Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
0.0 NA
CVE-2026-46281 — vmalloc: fix buffer overflow in vrealloc_node_align()

In the Linux kernel, the following vulnerability has been resolved: vmalloc: fix buffer overflow in vrealloc_node_align() Commit 4c5d3365882d ("mm/vmalloc: allow to set node and align in vrealloc")…

| Memory Corruption
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
0.0 NA
CVE-2026-46280 — lib: test_hmm: evict device pages on file close to avoid use-after-free

In the Linux kernel, the following vulnerability has been resolved: lib: test_hmm: evict device pages on file close to avoid use-after-free Patch series "Minor hmm_test fixes and cleanups". Two bu…

| Memory Corruption
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
0.0 NA
CVE-2026-46279 — mm/alloc_tag: clear codetag for pages allocated before page_ext initialization

In the Linux kernel, the following vulnerability has been resolved: mm/alloc_tag: clear codetag for pages allocated before page_ext initialization Due to initialization ordering, page_ext is alloca…

| Memory Corruption
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
0.0 NA
CVE-2026-46278 — drm/imagination: Fix segfault when updating ftrace mask

In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Fix segfault when updating ftrace mask Fix invalid data access by passing right data for debugfs entry. [ 171.…

| Memory Corruption
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
0.0 NA
CVE-2026-46277 — mm/zone_device: do not touch device folio after calling ->folio_free()

In the Linux kernel, the following vulnerability has been resolved: mm/zone_device: do not touch device folio after calling ->folio_free() The contents of a device folio can immediately change afte…

| Memory Corruption
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
0.0 NA
CVE-2026-46276 — drm/amdgpu: fix zero-size GDS range init on RDNA4

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix zero-size GDS range init on RDNA4 RDNA4 (GFX 12) hardware removes the GDS, GWS, and OA on-chip memory resources. …

| Memory Corruption
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
5.5 MEDIUM
CVE-2026-45581 — fabric-chaincode-java: TLS Private Key Password Disclosed in INFO Startup Logs in Chainco…

fabric-chaincode-java is a Java based implementation of Hyperledger Fabric chaincode shim APIs. From version 2.3.1 to before version 2.5.10, when chaincode is deployed in chaincode-as-a-service mode …

| Information Disclosure
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
6.3 MEDIUM
CVE-2026-43966 — HTTP Response Splitting via Non-VCHAR Bytes in cow_http_struct_hd:escape_string/2

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') vulnerability in ninenines cowlib allows HTTP response splitting via non-VCHAR bytes in structured-fields…

cowlib | Remote | Injection
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
9.4 CRITICAL
CVE-2026-41448 — AdGuard Home Authentication Bypass via Path Traversal in Admin-Token Cookie

AdGuard Home, when started with the --glinet flag, contains an authentication bypass vulnerability that allows unauthenticated attackers to gain full admin access by supplying a path traversal sequen…

Remote | Path Traversal
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
9.8 CRITICAL
CVE-2026-39910 — STACKIT IaaS API Privilege Escalation via Service Account Attachment

STACKIT IaaS API contains a missing authorization check vulnerability that allows authenticated, low-privileged attackers to escalate privileges to full organization compromise by attaching arbitrary…

Remote | Authorization
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
7.1 HIGH
CVE-2026-39908 — OpenBullet2 0.3.2 NTLMv2 Hash Disclosure via UNC Path Proxy Source

OpenBullet2 through version 0.3.2 on Windows contains a credential disclosure vulnerability that allows remote attackers to capture the NTLMv2 hash of the process user by configuring a job proxy sour…

Remote | Information Disclosure
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
8.8 HIGH
CVE-2026-25856 — OpenBullet2 0.3.2 Authenticated RCE via Job Configuration Interface

OpenBullet2 through version 0.3.2 contains an authenticated remote code execution vulnerability that allows authenticated users to execute arbitrary C# code on the server host by creating or modifyin…

Remote | Authentication
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
8.8 HIGH
CVE-2026-25855 — OpenBullet2 0.3.2 Authenticated RCE via FileProxySource Script Upload

OpenBullet2 through version 0.3.2 contains a remote code execution vulnerability that allows authenticated users to execute arbitrary commands by uploading script files (.bat.ps1.sh) through the File…

Remote | Authentication
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
8.8 HIGH
CVE-2026-25559 — OpenBullet2 0.3.2 Path Traversal via Wordlist Endpoint

OpenBullet2 through version 0.3.2 contains a path traversal vulnerability in the wordlist endpoint that allows authenticated attackers to perform arbitrary file read, write, and delete operations by …

Remote | Path Traversal
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
9.8 CRITICAL
CVE-2026-25555 — OpenBullet2 0.3.2 Authentication Bypass via X-Api-Key Header

OpenBullet2 through version 0.3.2 contains an authentication bypass vulnerability in the API key authentication middleware that allows unauthenticated attackers to gain admin access by supplying an e…

Remote | Authentication
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
6.5 MEDIUM
CVE-2026-11611 — 389-ds-base: 389-ds-base: content sync plugin unbounded queue growth and race conditions

A flaw was found in 389 Directory Server. The Content Synchronization persistent search plugin allows unbounded memory growth when an authenticated client stops reading sync responses, enabling denia…

enterprise_linux directory_server enterprise_linux directory_server | Remote | Denial of Service
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
4.0 MEDIUM
CVE-2026-11534 — imvks786 student_management_system add.php cross site scripting

A vulnerability was detected in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected by this issue is some unknown functionality of the file /add.php. The manip…

Remote | Cross-Site Scripting
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
5.5 MEDIUM
CVE-2026-11533 — imvks786 student_management_system Student Deletion Endpoint see.php improper authorizati…

A security vulnerability has been detected in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected by this vulnerability is an unknown functionality of the file…

Remote | Authorization
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
6.5 MEDIUM
CVE-2026-11532 — imvks786 student_management_system Student Record add.php access control

A weakness has been identified in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected is an unknown function of the file /add.php of the component Student Reco…

Remote | Authorization
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
7.5 HIGH
CVE-2026-11531 — imvks786 student_management_system Administrator Login Endpoint admin_login.php sql injec…

A security flaw has been discovered in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. This impacts an unknown function of the file admin/admin_login.php of the com…

Remote | Injection
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
Showing 20 of 6839 Results