Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
8.7 HIGH
CVE-2026-41163 — bubblewrap vulnerable to privilege escalation in setuid mode via ptrace

bubblewrap is a low-level unprivileged sandboxing tool. From version 0.11.0 to before version 0.11.2, if bubblewrap is installed in setuid mode then the user can use ptrace to attach to bubblewrap an…

bubblewrap | Remote | Misconfiguration
May 09, 2026 May 13, 2026
May 09, 2026
May 13, 2026
7.0 HIGH
CVE-2026-8207 — Gibbon SQL Injection Vulnerability

Gibbon versions before v30.0.01 are affected by an authenticated SQL Injection vulnerability by abusing the Tracking/graphing https://github.com/GibbonEdu/core/blob/c431e25fdc874adece5d2dc7e408e9aa2…

gibbon | Remote | Injection
May 09, 2026 May 12, 2026
May 09, 2026
May 12, 2026
5.3 MEDIUM
CVE-2026-7652 — LatePoint <= 5.5.0 - Unauthenticated Account Takeover via Weak Password Recovery Mechanism

The LatePoint plugin for WordPress is vulnerable to Account Takeover via Weak Password Recovery Mechanism in the unauthenticated guest booking flow in versions up to, and including, 5.5.0 This is due…

Remote | Authentication
May 09, 2026 May 11, 2026
May 09, 2026
May 11, 2026
4.3 MEDIUM
CVE-2026-6667 — PgBouncer missing authorization check in KILL_CLIENT admin command

PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILL_CLIENT admin command. All users with access to the administration console (which itself requires authorization)…

pgbouncer | Authorization
May 09, 2026 May 14, 2026
May 09, 2026
May 14, 2026
7.5 HIGH
CVE-2026-6666 — PgBouncer crash in kill_pool_logins_server_error

A possible null pointer reference in PgBouncer before 1.25.2 could lead to a crash, if a server sends an error response without SQLSTATE field.

pgbouncer | Remote | Denial of Service
May 09, 2026 May 14, 2026
May 09, 2026
May 14, 2026
9.8 CRITICAL
CVE-2026-6665 — PgBouncer buffer overflow in SCRAM

The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat() correctly when building the contents of the SCRAM client-final-message. A malicious backend that sends a SCRAM se…

pgbouncer | Remote | Memory Corruption
May 09, 2026 May 14, 2026
May 09, 2026
May 14, 2026
7.5 HIGH
CVE-2026-6664 — PgBouncer integer overflow in PgBouncer network packet parsing

An integer overflow in network packet parsing code in PgBouncer before 1.25.2 bypasses a boundary check and can lead to a crash. An unauthenticated remote attacker can crash PgBouncer with a malforme…

pgbouncer | Denial of Service
May 09, 2026 May 14, 2026
May 09, 2026
May 14, 2026
8.6 HIGH
CVE-2026-41705 — Spring AI MilvusVectorStore Filter Expression Injection

Spring AI's MilvusVectorStore#doDelete(List) implementation is vulnerable to filter-expression injection via unsanitized document IDs. Spring AI 1.0.x: affected from 1.0.0 through latest 1.0.x; upgra…

spring_ai | Remote | Injection
May 09, 2026 May 12, 2026
May 09, 2026
May 12, 2026
9.1 CRITICAL
CVE-2026-44313 — LinkWarden: Server-Side Request Forgery (SSRF) in Link Creation via fetchTitleAndHeaders …

Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. Prior to version 2.13.0, a Server-Side Request Forgery (SSRF) vulnerability in the f…

Remote | Server-Side Request Forgery
May 09, 2026 May 12, 2026
May 09, 2026
May 12, 2026
8.8 HIGH
CVE-2026-42455 — LinkWarden: Stored XSS via Client-Side Archive Upload (Unsanitized HTML served from same …

Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. In versions 2.14.0 and prior, the archive upload endpoint (POST /api/v1/archives/[li…

Remote | Cross-Site Scripting
May 09, 2026 May 12, 2026
May 09, 2026
May 12, 2026
Showing 20 of 6690 Results