Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.3 MEDIUM
CVE-2026-43617 — Rsync < 3.4.3 Authorization Bypass via Hostname Resolution

Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access control list enforcement when configured with chroot. Attackers can bypass host…

rsync | Remote | Authorization
May 20, 2026 May 21, 2026
May 20, 2026
May 21, 2026
7.5 HIGH
CVE-2026-3985 — Creative Mail – Easier WordPress & WooCommerce Email Marketing <= 1.6.9 - Unauthenticated…

The Creative Mail – Easier WordPress & WooCommerce Email Marketing plugin for WordPress is vulnerable to SQL Injection via the 'checkout_uuid' parameter in all versions up to, and including, 1.6.9. T…

creative_mail | Remote | Injection
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
6.8 MEDIUM
CVE-2026-45585 — Windows BitLocker Security Feature Bypass Vulnerability

Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as &quot;YellowKey&quot;. The proof of concept for this vulnerability has been made public violating coor…

windows_11 windows_11_24h2 windows_server_2025 windows_11_25h2 windows_11_26h1
May 20, 2026 May 22, 2026
May 20, 2026
May 22, 2026
5.5 MEDIUM
CVE-2026-39309 — Trilium Notes: macOS TCC Bypass via Prompt Spoofing

Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Electron configuration is vulnerable to …

trilium trilium | Misconfiguration
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
6.8 MEDIUM
CVE-2026-35593 — Trilium Notes has Local File Inclusion via upload modified file API endpoint

Trilium Notes is an open-source, cross-platform hierarchical note taking application for building large personal knowledge bases. Versions 0.102.1 and prior are vulnerable to Local File Inclusion, al…

trilium | Remote | Path Traversal
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
5.3 MEDIUM
CVE-2026-34970 — MantisBT Bugnote Revision Page Leaks Private Issue Metadata After Issue Access Is Revoked

Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior allow a bugnote author to access the note's Revisions page after losing access to the parent private issue. Th…

mantisbt | Remote | Authorization
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
4.3 MEDIUM
CVE-2026-34754 — MantisBT allows unauthorized users to upload attachments to restricted issues via REST API

Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior allow an authenticated user to upload attachments to private Issues they are not authorized to access. This is…

mantisbt | Remote | Authorization
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
9.8 CRITICAL
CVE-2026-8495 — Date iCal - Critical - Information disclosure - SA-CONTRIB-2026-037

Missing Authorization vulnerability in Drupal Date iCal allows Forceful Browsing. This issue affects Date iCal: from 0.0.0 before 4.0.15.

date_ical | Remote | Authorization
May 19, 2026 May 27, 2026
May 19, 2026
May 27, 2026
5.4 MEDIUM
CVE-2026-8493 — Colorbox Inline - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-036

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Colorbox Inline allows Cross-Site Scripting (XSS). This issue affects Colorbox Inline: fr…

colorbox_inline | Remote | Cross-Site Scripting
May 19, 2026 May 27, 2026
May 19, 2026
May 27, 2026
2.7 LOW
CVE-2026-8492 — Translate Drupal with GTranslate - Less critical - DOM clobbering / link manipulation - S…

Modification of Assumed-Immutable Data (MAID) vulnerability in Drupal Translate Drupal with GTranslate allows Resource Location Spoofing. This issue affects Translate Drupal with GTranslate: from 0.…

gtranslate | Remote | Misconfiguration
May 19, 2026 May 27, 2026
May 19, 2026
May 27, 2026
3.7 LOW
CVE-2026-8491 — Node View Permissions - Moderately critical - Access bypass - SA-CONTRIB-2026-034

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Node View Permissions allows Forceful Browsing. This issue affects Node View Permissions: from 0.0.0 before 1.7.0, from 2…

node_view_permissions | Remote | Authorization
May 19, 2026 May 27, 2026
May 19, 2026
May 27, 2026
6.1 MEDIUM
CVE-2026-6871 — Obfuscate - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-033

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Obfuscate allows Cross-Site Scripting (XSS). This issue affects Obfuscate: from 0.0.0 bef…

obfuscate | Remote | Cross-Site Scripting
May 19, 2026 May 21, 2026
May 19, 2026
May 21, 2026
6.1 MEDIUM
CVE-2026-6367 — Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2026-003

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS). This issue affects Drupal core: from 11.3.…

drupal | Remote | Cross-Site Scripting
May 19, 2026 May 20, 2026
May 19, 2026
May 20, 2026
6.6 MEDIUM
CVE-2026-6366 — Drupal core - Moderately critical - Gadget Chain - SA-CORE-2026-002

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core: from 8.0.0 before 10.5.9, …

drupal | Remote | Injection
May 19, 2026 May 20, 2026
May 19, 2026
May 20, 2026
6.1 MEDIUM
CVE-2026-6365 — Drupal core - Critical - Cross-site scripting - SA-CORE-2026-001

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS). This issue affects Drupal core: from 8.0.0…

drupal | Remote | Cross-Site Scripting
May 19, 2026 May 20, 2026
May 19, 2026
May 20, 2026
6.1 MEDIUM
CVE-2026-6095 — Orejime - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-032

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Orejime allows Cross-Site Scripting (XSS). This issue affects Orejime: from 0.0.0 before …

orejime | Remote | Cross-Site Scripting
May 19, 2026 May 21, 2026
May 19, 2026
May 21, 2026
5.3 MEDIUM
CVE-2026-34744 — MantisBT authorization bypass allows continued access to self-uploaded attachments on pri…

Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior permit a user to list and download their own attachments from an Issue created by another user even after it b…

mantisbt | Remote | Authorization
May 19, 2026 May 20, 2026
May 19, 2026
May 20, 2026
5.7 MEDIUM
CVE-2026-34600 — Joplin Server delta API returns note content after share access is revoked

Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions 3.5.2 and prior contain a logic error in the delta API that allows share recipients …

joplin | Remote | Authorization
May 19, 2026 May 20, 2026
May 19, 2026
May 20, 2026
5.3 MEDIUM
CVE-2026-34579 — MantisBT has an authorization bypass via private issue monitoring

Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior are vulnerable to Authorization Bypass through the private issue monitoring feature . Using a crafted POST req…

mantisbt | Remote | Authorization
May 19, 2026 May 20, 2026
May 19, 2026
May 20, 2026
6.1 MEDIUM
CVE-2026-5090 — Template::Plugin::HTML versions through 3.102 for Perl allows HTML and JavaScript to be i…

Template::Plugin::HTML versions through 3.102 for Perl allows HTML and JavaScript to be injected. The html_filter function did not escape single quotes. HTML attributes inside of single quotes could…

Remote | Cross-Site Scripting
May 19, 2026 May 20, 2026
May 19, 2026
May 20, 2026
Showing 20 of 6725 Results