Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
5.3 MEDIUM
CVE-2026-33067 — SiYuan has Stored XSS to RCE via Unsanitized Bazaar Package Metadata

SiYuan is a personal knowledge management system. Versions 3.6.0 and below render package metadata fields (displayName, description) using template literals without HTML escaping. A malicious package…

siyuan | Remote | Cross-Site Scripting
Mar 20, 2026 Mar 20, 2026
Mar 20, 2026
Mar 20, 2026
5.3 MEDIUM
CVE-2026-33066 — SiYuan has Stored XSS to RCE via Unsanitized Bazaar README Rendering

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the backend renderREADME function uses lute.New() without calling SetSanitize(true), allowing raw HTML embedded in Markd…

siyuan | Remote | Cross-Site Scripting
Mar 20, 2026 Mar 20, 2026
Mar 20, 2026
Mar 20, 2026
7.5 HIGH
CVE-2026-32701 — Qwik has array method pollution in FormData processing, allowing type confusion and DoS

Qwik is a performance-focused JavaScript framework. Versions prior to 1.19.2 improperly inferred arrays from dotted form field names during FormData parsing. By submitting mixed array-index and objec…

qwik | Remote | Injection
Mar 20, 2026 Mar 20, 2026
Mar 20, 2026
Mar 20, 2026
4.4 MEDIUM
CVE-2026-2432 — CM Custom Reports <= 1.2.7 - Authenticated (Administrator+) Stored Cross-Site Scripting v…

The CM Custom Reports – Flexible reporting to track what matters most plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.7 …

Remote | Cross-Site Scripting
Mar 20, 2026 Mar 20, 2026
Mar 20, 2026
Mar 20, 2026
6.5 MEDIUM
CVE-2026-2421 — ilGhera Carta Docente for WooCommerce <= 1.5.0 - Authenticated (Administrator+) Path Trav…

The ilGhera Carta Docente for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.0 via the 'cert' parameter of the 'wccd-delete-certificate' AJ…

Remote | Path Traversal
Mar 20, 2026 Mar 20, 2026
Mar 20, 2026
Mar 20, 2026
8.1 HIGH
CVE-2026-27625 — Stirling-PDF Zip Slip: Arbitrary File Write via Path Traversal in Markdown-to-PDF ZIP Ext…

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. In versions prior to 2.5.2, the /api/v1/convert/markdown/pdf endpoint extracts user-supplied ZIP entrie…

stirling_pdf | Remote | Path Traversal
Mar 20, 2026 Mar 20, 2026
Mar 20, 2026
Mar 20, 2026
0.0 NA
CVE-2026-23278 — netfilter: nf_tables: always walk all pending catchall elements

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: always walk all pending catchall elements During transaction processing we might have more than one catchal…

linux_kernel | Memory Corruption
Mar 20, 2026 Mar 20, 2026
Mar 20, 2026
Mar 20, 2026
0.0 NA
CVE-2026-23277 — net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit

In the Linux kernel, the following vulnerability has been resolved: net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit teql_master_xmit() calls netdev_start_xmit(skb,…

linux_kernel | Misconfiguration
Mar 20, 2026 Mar 20, 2026
Mar 20, 2026
Mar 20, 2026
0.0 NA
CVE-2026-23276 — net: add xmit recursion limit to tunnel xmit functions

In the Linux kernel, the following vulnerability has been resolved: net: add xmit recursion limit to tunnel xmit functions Tunnel xmit functions (iptunnel_xmit, ip6tunnel_xmit) lack their own recur…

linux_kernel | Denial of Service
Mar 20, 2026 Mar 20, 2026
Mar 20, 2026
Mar 20, 2026
0.0 NA
CVE-2026-23275 — io_uring: ensure ctx->rings is stable for task work flags manipulation

In the Linux kernel, the following vulnerability has been resolved: io_uring: ensure ctx->rings is stable for task work flags manipulation If DEFER_TASKRUN | SETUP_TASKRUN is used and task work is …

linux_kernel | Race Condition
Mar 20, 2026 Mar 20, 2026
Mar 20, 2026
Mar 20, 2026
0.0 NA
CVE-2026-23274 — netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels

In the Linux kernel, the following vulnerability has been resolved: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels IDLETIMER revision 0 rules reuse existing timers by label and al…

linux_kernel | Misconfiguration
Mar 20, 2026 Mar 20, 2026
Mar 20, 2026
Mar 20, 2026
0.0 NA
CVE-2026-23273 — macvlan: observe an RCU grace period in macvlan_common_newlink() error path

In the Linux kernel, the following vulnerability has been resolved: macvlan: observe an RCU grace period in macvlan_common_newlink() error path valis reported that a race condition still happens af…

linux_kernel | Race Condition
Mar 20, 2026 Mar 20, 2026
Mar 20, 2026
Mar 20, 2026
0.0 NA
CVE-2026-23272 — netfilter: nf_tables: unconditionally bump set->nelems before insertion

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: unconditionally bump set->nelems before insertion In case that the set is full, a new element gets publishe…

linux_kernel | Race Condition
Mar 20, 2026 Mar 20, 2026
Mar 20, 2026
Mar 20, 2026
0.0 NA
CVE-2026-23271 — perf: Fix __perf_event_overflow() vs perf_remove_from_context() race

In the Linux kernel, the following vulnerability has been resolved: perf: Fix __perf_event_overflow() vs perf_remove_from_context() race Make sure that __perf_event_overflow() runs with IRQs disabl…

linux_kernel | Race Condition
Mar 20, 2026 Mar 20, 2026
Mar 20, 2026
Mar 20, 2026
8.7 HIGH
CVE-2026-33191 — free5GC UDM vulnerable to null byte injection in URL path parameters causing 500 Internal…

Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. Versions prior to 1.4.2 are vulnerable to null byte injection in URL path parameters. A remote attacke…

free5gc | Remote | Injection
Mar 20, 2026 Mar 20, 2026
Mar 20, 2026
Mar 20, 2026
6.9 MEDIUM
CVE-2026-33065 — free5GC UDM incorrectly returns 500 for empty supi path parameter in DELETE sdm-subscript…

Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request (from UDR) into …

free5gc | Remote | Misconfiguration
Mar 20, 2026 Mar 20, 2026
Mar 20, 2026
Mar 20, 2026
8.7 HIGH
CVE-2026-33064 — free5GC UDM DataChangeNotification Procedure Panic Due to Nil Pointer Dereference

Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. Versions prior to 1.4.2 are vulnerable to procedure panic caused by Nil Pointer Dereference in the /sd…

free5gc | Remote | Memory Corruption
Mar 20, 2026 Mar 20, 2026
Mar 20, 2026
Mar 20, 2026
5.8 MEDIUM
CVE-2026-33061 — exactyl has Stored DOM Cross-Site Scripting (XSS) via unescaped JSON in Blade template

exactyl is a customisable game management panel and billing system. Commits after 025e8dbb0daaa04054276bda814d922cf4af58da and before e28edb204e80efab628d1241198ea4f079779cfd inject server-side objec…

| Cross-Site Scripting
Mar 20, 2026 Mar 20, 2026
Mar 20, 2026
Mar 20, 2026
5.3 MEDIUM
CVE-2026-33060 — CKAN MCP Server: SSRF via base_url allows access to internal networks

CKAN MCP Server is a tool for querying CKAN open data portals. Versions prior to 0.4.85 provide tools including ckan_package_search and sparql_query that accept a base_url parameter, making HTTP requ…

Remote | Server-Side Request Forgery
Mar 20, 2026 Mar 20, 2026
Mar 20, 2026
Mar 20, 2026
9.8 CRITICAL
CVE-2026-33057 — Mesop Affected by Unauthenticated Remote Code Execution via Test Suite Route /exec-py

Mesop is a Python-based UI framework that allows users to build web applications. In versions 1.2.2 and below, an explicit web endpoint inside the ai/ testing module infrastructure directly ingests u…

Remote | Authentication
Mar 20, 2026 Mar 20, 2026
Mar 20, 2026
Mar 20, 2026
Showing 20 of 5727 Results