Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
0.0 NA
CVE-2026-44679 — Tuist: Forgot password flow lacks throttling for reset email delivery

Tuist is a virtual platform team for Swift app devs. Prior to 1.180.10, the forgot password flow allows an unauthenticated attacker to repeatedly trigger password reset emails for a known account wit…

| Denial of Service
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
0.0 NA
CVE-2026-44673 — libyang: lyb_read_string() integer overflow → heap buffer overflow

libyang is a YANG data modeling language library. Prior to SO 5.2.15, lyb_read_string() in src/parser_lyb.c contains an integer overflow that results in a heap buffer overflow when parsing a maliciou…

| Memory Corruption
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
0.0 NA
CVE-2026-44666 — HRConvert2: Missing Sanitization enables Unauthenticated Remote Command Execution

HRConvert2 is a self-hosted, drag-and-drop & nosql file conversion server & share tool. Prior to 3.3.8, the sanitizeString() function in convertCore.php is missing backtick (`) and tab (\t) from its …

| Injection
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
0.0 NA
CVE-2026-44662 — rust-openssl: Heap buffer overflow when encrypting with AES key-wrap-with-padding

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.0 to before 0.10.79, CipherCtxRef::cipher_update, CipherCtxRef::cipher_update_vec, and symm::Crypter::update incorr…

| Memory Corruption
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
0.0 NA
CVE-2026-42327 — rust-openssl: undefined behavior in X509Ref::ocsp_responders for certificates with non-UT…

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.7 to before 0.10.79, X509Ref::ocsp_responders returns OCSP responder URLs from a certificate's AIA extension as Open…

| Memory Corruption
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
9.3 CRITICAL
CVE-2026-8634 — Crabbox < v0.12.0 Environment Variable Information Disclosure

Crabbox prior to v0.12.0 contains an environment variable exposure vulnerability that allows attackers with access to a malicious or compromised repository to forward local secrets such as API tokens…

Remote | Information Disclosure
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
8.6 HIGH
CVE-2026-8629 — Crabbox < v0.12.0 Privilege Escalation via Agent Ticket Endpoints

Crabbox prior to v0.12.0 contains a privilege escalation vulnerability that allows users with shared visibility-only access to obtain Code, WebVNC, and Egress agent tickets by sending POST requests t…

Remote | Authorization
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
7.2 HIGH
CVE-2026-8597 — Missing integrity verification in Triton inference handler in Amazon SageMaker Python SDK

Missing integrity verification in the Triton inference handler in Amazon SageMaker Python SDK v2 before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to achieve code executio…

Remote | Supply Chain
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
8.5 HIGH
CVE-2026-8596 — Cleartext storage of HMAC signing key in Amazon SageMaker Python SDK ModelBuilder/Serve p…

Cleartext storage of sensitive information in the ModelBuilder/Serve component in Amazon SageMaker Python SDK before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to extract …

Remote | Cryptography
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
0.0 NA
CVE-2026-8587 — Google Chrome Extensions Use After Free Vulnerability

Use after free in Extensions in Google Chrome on Mac prior to 148.0.7778.168 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome E…

| Memory Corruption
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
0.0 NA
CVE-2026-8586 — Google Chrome Chromoting File Path Traversal Vulnerability

Inappropriate implementation in Chromoting in Google Chrome prior to 148.0.7778.168 allowed a local attacker to bypass discretionary access control via a malicious file. (Chromium security severity: …

| Authorization
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
0.0 NA
CVE-2026-8585 — Google Chrome iOS Media Out-of-Bounds Memory Read Vulnerability

Inappropriate implementation in Media in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a …

| Memory Corruption
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
0.0 NA
CVE-2026-8584 — Google Chrome iOS UI Spoofing Vulnerability

Inappropriate implementation in Views in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page…

| Misconfiguration
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
0.0 NA
CVE-2026-8583 — Google Chrome WebXR Information Disclosure

Insufficient policy enforcement in WebXR in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive informa…

| Information Disclosure
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
0.0 NA
CVE-2026-8582 — Google Chrome Dawn Information Leak

Object lifecycle issue in Dawn in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium se…

| Information Disclosure
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
0.0 NA
CVE-2026-8581 — Google Chrome GPU Use-After-Free Vulnerability

Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

| Memory Corruption
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
0.0 NA
CVE-2026-8580 — Google Chrome Mojo Use-After-Free Vulnerability

Use after free in Mojo in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

| Memory Corruption
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
0.0 NA
CVE-2026-8579 — Google Chrome Skia Out-of-Bounds Memory Write

Insufficient validation of untrusted input in Skia in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write…

| Memory Corruption
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
0.0 NA
CVE-2026-8578 — Google Chrome Linux GPU Out-of-Bounds Read Vulnerability

Out of bounds read in GPU in Google Chrome on Linux prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chro…

| Information Disclosure
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
0.0 NA
CVE-2026-8577 — Google Chrome Fonts Integer Overflow Vulnerability

Integer overflow in Fonts in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

| Memory Corruption
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
Showing 20 of 6367 Results