Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
2.4 LOW
CVE-2026-30873 — OpenWrt Project jsonpath: Memory leak when processing strings, labels, and regexp tokens

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to both 24.10.6 and 25.12.1, the jp_get_token function, which performs lexical analysis by breaking input exp…

openwrt | Memory Corruption
Mar 19, 2026 Mar 20, 2026
Mar 19, 2026
Mar 20, 2026
9.5 CRITICAL
CVE-2026-30872 — OpenWrt Project has a Stack-based Buffer Overflow vulnerability via IPv6 reverse DNS look…

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6 and 25.12.1, the mdns daemon has a Stack-based Buffer Overflow vulnerability in the match_ipv6_add…

openwrt | Remote | Memory Corruption
Mar 19, 2026 Mar 20, 2026
Mar 19, 2026
Mar 20, 2026
9.5 CRITICAL
CVE-2026-30871 — OpenWrt Project has Stack-based Buffer Overflow in DNS PTR Query

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6 and 25.12.1, the mdns daemon has a Stack-based Buffer Overflow vulnerability in the parse_question…

openwrt | Remote | Memory Corruption
Mar 19, 2026 Mar 20, 2026
Mar 19, 2026
Mar 20, 2026
8.2 HIGH
CVE-2026-29072 — Discourse missing permission check for policy creation in discourse-policy

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, users who do not belong to the allowed policy creation groups can create functional polic…

discourse | Remote | Authorization
Mar 19, 2026 Mar 20, 2026
Mar 19, 2026
Mar 20, 2026
2.3 LOW
CVE-2026-28282 — Discourse vulnerable to group membership addition permission bypass via discourse-policy …

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a security flaw in the discourse-policy plugin which allowed a user with policy creat…

discourse | Remote | Authorization
Mar 19, 2026 Mar 20, 2026
Mar 19, 2026
Mar 20, 2026
6.9 MEDIUM
CVE-2026-27936 — Discourse discloses restricted post-action counts to non-privileged users

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a restriction bypass allows restricted post action counts to be disclosed to non-privileg…

discourse | Remote | Information Disclosure
Mar 19, 2026 Mar 20, 2026
Mar 19, 2026
Mar 20, 2026
6.9 MEDIUM
CVE-2026-27935 — Discourse leaks private topic metadata to non-authorized users

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a vulnerability in an API endpoint that discloses private topic metadata of admin use…

discourse | Remote | Information Disclosure
Mar 19, 2026 Mar 20, 2026
Mar 19, 2026
Mar 20, 2026
8.7 HIGH
CVE-2026-27934 — Discourse leaks private topic title and post excerpt via user action API endpoint

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a lack of visibility checks with a user action API endpoint that results in disclosur…

discourse | Remote | Information Disclosure
Mar 19, 2026 Mar 20, 2026
Mar 19, 2026
Mar 20, 2026
9.1 CRITICAL
CVE-2026-4428 — CRL Distribution Point Scope Check Logic Error in AWS-LC

A logic error in CRL distribution point validation in AWS-LC before 1.71.0 causes partitioned CRLs to be incorrectly rejected as out of scope, which allows a revoked certificate to bypass certificat…

Remote | Authentication
Mar 19, 2026 Mar 20, 2026
Mar 19, 2026
Mar 20, 2026
1.3 LOW
CVE-2026-4395 — Heap-based buffer overflow in wc_ecc_import_x963_ex KCAPI path

Heap-based buffer overflow in the KCAPI ECC code path of wc_ecc_import_x963_ex() in wolfSSL wolfcrypt allows a remote attacker to write attacker-controlled data past the bounds of the pubkey_raw buff…

wolfssl | Remote | Memory Corruption
Mar 19, 2026 Mar 20, 2026
Mar 19, 2026
Mar 20, 2026
6.9 MEDIUM
CVE-2026-3849 — Buffer Overflow in HPKE via Oversized ECH Config

Stack Buffer Overflow in wc_HpkeLabeledExtract via Oversized ECH Config. A vulnerability existed in wolfSSL 5.8.4 ECH (Encrypted Client Hello) support, where a maliciously crafted ECH config could ca…

wolfssl | Remote | Memory Corruption
Mar 19, 2026 Mar 20, 2026
Mar 19, 2026
Mar 20, 2026
8.3 HIGH
CVE-2026-3549 — ECH parsing heap buffer overflow

Heap Overflow in TLS 1.3 ECH parsing. An integer underflow existed in ECH extension parsing logic when calculating a buffer length, which resulted in writing beyond the bounds of an allocated buffer.…

Remote | Memory Corruption
Mar 19, 2026 Mar 20, 2026
Mar 19, 2026
Mar 20, 2026
7.5 HIGH
CVE-2026-3547 — wolfSSL: out-of-bounds read (DoS) in ALPN parsing due to incomplete validation

Out-of-bounds read in ALPN parsing due to incomplete validation. wolfSSL 5.8.4 and earlier contained an out-of-bounds read in ALPN handling when built with ALPN enabled (HAVE_ALPN / --enable-alpn). A…

wolfssl | Remote | Memory Corruption
Mar 19, 2026 Mar 20, 2026
Mar 19, 2026
Mar 20, 2026
1.2 LOW
CVE-2026-3230 — Improper key_share validation in TLS 1.3 HelloRetryRequest

Missing required cryptographic step in the TLS 1.3 client HelloRetryRequest handshake logic in wolfSSL could lead to a compromise in the confidentiality of TLS-protected communications via a crafted …

wolfssl | Remote | Cryptography
Mar 19, 2026 Mar 20, 2026
Mar 19, 2026
Mar 20, 2026
1.2 LOW
CVE-2026-3229 — Integer Overflow in Certificate Chain Allocation

An integer overflow vulnerability existed in the static function wolfssl_add_to_chain, that caused heap corruption when certificate data was written out of bounds of an insufficiently sized certifica…

| Memory Corruption
Mar 19, 2026 Mar 20, 2026
Mar 19, 2026
Mar 20, 2026
8.7 HIGH
CVE-2026-33346 — OpenEMR has stored XSS in portal_payment.php via Unescaped table_args

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, a stored cross-site scripting (XSS) vulnerability in the patient portal paym…

openemr | Remote | Cross-Site Scripting
Mar 19, 2026 Mar 20, 2026
Mar 19, 2026
Mar 20, 2026
7.6 HIGH
CVE-2026-33321 — OpenEMR has Out-of-Band Server-Side Request Forgery (OOB SSRF)

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, users with the `Notes - my encounters` role can fill Eye Exam forms in patie…

openemr | Remote | Server-Side Request Forgery
Mar 19, 2026 Mar 20, 2026
Mar 19, 2026
Mar 20, 2026
5.4 MEDIUM
CVE-2026-33305 — OpenEMR has Authorization Bypass in FaxSMS AppDispatch Constructor

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, an authorization bypass in the optional FaxSMS module (`oe-module-faxsms`) a…

openemr | Remote | Authorization
Mar 19, 2026 Mar 20, 2026
Mar 19, 2026
Mar 20, 2026
6.5 MEDIUM
CVE-2026-33304 — OpenEMR has Authorization Bypass in Dated Reminders Log

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, an authorization bypass in the dated reminders log allows any authenticated …

openemr | Remote | Authorization
Mar 19, 2026 Mar 20, 2026
Mar 19, 2026
Mar 20, 2026
5.4 MEDIUM
CVE-2026-33303 — OpenEMR Vulnerable to Stored XSS via Unescaped portal_login_username in Credential Print …

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.2 are vulnerable to stored cross-site scripting (XSS) via unescaped `p…

openemr | Remote | Cross-Site Scripting
Mar 19, 2026 Mar 20, 2026
Mar 19, 2026
Mar 20, 2026
Showing 20 of 5665 Results