Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
5.4 MEDIUM
CVE-2026-28735 — GitHub OAuth Scope Validation

Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to validate the OAuth token scope on the callback which allows an authenticated Mattermost user to g…

mattermost_server legal_hold | Remote | Authorization
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
8.7 HIGH
CVE-2026-28445 — Typebot: Stored XSS via Rating Block Custom Icon Bypasses isUnsafe Sandbox in Builder Pre…

Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the RatingButton component in the embed package renders the user-controlled customIcon.svg field directly via Solid's innerHTML direct…

typebot | Remote | Cross-Site Scripting
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
6.5 MEDIUM
CVE-2026-28444 — Typebot: IDOR in Result Logs Endpoint Allows Cross-Workspace Data Disclosure

Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the getResultLogs API endpoint authorizes the caller against the provided typebotId but fetches logs solely by resultId without verify…

typebot | Remote | Authorization
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
Showing 20 of 7403 Results