Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
5.3 MEDIUM
CVE-2026-42526 — Apache Airflow Amazon provider: Prevent unauthorized access to team-scoped secrets in AWS…

In the AWS Secrets Manager and SSM Parameter Store secrets backends of `apache-airflow-providers-amazon` prior to 9.28.0, the team-scoping logic could resolve a `conn_id` containing a `/` (e.g. `"my_…

apache-airflow-providers-amazon | Remote | Authorization
May 19, 2026 May 19, 2026
May 19, 2026
May 19, 2026
8.8 HIGH
CVE-2026-32740 — libheif: Heap-Buffer-Overflow Write in Grid Tile Chroma Compositing

libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap-buffer-overflow (write) vulnerability in the grid tile compositing, allowing an attacker to write …

libheif | Remote | Memory Corruption
May 19, 2026 May 21, 2026
May 19, 2026
May 21, 2026
6.5 MEDIUM
CVE-2026-32739 — libheif is Vulnerable to Infinite Loop DoS via stts Sample Duration Lookup

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 800-byte HEIF sequence file causes an infinite loop in Box_stts::get_sample_duration(), consuming 1…

libheif | Remote | Denial of Service
May 19, 2026 May 20, 2026
May 19, 2026
May 20, 2026
8.7 HIGH
CVE-2026-27173 — Apache Airflow CNCF Kubernetes provider: JWT Token Exposure in KubernetesExecutor Command…

JWT tokens that were used by workers in Kubernetes Executors have been exposed to users who had read only access to Kuberentes Pods. This could allow users with just read-only access to perform actio…

airflow_cncf_kubernetes | Information Disclosure
May 19, 2026 May 19, 2026
May 19, 2026
May 19, 2026
Showing 20 of 7584 Results