Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
7.5 HIGH
CVE-2026-43988 — Vanetza: Remote Denial of Service via Uncaught Exception in ASN.1/OER Parsing

Vanetza is an open-source implementation of the ETSI C-ITS protocol suite. In 26.02 and earlier, a denial-of-service vulnerability was identified in the ASN.1/OER parsing pipeline of Vanetza. When pr…

Remote | Denial of Service
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
5.3 MEDIUM
CVE-2026-42015 — Gnutls: gnutls: memory corruption due to off-by-one error in pkcs#12 bag handling

A flaw was found in gnutls. An off-by-one error exists in the PKCS#12 bag element bounds check. This vulnerability allows an remote attacker to write past the internal array of a PKCS#12 bag when app…

Remote | Memory Corruption
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
8.2 HIGH
CVE-2026-42013 — Gnutls: gnutls: certificate validation bypass due to oversized subject alternative name

A flaw was found in gnutls. When validating certificates, an oversized Subject Alternative Name (SAN) could cause the validation process to incorrectly fall back to checking the Common Name (CN) fiel…

Remote | Information Disclosure
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
7.1 HIGH
CVE-2026-42012 — Gnutls: gnutls: certificate validation bypass due to improper handling of uri and srv sans

A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier (URI) or Service (SRV) Subject A…

Remote | Misconfiguration
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
0.0 NA
CVE-2025-46307 — "Apple macOS Tahoe Data Access Vulnerability"

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data.

| Authorization
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
0.0 NA
CVE-2025-46284 — Apple macOS Root Privilege Escalation

A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.7, macOS Tahoe 26. An app may be able to gain root privileges.

| Race Condition
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
0.0 NA
CVE-2025-46280 — Apple macOS Tahoe Memory Corruption

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Tahoe 26. An app may be able to cause unexpected system termination.

| Memory Corruption
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
0.0 NA
CVE-2025-43451 — Apple macOS Tahoe Local File Inclusion

A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data.

| Authorization
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
0.0 NA
CVE-2025-43306 — Apple macOS Root Privilege Escalation Vulnerability

A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. A malicious app may be able to gain root privileges.

| Authorization
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
0.0 NA
CVE-2025-43290 — Apple macOS File System Permissions Vulnerability

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to modify protected parts of the file …

| Authorization
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
0.0 NA
CVE-2025-43289 — Apple macOS Malicious App Data Access Vulnerability

A logic issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. A malicious app may be able to access sensitive user data.

| Authorization
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
9.8 CRITICAL
CVE-2026-9642 — Delta Electronics DIAView Patch Bypass

There is a mitigation bypass / (incomplete fix) for CVE-2025-62582 (Unauthenticated Remote Database Access) An unauthenticated remote attacker can access configured databases in a DIAView project.

Remote | Authentication
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
4.3 MEDIUM
CVE-2026-9583 — SourceCodester CET Automated Grading System with AI Predictive Analytics SQL index.php in…

A weakness has been identified in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This impacts an unknown function of the file /index.php of the component SQL Handler. E…

Remote | Injection
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
5.0 MEDIUM
CVE-2026-9582 — SourceCodester CET Automated Grading System with AI Predictive Analytics cross-site reque…

A security flaw has been discovered in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This affects an unknown function. Performing a manipulation results in cross-site …

Remote | Cross-Site Request Forgery
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
6.5 MEDIUM
CVE-2026-9581 — JeecgBoot add access control

A vulnerability was identified in JeecgBoot up to 3.9.1. The impacted element is an unknown function of the file /sys/comment/add. Such manipulation leads to improper access controls. The attack can …

Remote | Authorization
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
7.5 HIGH
CVE-2026-9580 — JeecgBoot selectDepart LoginController.selectDepart access control

A vulnerability was determined in JeecgBoot up to 3.9.1. The affected element is the function LoginController.selectDepart of the file /sys/selectDepart. This manipulation causes improper access cont…

Remote | Authorization
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
6.5 MEDIUM
CVE-2026-9579 — JeecgBoot SysUser userEdit user.getUsername access control

A vulnerability was found in JeecgBoot up to 3.9.1. Impacted is the function user.getUsername of the file /sys/user/login/setting/userEdit of the component SysUser. The manipulation of the argument u…

Remote | Authorization
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
8.8 HIGH
CVE-2026-8676 — "Bluetooth LE Bond Spoofing Vulnerability in Vendor's Product"

An attacker is able to downgrade the security of a Bluetooth LE connection by deleting an existing bond, spoofing the bonded device and creating a new bond.

| Authentication
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
5.9 MEDIUM
CVE-2026-48593 — Unbounded range expansion in cron describe causes memory exhaustion in oban_web

Uncontrolled Resource Consumption vulnerability in oban-bg oban_web ('Elixir.Oban.Web.CronExpr' modules) allows memory exhaustion via unbounded cron range expansion. An attacker with access to sched…

Remote | Denial of Service
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
5.3 MEDIUM
CVE-2026-48592 — Missing authorization check on save-job event handler in oban_web

Missing Authorization vulnerability in oban-bg oban_web ('Elixir.Oban.Web.Jobs.DetailComponent' modules) allows unauthorized job worker substitution. The handle_event("save-job", ...) handler in 'El…

Remote | Authorization
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
Showing 20 of 6062 Results