Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.9 MEDIUM
CVE-2026-3291 — Samsung Print Service Plugin – Potential Information Disclosure

Samsung Print Service Plugin for Android is potentially vulnerable to information disclosure when using an outdated version of the application via mobile devices. HP is releasing updates to mitigate …

samsung_print_service_plugin | Information Disclosure
May 06, 2026 May 11, 2026
May 06, 2026
May 11, 2026
5.3 MEDIUM
CVE-2026-40332 — Masa CMS open redirect via improper handling of scheme-relative URLs

Masa CMS is affected by an Open Redirect vulnerability due to improper handling of scheme-relative URLs. The application incorrectly interprets paths beginning with double slashes (//) as internal pa…

masacms | Remote | Misconfiguration
May 06, 2026 May 06, 2026
May 06, 2026
May 06, 2026
10.0 CRITICAL
CVE-2026-40281 — Gotenberg vulnerable to argument injection via newlines in ExifTool metadata values

Gotenberg is a Docker-powered stateless API for PDF files. In versions 8.30.1 and earlier, the metadata write endpoint validates metadata keys for control characters but leaves metadata values unsani…

gotenberg | Remote | Injection
May 06, 2026 May 11, 2026
May 06, 2026
May 11, 2026
7.1 HIGH
CVE-2026-40251 — Incus out-of-bounds panic in snapshot metadata handling allows denial of service

Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import logic allows an authenticated user with access to the storage …

incus | Remote | Denial of Service
May 06, 2026 May 07, 2026
May 06, 2026
May 07, 2026
4.8 MEDIUM
CVE-2026-40243 — Incus OVN TLS verification accepts peer-supplied roots and permits endpoint impersonation

Incus is a system container and virtual machine manager. In versions before 7.0.0, broken TLS validation logic in the OVN database connection logic can allow connections to an attacker's OVN database…

incus | Remote | Cryptography
May 06, 2026 May 08, 2026
May 06, 2026
May 08, 2026
7.1 HIGH
CVE-2026-40197 — Incus nil-pointer dereference in custom volume import allows denial of service

Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import logic allows an authenticated user with access to the storage …

incus | Remote | Denial of Service
May 06, 2026 May 07, 2026
May 06, 2026
May 07, 2026
7.1 HIGH
CVE-2026-40195 — Incus nil-pointer dereference in storage bucket import allows denial of service

Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage bucket import logic allows an authenticated user with access to the storage …

incus | Remote | Denial of Service
May 06, 2026 May 07, 2026
May 06, 2026
May 07, 2026
Showing 20 of 7247 Results