Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.4 HIGH
CVE-2026-2450 — upKeeper Instant Privilege Access Impersonation Privilege Escalation

.NET misconfiguration: use of impersonation vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Hijacking a Privileged Thread of Execution.This issue affects upKeeper Instant…

Remote | Misconfiguration
Apr 14, 2026 Apr 14, 2026
Apr 14, 2026
Apr 14, 2026
9.1 CRITICAL
CVE-2025-8095 — Recoverable obfuscation using the OECH1 prefix encoding in OpenEdge

The OECH1 prefix encoding is intended to obfuscate values across the OpenEdge platform.  It has been identified as cryptographically weak and unsuitable for stored encodings and enterprise applicatio…

Remote | Cryptography
Apr 14, 2026 Apr 14, 2026
Apr 14, 2026
Apr 14, 2026
8.2 HIGH
CVE-2025-7389 — Unauthorized Arbitrary File Read via RMI in AdminServer Interface

A vulnerability in the AdminServer component of OpenEdge on all supported platforms grants its authenticated users OS-level access to the server through the adopted authority of the AdminServer proce…

Remote | Authorization
Apr 14, 2026 Apr 14, 2026
Apr 14, 2026
Apr 14, 2026
9.0 CRITICAL
CVE-2026-2449 — upKeeper Instant Privilege Access Command Injection Vulnerability

Improper neutralization of argument delimiters in a command ('argument injection') vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Hijacking a Privileged Thread of Execut…

Remote | Injection
Apr 14, 2026 Apr 14, 2026
Apr 14, 2026
Apr 14, 2026
7.4 HIGH
CVE-2026-2332 — HTTP Request Smuggling via Chunked Extension Quoted-String Parsing

In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the "funky chunks" techniques outlined here: * https://w4ke.info/2025/06/18/funk…

Remote | Injection
Apr 14, 2026 Apr 14, 2026
Apr 14, 2026
Apr 14, 2026
0.0 NA
CVE-2026-24069 — Improper Enforcement of Disabled Accounts in WebUI SSO in Kiuwan SAST

Kiuwan SAST improperly authorizes SSO logins for locally disabled mapped user accounts, allowing disabled users to continue accessing the application. Kiuwan Cloud was affected, and Kiuwan SAST on-pr…

| Authentication
Apr 14, 2026 Apr 14, 2026
Apr 14, 2026
Apr 14, 2026
5.3 MEDIUM
CVE-2025-13822 — Authentication bypass in MCPHub

MCPHub in versions below 0.11.0 is vulnerable to authentication bypass. Some endpoints are not protected by authentication middleware, allowing an unauthenticated attacker to perform actions in the n…

| Authentication
Apr 14, 2026 Apr 14, 2026
Apr 14, 2026
Apr 14, 2026
4.3 MEDIUM
CVE-2026-4109 — Eventin – Events Calendar, Event Booking, Ticket & Registration (AI Powered) <= 4.1.8 Mis…

The Eventin – Events Calendar, Event Booking, Ticket & Registration (AI Powered) plugin for WordPress is vulnerable to unauthorized access of data due to a improper capability check on the get_item_p…

eventin | Remote | Authorization
Apr 14, 2026 Apr 14, 2026
Apr 14, 2026
Apr 14, 2026
0.0 NA
CVE-2026-33929 — Apache PDFBox Examples: Path Traversal in PDFBox ExtractEmbeddedFiles Example Code

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache PDFBox Examples. This issue affects the ExtractEmbeddedFiles example in Apache PDFBox: from 2.…

| Path Traversal
Apr 14, 2026 Apr 14, 2026
Apr 14, 2026
Apr 14, 2026
7.1 HIGH
CVE-2026-33892 — Industrial Edge Management Pro/Virtual Unauthenticated Remote Authentication Bypass

A vulnerability has been identified in Industrial Edge Management Pro V1 (All versions >= V1.7.6 < V1.15.17), Industrial Edge Management Pro V2 (All versions >= V2.0.0 < V2.1.1), Industrial Edge Mana…

Remote | Authentication
Apr 14, 2026 Apr 14, 2026
Apr 14, 2026
Apr 14, 2026
0.0 NA
CVE-2026-31924 — Apache APISIX: Plugin tencent-cloud-cls log export uses plaintext HTTP

Cleartext Transmission of Sensitive Information vulnerability in Apache APISIX. tencent-cloud-cls log export uses plaintext HTTP This issue affects Apache APISIX: from 2.99.0 through 3.15.0. Users …

apisix | Cryptography
Apr 14, 2026 Apr 14, 2026
Apr 14, 2026
Apr 14, 2026
0.0 NA
CVE-2026-31923 — Apache APISIX: Openid-connect `tls_verify` field is disabled by default

Cleartext Transmission of Sensitive Information vulnerability in Apache APISIX. This can occur due to `ssl_verify` in openid-connect plugin configuration being set to false by default. This issue af…

apisix | Misconfiguration
Apr 14, 2026 Apr 14, 2026
Apr 14, 2026
Apr 14, 2026
0.0 NA
CVE-2026-31908 — Apache APISIX: forward auth plugin allows header injection

Header injection vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to inject malicious headers. This issue affects Apache APISIX: from 2…

apisix | Injection
Apr 14, 2026 Apr 14, 2026
Apr 14, 2026
Apr 14, 2026
8.8 HIGH
CVE-2026-27668 — RUGGEDCOM CROSSBOW SAM-P Privilege Escalation Vulnerability

A vulnerability has been identified in RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) (All versions < V5.8). User Administrators are allowed to administer groups they belong to. This could …

Remote | Authorization
Apr 14, 2026 Apr 14, 2026
Apr 14, 2026
Apr 14, 2026
8.8 HIGH
CVE-2026-25654 — SINEC NMS Authentication Bypass Vulnerability

A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3). Affected products do not properly validate user authorization when processing password reset requests. This could allow an …

sinec_nms | Remote | Authorization
Apr 14, 2026 Apr 14, 2026
Apr 14, 2026
Apr 14, 2026
7.3 HIGH
CVE-2026-24032 — SINEC NMS Authentication Bypass Vulnerability

A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3 with UMC). The affected application contains an authentication weakness due to insufficient validation of user identity in th…

sinec_nms | Remote | Authentication
Apr 14, 2026 Apr 14, 2026
Apr 14, 2026
Apr 14, 2026
6.3 MEDIUM
CVE-2025-40745 — Siemens Certificates Validation Weakness

A vulnerability has been identified in Siemens Software Center (All versions < V3.5.8.2), Simcenter 3D (All versions < V2506.6000), Simcenter Femap (All versions < V2506.0002), Simcenter STAR-CCM+ (A…

software_center simcenter_femap tecnomatix_plant_simulation star-ccm\+ solid_edge_se2025 | Remote | Authentication
Apr 14, 2026 Apr 14, 2026
Apr 14, 2026
Apr 14, 2026
6.5 MEDIUM
CVE-2026-2582 — Germanized for WooCommerce <= 3.20.5 - Unauthenticated Arbitrary Shortcode Execution

The The Germanized for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution via 'account_holder' parameter in all versions up to, and including, 3.20.5. This is due to the …

Remote | Injection
Apr 14, 2026 Apr 14, 2026
Apr 14, 2026
Apr 14, 2026
7.2 HIGH
CVE-2026-3017 — Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts <= 3.0.12 - …

The Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.12 via deserializ…

Remote | Injection
Apr 14, 2026 Apr 14, 2026
Apr 14, 2026
Apr 14, 2026
4.4 MEDIUM
CVE-2026-4479 — WholeSale Products Dynamic Pricing Management WooCommerce <= 1.2 - Authenticated (Adminis…

The WholeSale Products Dynamic Pricing Management WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2 due to ins…

Remote | Cross-Site Scripting
Apr 14, 2026 Apr 14, 2026
Apr 14, 2026
Apr 14, 2026
Showing 20 of 6307 Results