Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
8.6 HIGH
CVE-2026-21333 — Illustrator | Untrusted Search Path (CWE-426)

Illustrator versions 29.8.4, 30.1 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code in the context of the current user. Exploitat…

| Misconfiguration
Mar 10, 2026 Mar 11, 2026
Mar 10, 2026
Mar 11, 2026
5.6 MEDIUM
CVE-2025-22850 — Intel UEFI PdaSmm Time-of-Check Time-of-Use Information Disclosure

Time-of-check time-of-use race condition in the UEFI PdaSmm module for some Intel(R) reference platforms may allow an information disclosure. System software adversary with a privileged user combined…

| Race Condition
Mar 10, 2026 Mar 11, 2026
Mar 10, 2026
Mar 11, 2026
5.6 MEDIUM
CVE-2025-22444 — Intel UEFI PdaSmm Information Disclosure

Exposure of resource to wrong sphere in the UEFI PdaSmm module for some Intel(R) reference platforms may allow an information disclosure. System software adversary with a privileged user combined wit…

| Information Disclosure
Mar 10, 2026 Mar 11, 2026
Mar 10, 2026
Mar 11, 2026
8.7 HIGH
CVE-2025-20105 — Intel Reference Platforms UEFI Firmware SMM Module Privilege Escalation Vulnerability

Improper input validation in some UEFI firmware SMM module for the Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a …

| Authentication
Mar 10, 2026 Mar 11, 2026
Mar 10, 2026
Mar 11, 2026
5.9 MEDIUM
CVE-2025-20096 — "Intel UEFI Firmware Privilege Escalation Vulnerability"

Improper input validation in the UEFI firmware for some Intel Reference Platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexit…

| Authorization
Mar 10, 2026 Mar 11, 2026
Mar 10, 2026
Mar 11, 2026
1.8 LOW
CVE-2025-20073 — Intel UEFI DXE Buffer Overflow Information Disclosure

Improper buffer restrictions in the UEFI DXE module for some Intel(R) Reference Platforms within UEFI may allow an information disclosure. System software adversary with a privileged user combined wi…

| Information Disclosure
Mar 10, 2026 Mar 11, 2026
Mar 10, 2026
Mar 11, 2026
7.1 HIGH
CVE-2025-20068 — Intel UEFI ImcErrorHandler Privilege Escalation Vulnerability

Improper input validation in the UEFI ImcErrorHandler module for some Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with…

| Authorization
Mar 10, 2026 Mar 11, 2026
Mar 10, 2026
Mar 11, 2026
8.7 HIGH
CVE-2025-20064 — Intel UEFI FlashUcAcmSmm Privilege Escalation Vulnerability

Improper input validation in the UEFI FlashUcAcmSmm module for some Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a…

| Authorization
Mar 10, 2026 Mar 11, 2026
Mar 10, 2026
Mar 11, 2026
7.1 HIGH
CVE-2025-20028 — Intel WheaERST SMM Module Privilege Escalation Vulnerability

Time-of-check time-of-use race condition in the WheaERST SMM module for some Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combin…

| Race Condition
Mar 10, 2026 Mar 11, 2026
Mar 10, 2026
Mar 11, 2026
7.1 HIGH
CVE-2025-20027 — Intel UEFI WheaERST Elevation of Privilege Vulnerability

Improper input validation in the UEFI WheaERST module for some Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high…

| Authorization
Mar 10, 2026 Mar 11, 2026
Mar 10, 2026
Mar 11, 2026
5.6 MEDIUM
CVE-2025-20005 — Intel UEFI Firmware Buffer Overflow Privilege Escalation Vulnerability

Improper buffer restrictions in some UEFI firmware for some Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high co…

| Memory Corruption
Mar 10, 2026 Mar 11, 2026
Mar 10, 2026
Mar 11, 2026
6.9 MEDIUM
CVE-2026-31838 — Istio HTTP debug endpoints on port 15014 to enforce namespace-based authorization, preven…

Istio is an open platform to connect, manage, and secure microservices. Prior to 1.29.1, 1.28.5, and 1.27.8, a vulnerability in Envoy RBAC header matching could allow authorization policy bypass when…

Remote | Authorization
Mar 10, 2026 Mar 11, 2026
Mar 10, 2026
Mar 11, 2026
8.7 HIGH
CVE-2026-31837 — Istio JWKS resolver to prevent private key material from being exposed when JWKS fetch fa…

Istio is an open platform to connect, manage, and secure microservices. Prior to 1.29.1, 1.28.5, and 1.27.8, a user of Istio is impacted if the JWKS resolver becomes unavailable or the fetch fails, e…

Remote | Misconfiguration
Mar 10, 2026 Mar 11, 2026
Mar 10, 2026
Mar 11, 2026
7.2 HIGH
CVE-2026-31834 — Umbraco Affected by Vertical Privilege Escalation via Missing Authorization Checks

Umbraco is an ASP.NET CMS. From 15.3.1 to before 16.5.1 and 17.2.2, A privilege escalation vulnerability has been identified in Umbraco CMS. Under certain conditions, authenticated backoffice users w…

Remote | Authorization
Mar 10, 2026 Mar 11, 2026
Mar 10, 2026
Mar 11, 2026
6.7 MEDIUM
CVE-2026-31833 — Umbraco has Stored XSS in UFM Rendering Pipeline via Permissive DOMPurify Attribute Filte…

Umbraco is an ASP.NET CMS. From 16.2.0 to before 16.5.1 and 17.2.2, An authenticated backoffice user with access to Settings can inject malicious HTML into property type descriptions. Due to an overl…

Remote | Cross-Site Scripting
Mar 10, 2026 Mar 11, 2026
Mar 10, 2026
Mar 11, 2026
5.4 MEDIUM
CVE-2026-31832 — Umbraco Backoffice API Allows Unauthorized Modification of Domain Data

Umbraco is an ASP.NET CMS. From 14.0.0 to before 16.5.1 and 17.2.2, A broken object-level authorization vulnerability exists in a backoffice API endpoint that allows authenticated users to assign dom…

Remote | Authorization
Mar 10, 2026 Mar 11, 2026
Mar 10, 2026
Mar 11, 2026
7.5 HIGH
CVE-2026-31830 — sigstore-ruby verifier returns success for DSSE bundles with mismatched in-toto subject d…

sigstore-ruby is a pure Ruby implementation of the sigstore verify command from the sigstore/cosign project. Prior to 0.2.3, Sigstore::Verifier#verify does not propagate the VerificationFailure retur…

Remote | Authentication
Mar 10, 2026 Mar 11, 2026
Mar 10, 2026
Mar 11, 2026
8.8 HIGH
CVE-2026-31829 — Flowise affected by Server-Side Request Forgery (SSRF) in HTTP Node Leading to Internal N…

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.0.13, Flowise exposes an HTTP Node in AgentFlow and Chatflow that performs server-side HTTP request…

flowise | Remote | Server-Side Request Forgery
Mar 10, 2026 Mar 11, 2026
Mar 10, 2026
Mar 11, 2026
8.8 HIGH
CVE-2026-31828 — Parse Server has an LDAP injection via unsanitized user input in DN and group filter cons…

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.13 and 8.6.26, the LDAP authentication adapter is vulnerable to LDAP injec…

parse-server | Remote | Injection
Mar 10, 2026 Mar 11, 2026
Mar 10, 2026
Mar 11, 2026
7.1 HIGH
CVE-2026-31827 — Alienbin: TTL Index Race Condition allows unauthorized deletion of other users data

Alienbin is an anonymous code and text sharing web service. In 1.0.0 and earlier, the /save endpoint in server.js drops and recreates the MongoDB TTL index on the entire post collection for every new…

Remote | Misconfiguration
Mar 10, 2026 Mar 11, 2026
Mar 10, 2026
Mar 11, 2026
Showing 20 of 5396 Results