Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
4.3 MEDIUM
CVE-2026-27895 — LAM has incorrect regular expression in PDF export component that allows user to upload f…

LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. Prior to version 9.5, the PDF export component does not correctly val…

ldap_account_manager | Remote | Misconfiguration
Mar 18, 2026 Mar 18, 2026
Mar 18, 2026
Mar 18, 2026
8.8 HIGH
CVE-2026-27894 — LAM has Authenticated Local File Inclusion (LFI) in PDF export

LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. Prior to version 9.5, a local file inclusion was detected in the PDF …

ldap_account_manager | Remote | Path Traversal
Mar 18, 2026 Mar 18, 2026
Mar 18, 2026
Mar 18, 2026
8.8 HIGH
CVE-2026-27811 — Roxy-WI has a Command Injection via diff parameter in config comparison allows authentica…

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.3, a command injection vulnerability exists in the `/config/compare/<service>/<server_ip>…

roxy-wi | Remote | Injection
Mar 18, 2026 Mar 18, 2026
Mar 18, 2026
Mar 18, 2026
7.2 HIGH
CVE-2026-27459 — pyOpenSSL DTLS cookie callback buffer overflow

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to `set_cookie_generate_callback` returned a cookie value…

pyopenssl | Remote | Memory Corruption
Mar 18, 2026 Mar 18, 2026
Mar 18, 2026
Mar 18, 2026
1.7 LOW
CVE-2026-27448 — pyOpenSSL allows TLS connection bypass via unhandled callback exception in set_tlsext_ser…

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to `set_tlsext_servername_callback` raised an unhandled e…

pyopenssl | Remote | Authentication
Mar 18, 2026 Mar 18, 2026
Mar 18, 2026
Mar 18, 2026
5.7 MEDIUM
CVE-2026-26004 — Sentry allows unauthorized access to event data across organizational boundaries

Sentry is a developer-first error tracking and performance monitoring tool. Versions prior to 26.1.0 have a cross-organization Insecure Direct Object Reference (IDOR) vulnerability in Sentry's GroupE…

sentry | Remote | Authorization
Mar 18, 2026 Mar 18, 2026
Mar 18, 2026
Mar 18, 2026
7.1 HIGH
CVE-2026-26001 — GLPI Inventory Plugin has SQL Injection on dropdown_calendar Report

The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to 1.6.6, non sanitized user input can lend to an SQL injection from re…

glpi_inventory | Remote | Injection
Mar 18, 2026 Mar 18, 2026
Mar 18, 2026
Mar 18, 2026
6.5 MEDIUM
CVE-2026-25937 — GLPI has a MFA bypass

GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, a malicious actor with knowledge of a user's credentials can bypass MFA and steal thei…

glpi | Remote | Authentication
Mar 18, 2026 Mar 18, 2026
Mar 18, 2026
Mar 18, 2026
5.3 MEDIUM
CVE-2026-3856 — IBM Db2 Recovery Expert Missing Integrity Check

IBM Db2 Recovery Expert for Linux, UNIX and Windows 5.5 IF 2 could allow an attacker to modify or corrupt data due to an insecure mechanism used for verifying the integrity of the data during transmi…

db2_recovery_expert | Remote | Misconfiguration
Mar 17, 2026 Mar 17, 2026
Mar 17, 2026
Mar 17, 2026
7.5 HIGH
CVE-2026-22727 — Cloud Foundry unprotected internal endpoints

Unprotected internal endpoints in Cloud Foundry Capi Release 1.226.0 and below, and CF Deployment v54.9.0 and below on all platforms allows any user who has bypassed the firewall to potentially repla…

| Authorization
Mar 17, 2026 Mar 17, 2026
Mar 17, 2026
Mar 17, 2026
9.8 CRITICAL
CVE-2026-21994

Vulnerability in the Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit product of Oracle Open Source Projects (component: Desktop). The supported version that is affected is 0.3.0…

edge_cloud_infrastructure_designer_and_visualisation_toolkit | Remote
Mar 17, 2026 Mar 18, 2026
Mar 17, 2026
Mar 18, 2026
0.0 NA
CVE-2026-20643 — Apple Navigation API Cross-Origin Policy Bypass

A cross-origin issue in the Navigation API was addressed with improved input validation. This issue is fixed in Background Security Improvements for iOS 26.3.1, iPadOS 26.3.1, macOS 26.3.1, and macOS…

macos iphone_os ipados | Misconfiguration
Mar 17, 2026 Mar 17, 2026
Mar 17, 2026
Mar 17, 2026
7.1 HIGH
CVE-2026-1264 — IBM Sterling B2B Integrator and IBM Sterling File Gateway Improper Access Controls

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 allows a remote unauthenticated attacker to view…

sterling_b2b_integrator | Remote | Authorization
Mar 17, 2026 Mar 17, 2026
Mar 17, 2026
Mar 17, 2026
7.5 HIGH
CVE-2025-14031 — IBM Sterling B2B Integrator and IBM Sterling File Gateway Denial of Service

IBM Sterling B2B Integrator and and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 could allow an unauthenticated attacker to s…

sterling_b2b_integrator | Remote | Denial of Service
Mar 17, 2026 Mar 17, 2026
Mar 17, 2026
Mar 17, 2026
6.3 MEDIUM
CVE-2026-4349 — Duende IdentityServer Token Renewal Endpoint authorize improper authentication

A vulnerability was determined in Duende IdentityServer 4. The affected element is an unknown function of the file /connect/authorize of the component Token Renewal Endpoint. This manipulation of the…

Remote | Authentication
Mar 17, 2026 Mar 17, 2026
Mar 17, 2026
Mar 17, 2026
6.5 MEDIUM
CVE-2026-32842 — Edimax GS-5008PL <= 1.00.54 Admin Credentials Stored in Cleartext

Edimax GS-5008PL firmware version 1.00.54 and prior contain an insecure credential storage vulnerability that allows attackers to obtain administrator credentials by accessing configuration backup fi…

Remote | Information Disclosure
Mar 17, 2026 Mar 17, 2026
Mar 17, 2026
Mar 17, 2026
8.1 HIGH
CVE-2026-32841 — Edimax GS-5008PL <= 1.00.54 Global Authentication State Across All Clients

Edimax GS-5008PL firmware version 1.00.54 and prior contain an authentication bypass vulnerability that allows unauthenticated attackers to access the management interface. Attackers can exploit the …

Remote | Authentication
Mar 17, 2026 Mar 17, 2026
Mar 17, 2026
Mar 17, 2026
5.4 MEDIUM
CVE-2026-32840 — Edimax GS-5008PL <= 1.00.54 Stored XSS via Device Name

Edimax GS-5008PL firmware version 1.00.54 and prior contain a stored cross-site scripting vulnerability in the system_name_set.cgi script that allows attackers to inject arbitrary script code by mani…

Remote | Cross-Site Scripting
Mar 17, 2026 Mar 17, 2026
Mar 17, 2026
Mar 17, 2026
4.3 MEDIUM
CVE-2026-32839 — Edimax GS-5008PL <= 1.00.54 CSRF via Management CGI Endpoints

Edimax GS-5008PL firmware version 1.00.54 and prior contain a cross-site request forgery vulnerability that allows remote attackers to perform unauthorized administrative actions by inducing logged-i…

Remote | Cross-Site Request Forgery
Mar 17, 2026 Mar 17, 2026
Mar 17, 2026
Mar 17, 2026
7.5 HIGH
CVE-2026-32838 — Edimax GS-5008PL <= 1.00.54 Transmits Credentials Over Cleartext HTTP

Edimax GS-5008PL firmware version 1.00.54 and prior use cleartext HTTP for the web management interface without implementing TLS or SSL encryption. Attackers on the same network can intercept managem…

Remote | Misconfiguration
Mar 17, 2026 Mar 17, 2026
Mar 17, 2026
Mar 17, 2026
Showing 20 of 5427 Results