Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
8.6 HIGH
CVE-2026-29109 — SuiteCRM Authenticated Remote Code Execution via Unsafe Deserialization in SavedSearch Fi…

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions up to and including 8.9.2 contain an unsafe deserialization vulnerability in the Sav…

suitecrm | Remote | Injection
Mar 20, 2026 Mar 20, 2026
Mar 20, 2026
Mar 20, 2026
6.5 MEDIUM
CVE-2026-29108 — Authenticated SuiteCRM Users Can Retrieve The Password Hash of Any User

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 8.9.3, an authenticated API endpoint allows any user to retrieve detailed i…

suitecrm | Remote | Information Disclosure
Mar 20, 2026 Mar 20, 2026
Mar 20, 2026
Mar 20, 2026
5.9 MEDIUM
CVE-2026-22737 — Spring Framework Improper Path Limitation with Script View Templates

Use of Java scripting engine enabled (e.g. JRuby, Jython) template views in Spring MVC and Spring WebFlux applications can result in disclosure of content from files outside the configured locations …

spring_framework | Remote | Information Disclosure
Mar 20, 2026 Mar 20, 2026
Mar 20, 2026
Mar 20, 2026
2.6 LOW
CVE-2026-22735 — Server Sent Event stream corruption

Spring MVC and WebFlux applications are vulnerable to stream corruption when using Server-Sent Events (SSE). This issue affects Spring Foundation: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16,…

Remote | Denial of Service
Mar 20, 2026 Mar 20, 2026
Mar 20, 2026
Mar 20, 2026
8.2 HIGH
CVE-2026-22733 — Authentication Bypass under Actuator CloudFoundry endpoints

Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires authentication is declared under the path used by the C…

spring_security | Remote | Authentication
Mar 20, 2026 Mar 20, 2026
Mar 20, 2026
Mar 20, 2026
2.2 LOW
CVE-2026-33408 — Discourse has Improper Authorization in "Post Edits" Report For Moderators

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, moderators were able to see the first 40 characters of post edits in PMs and private cate…

discourse | Remote | Information Disclosure
Mar 19, 2026 Mar 20, 2026
Mar 19, 2026
Mar 20, 2026
4.4 MEDIUM
CVE-2026-33395 — Discourse has stored click‑based XSS via Graphviz SVG javascript: links

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the discourse-graphviz plugin contains a stored cross-site scripting (XSS) vulnerability …

discourse | Remote | Cross-Site Scripting
Mar 19, 2026 Mar 20, 2026
Mar 19, 2026
Mar 20, 2026
6.5 MEDIUM
CVE-2026-32818 — Admidio is Missing Authorization on Forum Topic and Post Deletion

Admidio is an open-source user management solution. In versions 5.0.0 through 5.0.6, the forum module in Admidio does not verify whether the current user has permission to delete forum topics or post…

admidio | Remote | Authorization
Mar 19, 2026 Mar 20, 2026
Mar 19, 2026
Mar 20, 2026
5.7 MEDIUM
CVE-2026-32816 — Admidio has Missing CSRF Validation on Role Delete, Activate, and Deactivate Actions

Admidio is an open-source user management solution. In versions 5.0.0 through 5.0.6, the delete, activate, and deactivate modes in modules/groups-roles/groups_roles.php perform destructive state chan…

admidio | Remote | Cross-Site Request Forgery
Mar 19, 2026 Mar 20, 2026
Mar 19, 2026
Mar 20, 2026
5.7 MEDIUM
CVE-2026-32755 — Admidio is Missing CSRF Protection on Role Membership Date Changes

Admidio is an open-source user management solution. In versions 5.0.6 and below, the save_membership action in modules/profile/profile_function.php saves changes to a member's role membership start a…

admidio | Remote | Cross-Site Request Forgery
Mar 19, 2026 Mar 20, 2026
Mar 19, 2026
Mar 20, 2026
8.6 HIGH
CVE-2026-32721 — LuCI luci-mod-network: Possible XSS attack in WiFi scan on Joining Wireless Client modal

LuCI is the OpenWrt Configuration Interface. Versions prior to both 24.10.5 and 25.12.0, contain a stored XSS vulnerability in the wireless scan modal, where SSID values from scan results are rendere…

openwrt luci | Cross-Site Scripting
Mar 19, 2026 Mar 20, 2026
Mar 19, 2026
Mar 20, 2026
1.8 LOW
CVE-2026-30874 — OpenWrt procd PATH Environment Variable Filter Bypass via Incorrect String Comparison Lea…

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6, a vulnerability in the hotplug_call function allows an attacker to bypass environment variable fi…

openwrt | Path Traversal
Mar 19, 2026 Mar 20, 2026
Mar 19, 2026
Mar 20, 2026
5.0 MEDIUM
CVE-2026-29107 — SuiteCRM vulnerable to authenticated SSRF via PDF export

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, it is possible to create PDF templates with `<img>` tags.…

suitecrm | Remote | Server-Side Request Forgery
Mar 19, 2026 Mar 20, 2026
Mar 19, 2026
Mar 20, 2026
5.9 MEDIUM
CVE-2026-29106 — SuiteCRM has blind XSS in return_id parameter

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, the value of the return_id request parameter is copied in…

suitecrm | Remote | Cross-Site Scripting
Mar 19, 2026 Mar 20, 2026
Mar 19, 2026
Mar 20, 2026
5.4 MEDIUM
CVE-2026-29105 — SuiteCRM has Unauthenticated Open Redirect in Leads WebToLead Capture

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, SuiteCRM contains an unauthenticated open redirect vulner…

suitecrm | Remote | Misconfiguration
Mar 19, 2026 Mar 20, 2026
Mar 19, 2026
Mar 20, 2026
2.7 LOW
CVE-2026-29104 — SuiteCRM Vulnerable to Authenticated Arbitrary File Upload via Configurator addfontresult…

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, SuiteCRM contains an authenticated arbitrary file upload …

suitecrm | Remote | Authentication
Mar 19, 2026 Mar 20, 2026
Mar 19, 2026
Mar 20, 2026
9.1 CRITICAL
CVE-2026-29103 — SuiteCRM Vulnerable to Remote Code Execution via Module Loader Package Scanner Bypass

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. A Critical Remote Code Execution (RCE) vulnerability exists in SuiteCRM 7.15.0 and 8.9.2, all…

suitecrm | Remote | Injection
Mar 19, 2026 Mar 20, 2026
Mar 19, 2026
Mar 20, 2026
7.2 HIGH
CVE-2026-29102 — SuiteCRM has Authenticated RCE in Modules

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, an Authenticated Remote Code Execution (RCE) vulnerabilit…

suitecrm | Remote | Authentication
Mar 19, 2026 Mar 20, 2026
Mar 19, 2026
Mar 20, 2026
4.9 MEDIUM
CVE-2026-29101 — SuiteCRM Vulnerable to Directory Traversal to DoS in Modules

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, a Denial-of-Service (DoS) vulnerability exists in SuiteCR…

suitecrm | Remote | Denial of Service
Mar 19, 2026 Mar 20, 2026
Mar 19, 2026
Mar 20, 2026
7.1 HIGH
CVE-2026-29100 — SuiteCRM has Reflected HTML Injection in Login Page via default_user_name Parameter

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. SuiteCRM 7.15.0 contains a reflected HTML injection vulnerability in the login page that allo…

suitecrm | Remote | Cross-Site Scripting
Mar 19, 2026 Mar 20, 2026
Mar 19, 2026
Mar 20, 2026
Showing 20 of 5665 Results