/hackney_socks5.erl correctly applies the caller-supplied timeout to the SOCKS5 negotiat…

hackney | Remote | Denial of Service
May 25, 2026 May 27, 2026
May 25, 2026
May 27, 2026
6.1 MEDIUM
CVE-2026-47070 — HTTP/3 redirect handler leaks Authorization and Cookie headers to cross-origin redirect t…

Sensitive Data Exposure vulnerability in benoitc hackney allows Retrieve Embedded Sensitive Data. The HTTP/3 redirect handler in src/hackney_h3.erl passes the original request headers unchanged to th…

hackney | Remote | Information Disclosure
May 25, 2026 May 27, 2026
May 25, 2026
May 27, 2026
5.3 MEDIUM
CVE-2026-47069 — CRLF injection in cookie domain/path options in hackney

Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in benoitc hackney allows HTTP Response Splitting. The hackney_cookie:setcookie/3 function in src/hackney_cookie.erl validat…

hackney | Remote | Injection
May 25, 2026 May 27, 2026
May 25, 2026
May 27, 2026
8.7 HIGH
CVE-2026-47067 — Atom table exhaustion via unrecognized URL schemes in hackney

Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. The URL parser in src/hackney_url.erl converts every unrecognized URL scheme to a permanent BEAM…

hackney | Remote | Denial of Service
May 25, 2026 May 27, 2026
May 25, 2026
May 27, 2026
8.7 HIGH
CVE-2026-47066 — Infinite loop in Alt-Svc header parser in hackney

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in benoitc hackney allows Excessive Allocation. The Alt-Svc response header parser in src/hackney_altsvc.erl does not guarantee fo…

hackney | Remote | Denial of Service
May 25, 2026 May 27, 2026
May 25, 2026
May 27, 2026
Showing 20 of 6741 Results